Presentation is loading. Please wait.

Presentation is loading. Please wait.

Campus Cloud Security Shared Assessments

Published byRosalind Chandler Modified over 6 years ago

Similar presentations

Presentation on theme: "Campus Cloud Security Shared Assessments"— Presentation transcript:

1 Campus Cloud Security Shared Assessments
Jon Allen, Baylor University and Nick Lewis, Internet2 April 2016

2 Agenda Current State Existing Solutions Somewhere to Start Questions

3 Current state Campuses are rapidly adopting cloud services and deploying software systems Assessing the risk for cloud services and software systems as quickly as possible Developing vendor risk mgmt programs Developing enterprise risk mgmt programs Evolving information security programs as quickly as possible Too much to do to effectively do it all!

4 What problem are you trying to solve?
How to as easily and quickly as reasonably possible share work done at one campus with other campuses Freeing up time to dedicate back to critical information security functions Create a forum/space to share and find existing shared assessments Build on the existing higher education information security community sharing

5 Example Graduate Admissions wants to use Slate for applications
Add to risk assessment list to address ASAP Could various security lists to see if anyone has used or assessed it Could check external vendor, or NET+, to see if it has been assessed Work with dept on assessment and contract Potentially spend significant amount of time and slow down dept requestor

6 We’re not proposing…. Replacing your information security risk assessment programs Replace existing communities Approve the security of a cloud service or software Replace NET+ program

7 Existing Solutions? Existing vendor management programs
Existing commercial service providers like 3PAS, Skyhigh Registry, and others Community service providers like Shared Assessments, CSA CSTAR, and others NET+ program On this slide, go over why each won’t work

8 Potential Challenges Intent is not for “approval”, but to help a campus save some time in managing their third party vendors and service providers Could provide insight into security operations on a campus Providing access control to just higher ed Materials can’t be under NDA How to incorporate into your information security programs

9 What Assessment Questionnaire?
Existing security questionnaires CSA’s Consensus Assessments Initiative Questionnaire Google’s Vendor Security Assessment Questionnaire NIST v4, ISO27001, and many others Develop something new – NO!

10 Potential Solutions Does this need to be more than just some metadata and a pointer to a report? Trying for low maintenance, but high value (also free) Can this be done in existing community activities? list, Box folder, Internet2 forum, wiki, other?

11 Somewhere to start Start with an Internet2 Working Group
Start with mailing list - Figure out if Box folder, Internet2 Forum, or Mailing list would meet the need Do we want to have a conference call? Develop a usage document explaining how to use, metadata required, and disclaimer Announce!

12 Questions for you Do you want to help get this started?
Is this of interest of you and your teams? Would you actually use it? Would you be willing to share your assessments? Do you want to help get this started?

13 Questions for us? If you have any questions, please contact:
Jon Allen, CISSP, EnCE Assistant Vice President & CISO Nick Lewis, Internet2 NET+ Program Manager, Security and Identity

14 Campus Cloud Security Shared Assessments
Please remember to fill out your session evaluation! It’s all Nick’s fault if this sucks!

Download ppt "Campus Cloud Security Shared Assessments"

Similar presentations

So You Think The Cloud Isn’t Secure?. How is this secure?

So You Think The Cloud Isn’t Secure?. How is this secure?
Survey Results and Panel: How Big Data Is Being Implemented Addison Snell

Survey Results and Panel: How Big Data Is Being Implemented Addison Snell
CREATING AND MANAGING CHANGE REQUESTS IN SERVICE DESK CHANGE MANAGEMENT CHANGE MANAGEMENT.

CREATING AND MANAGING CHANGE REQUESTS IN SERVICE DESK CHANGE MANAGEMENT CHANGE MANAGEMENT.
Project Life Cycle Introduction and Overview © Ed Green Penn State University All Rights Reserved.

Project Life Cycle Introduction and Overview © Ed Green Penn State University All Rights Reserved.
Enterprise Architecture and Applications Committee December, 2011 Jane Wong Director, ITS Business Applications December, 2011.

Enterprise Architecture and Applications Committee December, 2011 Jane Wong Director, ITS Business Applications December, 2011.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
1©2012 Check Point Software Technologies Ltd. Squashing Politics with Policy.

1©2012 Check Point Software Technologies Ltd. Squashing Politics with Policy.
How to Gain Comfort in Losing Control to the Cloud Randolph Barr CSO - Qualys, Inc SourceBoston, 23. April 2010.

How to Gain Comfort in Losing Control to the Cloud Randolph Barr CSO - Qualys, Inc SourceBoston, 23. April 2010.
2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery. 2015 Risky Business Week.

2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery Risky Business Week.
Rite Aid Procure to Pay (P2P) Program Quick Reference Guide The GEP Smart Portal allows exchange of the following transactions: Purchase Orders Invoice.

Rite Aid Procure to Pay (P2P) Program Quick Reference Guide The GEP Smart Portal allows exchange of the following transactions: Purchase Orders Invoice.
USING google.docs For Presentation Projects Tahoma Jr. High 8 th Grade Science Maple Valley, WA.

USING google.docs For Presentation Projects Tahoma Jr. High 8 th Grade Science Maple Valley, WA.
Click to edit Master text styles – Second level Third level – Fourth level » Fifth level Access From Anywhere, Anytime Access wherever you are via: Computer.

Click to edit Master text styles – Second level Third level – Fourth level » Fifth level Access From Anywhere, Anytime Access wherever you are via: Computer.
© 2007 Open Grid Forum Enterprise Best (Community) Practices Workshop OGF 22 - Cambridge Nick Werstiuk February 25, 2007.

© 2007 Open Grid Forum Enterprise Best (Community) Practices Workshop OGF 22 - Cambridge Nick Werstiuk February 25, 2007.
Educause Security 2006 © Baylor University 2006 1 Security Assessments for Information Technology Bob Hartland Director of IT Servers and Network Services.

Educause Security 2006 © Baylor University Security Assessments for Information Technology Bob Hartland Director of IT Servers and Network Services.
Less Paper, More Power. Document Digitization and Management Solution. digipaper.

Less Paper, More Power. Document Digitization and Management Solution. digipaper.
GroupRocket.net. Years back checking emails in the morning was the first ever thing most of the professionals would start their day with. And with the.

GroupRocket.net. Years back checking s in the morning was the first ever thing most of the professionals would start their day with. And with the.
WEB API AND CLOUD DEVELOPMENT BY TRAWEX TECHNOLOGIES.

WEB API AND CLOUD DEVELOPMENT BY TRAWEX TECHNOLOGIES.
FOSS4VGI: An Introduction to the Open Source Geospatial Community

FOSS4VGI: An Introduction to the Open Source Geospatial Community
+ September 7, 2016. + $100,000 IN PRIZES! + First Prize: $70,000 Second Prize: $30,000.

+ September 7, $100,000 IN PRIZES! + First Prize: $70,000 Second Prize: $30,000.
OpenRegistry: What’s New Jasig San Diego 3/10 1 What’s New With OpenRegistry Scott Battaglia Benjamin Oshrin March 2010.

OpenRegistry: What’s New Jasig San Diego 3/10 1 What’s New With OpenRegistry Scott Battaglia Benjamin Oshrin March 2010.

Similar presentations

Ads by Google