Educause Security Discussion mailing list archives
Re: HECVAT Security Assessment Question
From: Joanna Grama <jgrama () EDUCAUSE EDU>
Date: Wed, 28 Jun 2017 14:51:55 +0000
Hi Kevin, Great question. One of the goals of the HECVAT working group this fall is to figure out the best way to share information about the institutions that are using HECVAT (and the service providers involved). As you might imagine, information sharing is a bit informal at the moment until we work through the ins/outs of how to do this properly. However, we can be somewhat more deliberate about our informal efforts. If your institution has used the HECVAT, and you would be interested in sharing upon request your experiences with the tool and vendor responses, please fill out our very low-fi google form: https://docs.google.com/forms/d/e/1FAIpQLSd2ZfXc6ZsxgncDnQzcNa7zFt-pr3ko39e7z6E2XtcoZvd47Q/viewform?usp=sf_link You will need to submit one response per service provider/product completing a HECVAT (which will make sorting the response spreadsheet for products/institutions a bit easier). We will be able to use this list to potentially match up institutions when we get requests like the one that I shared this morning. Finally, if you have used the HECVAT and want to share information about your experiences with the tool, please consider taking the working group’s feedback survey: https://www.surveymonkey.com/r/PQSLMBK Kind regards, Joanna Joanna Grama, JD, CISSP, CRISC, CIPT Director of Cybersecurity and IT GRC Programs EDUCAUSE Uncommon Thinking for the Common Good 282 Century Place, Suite 5000, Louisville, CO 80027 direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu<mailto:jgrama () educause edu> Attend the EDUCAUSE Metrics Mania!<https://events.educause.edu/webinar/2017/metrics-mania-using-metrics-to-bolster-your-higher-education-information-security-program> online seminar, August 9, 2017. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Davis, Kevin Sent: Wednesday, June 28, 2017 10:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] HECVAT Security Assessment Question Hi Joanna, I’ll take this opportunity to raise a tangential question on HECVAT! Davidson College is adopting HECVAT/HECVAT Lite for vendor assessments. Being end of fiscal year, we’ve had a large number of cloud/SaaS software purchase requests from departments and have been evaluating several small/midsize vendors and encouraging them to follow HECVAT. One question we’re getting is what other schools are using HECVAT, since for many smaller vendors this is the first they’re hearing about it. Is there a list of what schools have adopted? The more schools we can share that have bought in, the better the compliance… Kevin -- Kevin Davis Deputy CIO & Director, Core Services Davidson College ITS (704) 894-2405 (office) | (980) 319-8538 (mobile) From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Joanna Grama <jgrama () EDUCAUSE EDU<mailto:jgrama () EDUCAUSE EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Wednesday, June 28, 2017 at 10:02 AM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] HECVAT Security Assessment Question Good morning list mates: We have received an email from a member looking to see if: 1) If any institution has a completed HECVAT for Microsoft Office 365/OneDrive, Box and ServiceNow 2) If the vendor’s responses for that completed HECVAT allowed sharing with other higher education institutions If the answers to the above questions are “yes,” could you contact me off list please? We have a member that would like to speak with you about your experiences. Kind regards, Joanna Joanna Grama, JD, CISSP, CRISC, CIPT Director of Cybersecurity and IT GRC Programs EDUCAUSE Uncommon Thinking for the Common Good 282 Century Place, Suite 5000, Louisville, CO 80027 direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu<mailto:jgrama () educause edu> Attend the EDUCAUSE Metrics Mania!<https://events.educause.edu/webinar/2017/metrics-mania-using-metrics-to-bolster-your-higher-education-information-security-program> online seminar, August 9, 2017.
Current thread:
- HECVAT Security Assessment Question Joanna Grama (Jun 28)
- <Possible follow-ups>
- Re: HECVAT Security Assessment Question Davis, Kevin (Jun 28)
- Re: HECVAT Security Assessment Question Joanna Grama (Jun 28)