Tech Check-In December 5, 2024 - NCSR - (National Cybersecurity Review)

Information from MS-ISAC

Anthony Essmaker Regional Engagement Manager
This email address is being protected from spambots. You need JavaScript enabled to view it.
Office: 518-516-6112
Mobile: 810-488-9379

• https://www.cisecurity.org/insights/white-papers/k-12-report-cis-ms-isac-cybersecurity-assessment-of-the-2022-2023-school-year
• https://www.cisa.gov/cyber-hygiene-services
• https://www.cisecurity.org/ms-isac/services/ncsr

. Security Operations Center (SOC) and Cyber Incident Response Team (CIRT):

• In case you ever need to report an incident or request assistance from either our SOC or CIRT, feel free to reach out to them 24x7x365 at:
  • Phone: 1-866-787-4722
  • Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

2. IP & Domain Monitoring

• To add your IPs and update your domains and subdomains, please send them to This email address is being protected from spambots. You need JavaScript enabled to view it. and let them know you would like to add them to the list for your IP and Domain Monitoring service

• Looks for signs of account compromise and malicious activity by monitoring sink holed websites and publicly dumped credentials

3. Nationwide Cybersecurity Review (NCSR) and Foundational Assessment:

• NCSR
  • Larger self-assessment with more detailed results. Open from October-February

• Register for participation at https://www.cisecurity.org/ms-isac/services/ncsr and take a look at available resources!
• For any questions, reach out to This email address is being protected from spambots. You need JavaScript enabled to view it.:
• Foundational Assessment
  • This 32 question assessment addresses foundational cybersecurity questions to get you started with evaluating your organization’s current cyber posture.
  • To sign-up, email This email address is being protected from spambots. You need JavaScript enabled to view it. with your organization details.

4. Indicator Sharing/Real-Time Indicator Feeds

• Automated feed that can be ingested into your firewall ruleset

• Here’s a link with more information about the service and steps for getting started:https://www.cisecurity.org/ms-isac/services/real-time-indicator-feeds/
• Contact This email address is being protected from spambots. You need JavaScript enabled to view it. for technical assistance if needed

5. Malicious Domain Blocking and Reporting Service (MDBR):

• Additional information about MDBR: https://www.cisecurity.org/ms-isac/services/mdbr/mdbr-faq

6. Workbench and Free SecureSuite

• Houses our configuration guidelines, CIS Controls, Benchmarks and a variety of tools.
• Contact Jody Tarshis, This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

7. Malware Next Generation (CISA Service)

• MNG provides automated malware analysis support using static and dynamic analysis tools in a secure environment
• To sign up/create an account please visit: https://www.cisa.gov/resources-tools/services/malware-next-generation-analysis

8. CISA’s Cyber Hygiene (“CYHY”) Program

• CISA (DHS’s Cybersecurity and Infrastructure Security Agency) offers several free scanning and testing services, including vulnerability scans, phishing campaigns and remote penetration tests, to help organizations reduce their exposure to threats. 
• To sign up for their CYHY Program, or request your initial assessment, please reach out to them at: This email address is being protected from spambots. You need JavaScript enabled to view it.

9. Cybersecurity Advisory Services Program (CASP)

• Community Advisory: A cyber advisor provides a community of members with an overview of a cyber topic and facilitates a peer-to-peer discussion.
• Member Advisory: A cyber advisor answers a member’s questions to help the member make decisions or take actions to enhance their cyber posture.
• To sign up, please contact This email address is being protected from spambots. You need JavaScript enabled to view it.

10. Additional Low-Cost services from MS-ISAC

• Crowdstrike ESS
• MDBR Plus
• Albert Intrusion Detection System
• To learn more about pricing and these services, please contact our services team at This email address is being protected from spambots. You need JavaScript enabled to view it.

