Educause Security Discussion mailing list archives
Re: Top 3 "hot topics" for CYBERSECURITY
From: Cal Frye <cxf244 () CASE EDU>
Date: Thu, 9 Sep 2021 13:30:54 -0400
Forwarded at Mark's request:
---------- Forwarded message ---------- From: Mark Herron <mfh36 () case edu <mailto:mfh36 () case edu>>To: The EDUCAUSE Security Community Group Listserv <SECURITY () listserv educause edu <mailto:SECURITY () listserv educause edu>>Cc: Bcc: Date: Thu, 9 Sep 2021 10:01:34 -0400Subject: Re: [SECURITY] [External] Re: [SECURITY] Top 3 "hot topics" for CYBERSECURITYRansomware is an umbrella; an omnibus. And I think it's absolutely #1 right now as it can be an existential threat to the university (what if it shuts you down for a whole semester? There's no remote work either. What will your faculty do? Hourly employees? Students? Or if you need to pay millions?)You can nest multiple aspects under it now, that used to be considered individual concerns, like cyberinsurance, privileged access management, endpoint protection, advanced email protections, vulnerability management, compromise (C&C) detection, incident response, backup and restore, etc..You could even take the Kill Chain (starting with delivery) and/or the ATT&CK Framework and use each step/column of it as a subheading or guide, and just step through them:1 - ransomware 1a - vulnerability management 1a.1 - remote access (network ingress services) 1b - advanced email protections 1c - endpoint protection (not just AV) 1d - credential/access management 1d.1 - MFA 1d.2 - PAM 1e - log management, baselining/IoCs and alerting 1f - C&C detection (Suricata, Zeek/Netflow and/or network egress services) 1g - Incident response 1h - backup and restore 1g - cyberinsurance ...Those sort-of follow the Kill Chain: Delivery — Exploitation — Installation — Command & Control (C2) — Actions on Objectives path (then Detection, Alerting & Response, which come after the Kill Chain)You can add more specifics with the ATT&CK Framework to itemize controls or protections: Initial Access — Execution — Persistence — Privilege Escalation — Defense Evasion — Credential Access — Discovery — Lateral Movement — Collection — Exfiltration — ImpactWhich clearly lays out the omnibus aspect of it and why it's such a big deal - it pulls all those things together! Ugh. So there is my number 1 (12+), then,2 - Staffing (another existential threat to the InfoSec/IT teams) 3 - NIST 800-171 and CMMC (and see others' responses - all good so far!) -Mark P.S. Here's a nice guide to the Kill Chain and ATT&CK: https://medium.com/cycraft/cycraft-classroom-mitre-att-ck-vs-cyber-kill-chain-vs-diamond-model-1cc8fa49a20f -- Mark F. Herron, MA, CISSP Chief Information Security Officer Associate Vice President Crawford Hall, Suite 455 Case Western Reserve University v: 216-368-6959/~ Keep the bad actors out; verify the trusts; support the creation and sharing of knowledge and information as intended; and keep the university safe by protecting all our systems, data, and users. ~/
Cal Frye, Compliance Technologist calvin.frye () case edu, o.216-368-3769 m.216-299-9270; he/him/his [U]Tech Research Computing and CyberInfrastructure, Information Security Case Western Reserve University <https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Top 3 "hot topics" for CYBERSECURITY June Klein (Sep 08)
- Re: Top 3 "hot topics" for CYBERSECURITY Nathan Phillips (Sep 08)
- Re: Top 3 "hot topics" for CYBERSECURITY June Klein (Sep 08)
- Re: Top 3 "hot topics" for CYBERSECURITY Kimmitt, Jonathan (Sep 08)
- Re: [External] Re: [SECURITY] Top 3 "hot topics" for CYBERSECURITY Gregg, Christopher S. (Sep 09)
- Re: [External] Re: [SECURITY] Top 3 "hot topics" for CYBERSECURITY Foss, Henry L. 'Hank' (Sep 09)
- Re: Top 3 "hot topics" for CYBERSECURITY June Klein (Sep 08)
- Re: Top 3 "hot topics" for CYBERSECURITY Menne, Michael S (Sep 09)
- <Possible follow-ups>
- Re: Top 3 "hot topics" for CYBERSECURITY Cal Frye (Sep 09)
- Re: Top 3 "hot topics" for CYBERSECURITY Nathan Phillips (Sep 08)