Quick News Bit

CISA publishes guide with free cybersecurity tools, resources for incident response | ZDNet

0

CISA has published a guide containing free cybersecurity resources and services that may be valuable in incident response. 

The US Cybersecurity and Infrastructure Security Agency (CISA) is responsible for monitoring, managing, and reducing risk to the country’s critical infrastructure. The federal agency is also known for issuing alerts relating to high-profile data breaches and vulnerability disclosures. 

Last month, CISA warned organizations to shore up their defenses in light of the cyberattacks endured by Ukraine’s government, in which IT systems were disrupted and government-owned website domains were defaced by suspected Russian cybercriminals. 

As part of an ongoing initiative to improve the cybersecurity posture of US infrastructure providers, critical services, and state to local governments, CISA has compiled a guide containing advice, resources, and links to services that can help organizations reduce their risk exposure as well as deal with the aftermath of a security incident. 

While CISA is keen to emphasize that the federal agency doesn’t endorse the resources for specific use cases, the guide is separated into categories: foundational measures, how to reduce the likelihood of a “damaging” cyberattack; the steps to take to detect an intrusion, incident response, and resources for maximizing resilience to destructive attacks.

The list contains a mixture of open source tools and software, services offered by public and private cybersecurity organizations, as well as resources provided by CISA itself, for free. 

The federal agency first recommends that companies take basic steps to improve their security, including the implementation of patch cycles to fix known software vulnerabilities, implementing two-factor or multi-factor authentication (2FA/MFA), upgrading legacy and out-of-support software, and replacing default or old passwords. 

After tackling the above steps, CISA then recommends that organizations check out the additional categories. 

The resources include pointers to phishing assessment services, remote penetration tests, distributed denial-of-service (DDoS) protection, Project Shield, repositories for threat data, antivirus tools, forensics software, and backup services, among others.  

Skill levels for each service or tool are separated by way of basic or advanced knowledge requirements. 

CISA’s list will be continually updated and the agency intends to create a process for organizations to submit free tools and services for consideration in the future. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment