Educause Security Discussion mailing list archives
Re: HECVAT Users List
From: Alan Bowen <abowen () FANDM EDU>
Date: Wed, 21 Feb 2018 19:59:31 -0500
Franklin and Marshall adopted the HECVAT tool and further customized it to our specific needs in late 2017. We indicate to vendors that we will accept either the standard non-modified full or lite version or our specific customized version. A shared repository for reference and consultation will help with the adoption and awareness of the HECVAT tool for institutions. Definitely worthwhile but perhaps in a different way than originally thought. In our experience at F&M, vertical market and niche market vendors self-select to not have their assessments shared for reasons that would surprise no one. However, they expect residual value in anticipated future engagements from having completed the HECVAT exercise, even without having results shared or published, through re-use. -Alan
On Feb 21, 2018, at 5:43 PM, Joanna Grama <jgrama () EDUCAUSE EDU> wrote: Hi Mark, We hope to post a blog soon that discusses where we are on the sharing infrastructure. That has not progressed in the way the working group originally envisioned, but we are still making progress on a workable solution for higher ed. At the moment sharing is happening through the REN ISAC Cloud Broker Index (or CBI) (https://www.ren-isac.net/hecvat/cbi.html <https://www.ren-isac.net/hecvat/cbi.html>). The CBI provides an up-to-date index of participating vendors with links to their completed assessments. If a vendor is already listed in the CBI, security assessors at colleges and universities can utilize the posted assessment, saving time for both security assessors and service providers. Vendors participate in the CBI on a voluntary basis, and there are four modes of participation contemplated. We tried to sketch out what the sharing infrastructure looks like with the CBI (at its end state) in this poster: https://library.educause.edu/~/media/files/library/2017/10/hecvatposter.pdf <https://library.educause.edu/~/media/files/library/2017/10/hecvatposter.pdf> If you know of a vendor that is interested in sharing, please do direct them to the CBI website for more information. Kind regards, Joanna Joanna Grama, JD, CISSP, CRISC, CIPT Director of Cybersecurity and IT GRC Programs EDUCAUSE Uncommon Thinking for the Common Good 282 Century Place, Suite 5000, Louisville, CO 80027 direct: 720.406.6769 | jgrama () educause edu <mailto:jgrama () educause edu> Become a Member- Everyone at your organization is an EDUCAUSE member when you join | Access discounts, resources, and valuable peer networks | Discover membership <https://www.educause.edu/about/discover-membership> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mark Dieterich Sent: Wednesday, February 21, 2018 5:29 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] HECVAT Users List We've been telling vendors that EDU customers are adopting this, but haven't had a sense of how widespread the adoption has been. I got the green light have Brown listed, so we will be adding our name to the list. When this first came about, there was discussion on developing a sharing platform where completed HECVATS or the fact that a vendor has filled out a HECVAT, depending on their wishes, could be listed. Are there any developments with this? I think we actually have one vendor who indicated we could share and a few that gave us permission to list them, it would be great if we could actually do something with these. Thanks, Mark On Wed, Feb 21, 2018 at 1:20 PM, Allen, Jon <Jon_Allen () baylor edu <mailto:Jon_Allen () baylor edu>> wrote: Hello! <> The 2019 Higher Education Cloud Vendor Assessment Tool (HECVAT) working group is devoting effort to getting the word out about institutional HECVAT adoption. We want to create a list of institutions that are using the HECVAT to publish on the HECVAT web page (https://library.educause.edu/resources/2016/10/higher-education-cloud-vendor-assessment-tool <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Flibrary.educause.edu%2Fresources%2F2016%2F10%2Fhigher-education-cloud-vendor-assessment-tool%26sa%3DD%26ust%3D1519160086542000%26usg%3DAFQjCNHtq6sVc7M6Yijyrp-FyIIhP7-g3A&data=01%7C01%7Cjon_allen%40baylor.edu%7C2f31c9f2ae8048feb12908d5789c6998%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=xWyOTuLEnGCCgx273bRaeoOn%2FF5jzLxFimJ28wRO8BQ%3D&reserved=0>). The purpose of this list is two-fold: First, to demonstrate HECVAT adoption at higher education institutions (so that vendors will want to participate in completing a HECVAT). Second, to provide a list of HECVAT references (so that institutions can contact their peers with HECVAT questions). If you are interested in being listed on the webpage in this manner, please fill out this form. Institutional names only (not contact information) will be listed on the webpage. If you would like your institution to be listed in this way, please complete our form: https://goo.gl/forms/BJlson23HVDMy1Q63 <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fforms%2FBJlson23HVDMy1Q63&data=01%7C01%7Cjon_allen%40baylor.edu%7C2f31c9f2ae8048feb12908d5789c6998%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=BjbsQBbg%2FPZVtOhlWIHMTXXOSHq1TTzBXwqVNMfqoQk%3D&reserved=0> Thanks, _________________________________ Jon Allen, CISSP, EnCE Assistant Vice President & Chief Information Security Officer Baylor University 254.710.4793 <tel:(254)%20710-4793> <image001.png> www.baylor.edu/bearaware <http://www.baylor.edu/bearaware>
Current thread:
- HECVAT Users List Allen, Jon (Feb 21)
- Re: HECVAT Users List Mark Dieterich (Feb 21)
- Re: HECVAT Users List Joanna Grama (Feb 21)
- Re: HECVAT Users List Alan Bowen (Feb 21)
- Re: HECVAT Users List Brown,Thomas (Feb 21)
- Re: HECVAT Users List Ken Connelly (Feb 21)
- Re: HECVAT Users List Brian T. Huntley (Feb 22)
- Re: HECVAT Users List Sue McGlashan (Feb 22)
- Re: HECVAT Users List Gregg, Christopher S. (Feb 22)
- Re: HECVAT Users List Theresa Rowe (Feb 28)
- Re: HECVAT Users List Penn, Blake C (Mar 01)
- Re: HECVAT Users List Theresa Rowe (Mar 01)
- Re: HECVAT Users List Ronald King (Mar 12)
- Re: HECVAT Users List Steven W Andariese (Mar 20)
- Re: HECVAT Users List Joanna Grama (Feb 21)
- Re: HECVAT Users List Mark Dieterich (Feb 21)