var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Saturday, June 9, 2018

What Systems Keep You Effective?

I recently posted the below on the SANS Internet Storm Center.

Previously I discussed What’s On Your Not To Do List as a means to remain focused on priorities. I never fear running out of work in cybersecurity. Instead, I worry that our focus does not always stay on the most critical issues. Today I want to highlight several techniques I use to help remain effective.

Saying no
    Over and over again
    No can be a complete sentence
    Opportunity cost associated with time spent on other items

Calendar Margin
    Create space for unexpected tasks
    Make appointments for what matters most
    
Goal tracking system
    As an achiever, I enjoy checking items off my "to do” list
    Evernote as a repository to hold ideas for future research
    Keep from cluttering up my brain

    Found tremendous value in weekly reviews
    Focus on what I accomplished
    And what needs even more focus

Each of these tactics serves to help keep me focused on what matters most. What hacks do you use to stay effective throughout your busy day? Let us know in the comments section!

Russell Eubanks

Saturday, June 2, 2018

Is Your SOC Flying Blind?

I recently posted the below on the SANS Internet Storm Center.


Can you imagine being pleased to learn that the pilot of your next flight had anything less than full visibility into the operation of the next airplane you board? Why would you settle for anything less for your Security Operations Center (SOC)? How long can your you stand for your SOC team to not know there is a problem in your environment? 
When building a SOC several years ago, I recall making screens ready in the event of an unexpected, yet necessary VIP tour. The intent of these is to impress those dignitaries by displaying cool things that are happening on your network. After you have finished impressing your VIPs, what actionable information should be displayed in your SOC to help them respond to threats in your environment?
Consider spending time this week ensuring your SOC wall is populated with meaningful screens that add value to your SOC by asking these questions.
  • Which security controls are not sending data to your SOC?
  • Would your SOC know when your most critical systems stopped sending their logs?
  • What is the baseline of traffic volume in and out of your sensitive network zones?
  • What is the health status of your security agents?
Share what you find valuable on your SOC wall!

Russell Eubanks

Learn more at the upcoming SOC Summit!

Thursday, March 29, 2018

Version 7 of the CIS Controls Released

I recently posted the below on the SANS Internet Storm Center.


The CIS Controls serve as a “prioritized set of actions to protect your organization and data from known cyber attack vectors.”. Embraced by several organizations as outlined in the Case Studies section, significant improvements to their cyber security programs are listed and can serve as an inspiration to consider this approach to effective cyber defense.
Recently Version 7 of the CIS Controls were released. This work reflects the engagement of over many volunteers who helped shape this update. Several key changes made to the CIS Controls are listed below, including the following seven principles.

1. Improve the consistency and simplify the wording of each sub-control
2. Implement "one ask" per sub-control
3. Bring more focus on authentication, encryption, and application whitelisting
4. Account for improvements in security technology and emerging security problems
5. Better align with other frameworks (such as the NIST CSF)
6. Support the development of related products (e.g. measurements/metrics, implementation guides)
7. Identify types of CIS controls (basic, foundational, and organizational)

Have you implemented the CIS Controls? If so, please share some of your experiences in our comments section. If not, consider reviewing the references below to learn more about how they could help you.
Center for Internet Security
CIS Controls 
CIS Controls Version 7 – What’s Old, What’s New
Watch Launch Event Video
CIS Controls Version 7 Measures & Metrics
CIS Controls Version 7 Change Log

Russell Eubanks

Thursday, February 22, 2018

CIS Controls Version 7

I recently posted the below on the SANS Internet Storm Center.

The Center for Internet Security (CIS) has been working diligently to update the CIS Controls (formerly known as the Critical Security Controls). A compelling feature of the CIS Controls is their regular updates that reflect the current cyber threats that face organizations, both small and large. The CIS Controls are the product of a truly global collaboration effort. “The CIS Controls have always been the product of a global community of adopters, vendors, and supporters, and V7 will be no exception,” said Tony Sager, CIS Senior Vice President and Chief Evangelist for the CIS Controls.

CIS is providing an opportunity to participate in the CIS Controls Version 7 release event that takes place March 19 in Washington, D.C., with options to either attend in-person or remotely via live stream. If you have not yet applied the CIS Controls in your environment, the release event can serve as the catalyst you need to consider them as an integral part of your cyber roadmap!

Russell Eubanks
ISC Handler
SANS Instructor

@russelleubanks