利用人工智能提升安全运营的策略：应对2025年预期的最大网络威胁

Contents The Ongoing Evolution of the CIS Critical Security Controls®A look at how our security best practices have changedand adapted to meet the prevailing cyber threat landscapefrom their inception to their current iteration FeaturedArticles Enhancing Security Operations: The Role of RetrievalAugmented Generation (RAG) and ChatbotsHow security operations centers and their analysts can utilizegenerative AI to transform and improve their operations The Biggest Cybersecurity Threats of 2025and How to Prepare for ThemHighlighting some of this year's largest potential cyber threats andactions that your organization can take to effectively defend against them10 CIS Benchmarks®: From Zero to Implemented in 100 DaysHow the secure configuration guidelines of the CISBenchmarks can be adopted and used to improve yourorganization's cybersecurity defense in only a few months12 Quarterly Update with John Gilligan1News Bits & Bytes2ISAC Update15Event Calendar19 QuarterlyRegulars Cybersecurity Quarterly ispublished and distributed inMarch, June, September, andDecember. Founded MMXVII. Spring 2025Volume 9Issue 1 Published by Center for InternetSecurity, 31 Tech Valley Drive,East Greenbush, New York 12061 Editor-in-ChiefMichael Mineconzo Staff ContributorsAnthony EssmakerJames GlobePatrick JohnstonCarlos KizzeeNatalie SchlabigCharity Otwell For questions or informationconcerning this publication,contact CIS atlearn@cisecurity.orgor call 518.266.3460 Supervising EditorLaura MacGregor Copy EditorsJay BillingtonDavid Bisson © 2025 Center for InternetSecurity. All rights reserved. SEC366 CIS ImplementationGroup 1 Develop Cybersecurity Capacity Small and medium-sized organizations face the same modern cybersecuritythreats as larger enterprises, but often lack the resources and expertise todefend against them effectively. SEC366 bridges that gap by equippingnon-security professionals with the foundational skills needed to implementessential security controls, empowering organizations to safeguard theircritical assets and stay resilient in the face of evolving cyber risks. Why CIS IG1 is Essential Hands-On CIS IG1 Training Deliver Immediate Impact Ad PlacementCIS Implementation Group 1(IG1) provides a foundationalset of 56 cyber defensesafeguards—a baseline standardof security for organizationsof all sizes. These safeguardsare particularly valuable forsmaller organizations andcan be implemented by non-security personnel using readilyavailable commercial off-the-shelf hardware and software.IG1 focuses on establishingessential protections to defendagainst the most commoncyber threats, ensuring a strongfoundation for any organization’scybersecurity efforts. Hands-on labs engage participantswith simulated real-world scenariosthat enhance one’s understandingof how to apply CIS IG1 safeguardsin a practical, cost-effective way. Upon completion, participantswill be able to: •Efficiently reduce cyber riskswith actionable safeguards•Align cybersecuritymeasures with business andcompliance requirements•Report cybersecurity effortsto leadership in clear,business-focused terms These labs cover: •CIS Navigator and policylibrary review•CIS Self-Assessment Tool (CSAT)•Device and software inventorywith PowerShell•Secure configuration with CIS-CAT•Scanning for sensitive data•Building tabletop exercises•CIS Risk Assessment Method(CIS-RAM) Register Today! Start building a solid cybersecurity foundation with SEC366. Gain the skills required to protect yourorganization’s most sensitive data and defend against the most common cyber threats. www.sans.org/sec366 QuarterlyUpdatewith John Gilligan “The MS-ISAC and EI-ISAC have operated on thefundamental principal of community and they'vefacilitated many community-based efforts" The world continues to see ever-increasing cyber attacks,including those launched by nation states such as Russia,China, Iran, and North Korea. Many of these attackstarget key elements of the U.S. critical infrastructureincluding water treatment facilities, K-12 schools, localgovernments, and law enforcement organizations. K-12 Cybersecurity ReportandStrengthening CriticalInfrastructure: SLTT Progress and Priorities. Together,these reports provide a detailed assessment of thegrowing threats to U.S. State, Local, Tribal, and Territorial(SLTT) government organizations, including the fact that84% of K-12 organizations have experienced cyber threatimpacts in the past 18 months. The reports also highlightprogress that has been made in improving cyber resil-ience as well as future challenges. The actions taken by the new U.S. PresidentialAdministration over its first two months in office haveraised questions about the commitment of the U.S.Executive Branch to strengthening our nation’s resilienceagainst these attacks. The Administration's decision toterminate federal funding for the Multi-State InformationSharing and Analysis Center® (MS-ISAC®), which worksto help the “cyber-underserved” (smaller organ