Educause Security Discussion mailing list archives
HEISC Quarterly Update, December 2016
From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Thu, 1 Dec 2016 17:34:18 +0000
I am sharing this HEISC update on behalf of our co-chairs. If you have any questions about any of these projects or resources, please let me know! Thank you, Valerie Valerie Vogel Program Manager, Cybersecurity EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/> Our wonderful Higher Education Information Security Council (HEISC) volunteers have been quite busy over the past few months. Rather than provide you with a laundry list of accomplishments, we thought we might highlight the resources and topics that will be of most use to you as you create your 2017 information security plans. NIST 800-171 was a topic of frequent conversation in 2016 and we expect it to be a popular topic again in 2017. To meet our community’s needs, HEISC published the following resources that we hope you’ll find useful in your planning efforts. * An Introduction to NIST Special Publication 800-171 for Higher Education Institutions<https://library.educause.edu/resources/2016/4/an-introduction-to-nist-special-publication-800-171-for-higher-education-institutions> (updated in October) * NIST SP 800-171 Compliance Template<https://library.educause.edu/resources/2016/9/nist-sp-800-171-compliance-template> (developed by members of the Common Solutions Group) * Webinar with Ron Ross Discussing NIST SP 800-171 and Controlled Unclassified Information (CUI)<https://library.educause.edu/resources/2016/9/nist-sp-800-171-and-cui-with-ron-ross-webinar> Assessing third-party vendors is another common issue, so a small dedicated project team spent the summer and early fall creating the Higher Education Cloud Vendor Assessment Tool<https://library.educause.edu/resources/2016/10/higher-education-cloud-vendor-assessment-tool>, which is a higher education-specific cloud security questionnaire. We hope to continue to focus on how to streamline higher education’s approach to cloud vendor security in 2017. Since many campuses appreciated the resources developed as part of the 2016 Annual Campus Security Awareness Campaign<http://www.educause.edu/securityawareness>, we have developed 12 new monthly blogs with ready-made content for your campus communication channels to use in 2017. We know many campuses are stretched for resources to devote to information security awareness, so each blog focuses on a different topic and provides content for newsletters or websites, social media posts, e-mail signatures, and additional resources. Just copy, paste, and add your institutional branding or voice for instant awareness content! The 2017 Security Professionals Conference<http://www.educause.edu/sec17> program committee is currently reviewing 120 proposals (a new submission record!). Speakers will be notified before the end of this year. Also, don’t miss the first two videos in our series where 4 IT leaders debate the implications of information security being the top item on the 2016 EDUCAUSE Top 10 IT Issues list<http://www.educause.edu/research-and-publications/research/top-10-it-issues>. And stay tuned for the next installment on 12/12. * Part 1<http://er.educause.edu/multimedia/2016/10/video--4-it-leaders-debate-security---part-I> * Part 2<http://er.educause.edu/multimedia/2016/11/video--4-it-leaders-debate-security---part-2> Finally, since September, we have posted almost 20 guest blogs in the EDUCAUSE Review Security Matters column<http://er.educause.edu/columns/security-matters>, with many focusing on National Cyber Security Awareness Month themes. We’ve also posted several recently on DDoS attacks and ransomware. We’d love to hear from you about these new HEISC resources. Your feedback is invaluable and we hope you will continue to let us know how we can provide useful and meaningful content that can help strengthen your programs and departments. Thank you, Sharon Pitt and Melissa Woo, HEISC Co-Chairs www.educause.edu/security<http://www.educause.edu/security>
Current thread:
- HEISC Quarterly Update, December 2016 Valerie Vogel (Dec 01)