Continuous Vulnerability Management – Shodan

Security Domain

CIS Control 7 – Continuous Vulnerability Management
NIST CSF – Detect: Continuous Monitoring (DE.CM)
NIST 800-53 – Assessment, Authorization, and Monitoring

Service Description

Shodan is the world’s first search engine for Internet-connected devices.

Provides weekly attack surface security reports based on PSU public-facing assets in Shodan.io. Utilized by partner organizations that make up the NCDPI K-12 Cybersecurity Program.

Product

Shodan via Friday Institute Technology Infrastructure Lab

Key Benefits

Safeguards against ransomware and cyber attacks.
Provides a detailed view of what the “bad guys” can see about the PSU’s network externally

Cost to PSUs

No cost – funded by NCDPI K-12 Cybersecurity Program

PSU Time Commitment

Upfront/Setup: N/A.
Ongoing: Varies based on complexity of PSU

How to get this service

Submit a report request form for your PSU to subscribe

Key Resources

The Ethics and Legality of Port Scanning – SANS GIAC Certifications

Point of Contact

Name: Ray Zeisz, Friday Institute
Email: rlzeisz@ncsu.edu