11. Resources and Training

• FedVTE – Free cybersecurity training courses - https://fedvte.usalearning.gov/

12. CIS Critical Security Controls

• Prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks.
• Download the Controls Cloud Companion Guide here: https://www.cisecurity.org/insights/white-papers/cis-controls-v8-cloud-companion-guide
• Controls Navigator Tool - https://www.cisecurity.org/controls/cis-controls-navigator
• Visit: https://www.cisecurity.org/controls/v8-1  to learn more

Welcome everybody to the December 5th edition of Technology Che-In. Thanks, everyone, for showing up today. Today, we have a guest, Anthony from MSISAC is going talk about the, and I'll get my acronyms wrong here, NCSR, I think what we're about. You got it. all benefits that. So instead me turning around guessing things on it, I'm just turn it over you, Anthony. Yeah, thanks. appreciate joining. know, not super technical today or go too far in weeds. They actually gave similar presentation this recently. What want NTSR, makes unique, value behind is, we'll definitely do also am big proponent fact that you don't use our stuff, stuff MSI sec understand different requirements insurance sorts on. are then assessments overall. why doing them purpose look when you're them, types out there. know doesn't sound like most exciting topic. no one's favorite thing world. If familiar with MS ISAC, offer lot cost resources as well assessments. Feel free reach me. will share my… screen, contact information fun here but It looks nice group please interrupt Come off mute. Sometimes it's hard see hands raised reactions chat log sharing, come mute thought question correction if opinion. Let's make more conversation than talking at always consider assessments, especially kind foundation, right? And Scott, these slides so can afterwards there's anything they at. foundation NCRs. The assessment audit do, be NFTSR, that's primarily. plan your framework controls compliance face. provide well. here. didn't an opportunity look, everybody's member. us, quick elevator pitch. We exist help improve cybersecurity. work K-12 education higher across country. membership bunch no-cost resources. We're under Center Internet Security, which nonprofit. That's who runs MSISAC. federal government. closely DHS, Department Homeland very separate entity. Again, by saving time. budget general, learn environment. NCSR hopes accomplish. stands nationwide cybersecurity review. throw acronym around, Google want. should right website. through SAC. national review do. We'll into details much, many varies greatly. pull specific number. Because options companies some stuff. $0, price usually like. 40,000 plus, like, Really, looking assessment, would say start $0 thing. expensive after you've done zero dollar one those NCSR. open October February. Like said, quite bit Another have, though, much shorter closes. It's called foundational assessment. 30 questions. really easy To snapshot. full picture organization, good CISA, partners government, CSAT, another you. take advantage free. But aware, clients audits, whether HIPAA, FERPA, requirements, maybe state too. insurance, cyber audits often required strongly encouraged isn't mind, type way learning organization penetration test. organizations little best bit. Why this? All we've Everything printer networking data protection time assessment? Well, first year this. A people say, because insurance. requirement sort they'll well, certain grants. true. important. Grant money For legal compliance. trouble law fined. Or boss heard was idea need generate report. move thinking Over to, advantage, justify budgets, new staff members need. build forward. grant monies, intentional funds. pulled directions needs. where communicate whole needs facing every day. communicating becoming storyteller sharing organization. often, unfortunately, takes visual, source coming saying, no. Scott's saying correct. yes, listen Scott ahead These differently they're environment being detective started finished? Where beginning journey cyber? been staffing changes turnover, projects were middle of? gone? what's place, place? Is there shadow IT even about? growth legacy systems hosting databases student names them. Are plugged in? working? updated? environment, detective, changes. mad skills conduct biased, reasons not. cost, all, talked already, huge varying costs. associated costs sometimes. available Not extra days, understand. any business Did already did teach you? it? gaps still forward maturity at? Do buy there? Maybe, highest country trying test systems. pen spend $20,000, $30,000 bad start. Maybe something anything's bad, spending bad. aware is. Be Use direct day, reports tools give How future? count