HEISC Quarterly Update, December 2016

[Valerie Vogel <vvogel () EDUCAUSE EDU>]

I am sharing this HEISC update on behalf of our co-chairs. If you have any questions about any of these projects or 
resources, please let me know!
Thank you,
Valerie

Valerie Vogel Program Manager, Cybersecurity

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/>



Our wonderful Higher Education Information Security Council (HEISC) volunteers have been quite busy over the past few 
months. Rather than provide you with a laundry list of accomplishments, we thought we might highlight the resources and 
topics that will be of most use to you as you create your 2017 information security plans.


NIST 800-171 was a topic of frequent conversation in 2016 and we expect it to be a popular topic again in 2017. To meet 
our community’s needs, HEISC published the following resources that we hope you’ll find useful in your planning efforts.

  *   An Introduction to NIST Special Publication 800-171 for Higher Education 
Institutions<https://library.educause.edu/resources/2016/4/an-introduction-to-nist-special-publication-800-171-for-higher-education-institutions>
 (updated in October)

  *   NIST SP 800-171 Compliance 
Template<https://library.educause.edu/resources/2016/9/nist-sp-800-171-compliance-template> (developed by members of 
the Common Solutions Group)

  *   Webinar with Ron Ross Discussing NIST SP 800-171 and Controlled Unclassified Information 
(CUI)<https://library.educause.edu/resources/2016/9/nist-sp-800-171-and-cui-with-ron-ross-webinar>


Assessing third-party vendors is another common issue, so a small dedicated project team spent the summer and early 
fall creating the Higher Education Cloud Vendor Assessment 
Tool<https://library.educause.edu/resources/2016/10/higher-education-cloud-vendor-assessment-tool>, which is a higher 
education-specific cloud security questionnaire. We hope to continue to focus on how to streamline higher education’s 
approach to cloud vendor security in 2017.


Since many campuses appreciated the resources developed as part of the 2016 Annual Campus Security Awareness 
Campaign<http://www.educause.edu/securityawareness>, we have developed 12 new monthly blogs with ready-made content for 
your campus communication channels to use in 2017.  We know many campuses are stretched for resources to devote to 
information security awareness, so each blog focuses on a different topic and provides content for newsletters or 
websites, social media posts, e-mail signatures, and additional resources. Just copy, paste, and add your institutional 
branding or voice for instant awareness content!


The 2017 Security Professionals Conference<http://www.educause.edu/sec17> program committee is currently reviewing 120 
proposals (a new submission record!). Speakers will be notified before the end of this year.


Also, don’t miss the first two videos in our series where 4 IT leaders debate the implications of information security 
being the top item on the 2016 EDUCAUSE Top 10 IT Issues 
list<http://www.educause.edu/research-and-publications/research/top-10-it-issues>. And stay tuned for the next 
installment on 12/12.

  *   Part 1<http://er.educause.edu/multimedia/2016/10/video--4-it-leaders-debate-security---part-I>

  *   Part 2<http://er.educause.edu/multimedia/2016/11/video--4-it-leaders-debate-security---part-2>


Finally, since September, we have posted almost 20 guest blogs in the EDUCAUSE Review Security Matters 
column<http://er.educause.edu/columns/security-matters>, with many focusing on National Cyber Security Awareness Month 
themes. We’ve also posted several recently on DDoS attacks and ransomware.


We’d love to hear from you about these new HEISC resources. Your feedback is invaluable and we hope you will continue 
to let us know how we can provide useful and meaningful content that can help strengthen your programs and departments.


Thank you,


Sharon Pitt and Melissa Woo, HEISC Co-Chairs

www.educause.edu/security<http://www.educause.edu/security>