Educause Security Discussion mailing list archives
Re: Data Governance Role Based Access questions
From: Ray Phillips <phillips () UMN EDU>
Date: Thu, 25 Jul 2019 15:24:01 -0500
Hi Michael, UMN recently developed the attached questions for vendors, adapted from the BTAA questionnaire. The questionnaire is divided into a limited set of initial screening questions, then a more extensive set for finalists. Question DS12 on the Finalist tab deals with RBAC. If the finalist's response is insufficient and the security level of the service warrants it, we may schedule a followup call with a technical contact at the vendor to get more info. Ray On Thu, Jul 25, 2019 at 2:58 PM Menne, Michael S <michael.menne () mnsu edu> wrote:
Good afternoon all, As we continue to strengthen our third party evaluations and monitoring practices, we have started to ask more questions regarding role based access (AAA) rather than just security. The HECVAT has a few questions regarding AAA, but it is pretty light. We would like to know more about the role based security access controls available within applications / services in addition to the security protections in place. We are trying to understand who has access to the data we are putting into these systems and how they are consuming it. Does anyone have anything they can share that would access more about access controls as part of a vendor / software evaluation? Thank you *Michael Menne, CISSP* *Chief Information Security Officer* *IT Solutions Information Security* *Minnesota State University, Mankato* *Phone: (507) 389-5705* *Shop Safe Online. **Learn More. <https://link.mnsu.edu/shopsafeonline>* [image: cid:image001.png@01D341A0.236300E0] *Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.*
-- Ray Phillips Security Risk Analyst, CISA University Information Security | OIT University of Minnesota | umn.edu phillips () umn edu | (612) 626-0568
Attachment:
_UMN Information Security Questions for Purchasing IT Solutions_Services.xlsx
Description:
Current thread:
- Data Governance Role Based Access questions Menne, Michael S (Jul 25)
- Re: Data Governance Role Based Access questions Ray Phillips (Jul 25)