caught surprise day starts happen. Oftentimes, mentioned earlier, requirement. Got check box. try Set aside busy days. focus how benefit right. There presentations hour long depth today, important self-assessment. team stop whenever sitting. dollars. two three hours Next year, again. auto populate. questions answered populate next meaning it'll less heavy lift time, couple that, gets simpler. Cool overly technical. I've had executive themselves. wouldn't recommend tech involved, Especially panic worry ask depth, This pretty basic onshore format. typing filling auto-populates cool push unique opinion tell ever audit, might hey, A, B, C. Okay, that? accomplish Thanks information, guess. CSR go. link resources, source, free, low discovers throughout. map CIS controls. talk, probably controls, other duplicate efforts. nationwide. 18,000 does allows us anonymously compare against sector. says you're, let's K-12, show K-12s doing. same categories are. produce metrics leadership team. Now comes communicator, You're able sit down CFO, whoever be, here's actual evidence asked items last year. Here, asking Every school district competitive. competitive public sector general. lacking excelling. telling story awesome completely anonymous. Your anonymous data. aggregated automate based NIST framework. frameworks reputable tie simple. complete. Questions great unique? unlocks funding Even handling funds, states encourage require complete unlock SLCGP Security Program expert, ones least those. Now, write ticket fine this, encouraged. receive Definitely bonus there, only getting reporting download from. with. setting yourself potentially sales pitch slide goes everything. again, click download. end knowing yourself. wondering cyber. Spend hours, intentional, include Include administrators want, some, sign now. send out. Just up. QR code hope works away. not, email spot. example, website link, example things, get. policy template guides. own. guides policies templates supply chain risk before service offering part CAASPP program. assistance alongside feel scared knowledge expertise worried virtually. They're office, virtually walk really, reason nervous Great fresh. help. fancy administrator. points reading read much. past participants, taken tips tricks provided us. Don't rush honest score. honestly, devote alone tips, There's office alone. answers their CFOs. Bring conversation. Show answer. doubt, rank lower translation communication. pass along own What's point assessments? NCSR? enough communicators storytellers challenges. tool. support making ask. helps necessarily at, going. Yet, learning, figuring go, lot's done, rapidly evolving environments education. New implemented mention program more. service. Look implement configure image. Whatever smartest world, world meet one-on-one group. community advisory member advisories one-on-one. everything explain consulting. run hire consultant bring outsider advice Try first. fantastic. more, Know touch people. have. great, see, judgment, facts, folks tests, here? shows foundation. find plan. opinion, CIS, renowned. legislation reasonable written language. guide gives each goals you'd too, answer NIST, CGIS, et cetera, whatever use, taking control. independently verified, proven effective built professionals peers operational expertise. aren't somebody sitting room thinking, do? job came together decided essential hygiene slides. thing, about, firm helpful collude all. lot, 18 Controls, familiar, guidelines. safe. 153 safeguards. to-do items, marks off. implementation groups. group, one, hygiene. 53 565 safeguards tasks lift. can't everything, unless Citibank Apple Microsoft large lots scalable approach inventory control assets. asset inventory. easier said example. are, 56. guide. read. lists matters. sell part. blue hyperlinks. Those just, using now figure accomplishing suggested. won't Secure Suite relate begin track members. CSAT Pro. program, software implementation. software. Go benchmarks, side note. topic, real quick. working building images, computers educators computers. endpoints deploying. benchmarks secure configurations settings CISCAT Pro, assess automated fashion compliant endpoint computer benchmarks. shelf, 30%. kits, automations, scripts that'll apply configurations. Since screen wanted One navigator. It'll pop anything. requirements. oh applies HIPAA FERPA requirement, match safeguard one. so, scissors mapping relate. duplicating efforts, something. stick export else while weeds important, score, play programs, including downloadable PowerPoint save results. Finally, piece puzzle, You've learned areas on, plan, picked chip away practice haven't tabletop exercise include. everyone. fall fix HR department, resource officer local fire exercise. Ask Make sure involved hey. pretending happened. ransomware, Everybody scenarios outside things. ransomware busing system students anymore lost routes home? administrative team, Stuff practices involves tech. fun. allows, food People love challenge yourselves importantly, in. third party moderate person partner, physically host They'll travel everywhere country, virtually, advice, templates, again top potential issues. That'll create forget reflect accomplished, exercises chance bond connect page awareness training. engaging I'd happy Hey, Anthony, uh in, experience questioner incident. putting spot login anesthesis R now, put webpage video depth. sample Let framework, no, unsure. documented? specific, actually, deliver took NCISR a, intermediate unit, level biggest concern, having Isaac Walker Right right, asking, exactly say. follow else, guess? point, Scott. brings back experts question. talking. physical devices within statement. pick options. definitions optimize, perfect. process, partially documented. documented, informally performed face basically scale. scale references, scroll guy swear Oh, nope, walks nest, seven optimized, fill answers. perfect Asset inventory, asking. Have documented anybody has results mean. turned process sending 16 emails keep of. mine. Reach connected sent. yeah, anything, simply started. Perfect, I've, remember correctly, biannual Congress seeing SLTTs? report years. two, United States. Congress. Obviously, incentive, government's incentive sponsoring tying nation sectors out, with, data, name, Scott's, general self-reported self-assessment Congress, lawmakers legislators challenges Which thank calling Okay. i window closes summary would, compared? region or? few reports. Yes, February aggregate anonymize doing, example? comparing K-12? That cool. everybody. Immediately upon completion did, comparison component released oh, head finalized individual worked before, customize state, county, association. compared together? NFTSR specifically. Probably anonymously, participants buy-in definitely, Washington Washington? cool, customizable, comparisons. assume, break down. assume they… default, bit, rural Michigan city Chicago, situations, breakdown could custom comparisons reaching Yeah. been, anyone they'd While Quiet report's sent update recent, old. seven. documents. complicated result seven, awesome. improvement. writing report, website, local, tribal, territorial. SLTT. broad note going, improvement lack years, depending. greatly commitment, wealth standpoint, know. choose administration your, however beneficial can, sooner later length increase coverage reduce rates, imagine once, No, once. mean, approval weeks ago yet, interrupted sure. drop to. busy. Previously, budgeted scheduled annually, attended webinar week recommended changing quarterly. biannually, mean twice thoughts hearing perspective? Landon, sounds Pentest, $10,000, $20,000 depending vendor. wrong. personally testing, offers catch backlog. recovery services, cheaper private position ready nature frequently ours twice. remediate second Ours cheaper. option pushing own, yeah base pricing number IP addresses? believe so. fixed rate. salesperson, department numbers 12,000. thousand heard. me, Landon. misspeak anybody's solution CISA's solution. CISA backlogged. popular, backlogged nearly theirs. My gut, personal excessive. Quarterly excessive, expert testing. seems excessive gut high quarterly, sense vulnerability scanning request monthly quarterly up, testing parts versus good… scott i'm services may using. test, external IPs. Any constant visual backlog easy. in-depth means, scan Anthony? email. archive site included Thank final Might anytime. You'll cell phone email, Thanks. Hope Yep, Bye. signed services. On E-rate, of… collecting reparation you'll standpoint. guess let Sarah, Hmm. More same, guess, said. approved November, um man, prepared worries, worries Kevin, Anything Fort Dodge? really. just… to… refresh old equipment. board struggling From Dactronics seem else? Nope. Nothing crazy. are… exploring UPS refreshes route, lithium ion batteries call vendor RFP due Christmas 2,200 elementary Chromebooks lease schedule. bids place. quoted requested HP models. switched Fortis line Before title Mortis. requesting Acer brand lines bidding update, Tricia, Kind devices. list construction soon And… solvents solving world's problems. solved, credit solve problems Mostly TV signal. messages update. Mr. Foley, moving along. Sounds good. week's, formal agenda set week. quiet, following week, Troy McDermott Fortinet SOC category E-rate eligible. schools funds monitoring logs 24 firewall pieces customer anyway, Other Anyone group? thanks joining Same