Educause Security Discussion mailing list archives

Re: HECVAT Tool with Current Vendors

From: Cam Beasley <cam () UTEXAS EDU>
Date: Mon, 13 Jan 2020 11:52:19 -0600

hi Frank (and thanks Alexandre!) -

the ISORA lite tool directly applies HECVAT options and allows us as a community to easily share related information.
thus far, we’ve had ~350 people from ~180 campuses make use of the tool and it is growing all the time.

UT Austin tries to add our new vendors as often as possible.

feel free to reach out to security () utexas edu if you have any questions or related ideas.

thanks!

~cam.


--
Cam Beasley
Chief Information Security Officer
Information Security Office
The University of Texas at Austin
security () utexas edu | 512.475.9242
http://security.utexas.edu
=======================================

On Jan 13, 2020, at 11:17 AM, Alexandre Adao <Alexandre.Adao () MORGAN EDU> wrote:

  UT at Austin created a FREE vendor security assessment service for the community that all global REFEDS (Research 
and Education FEDerations group) members can easily access:

 https://lite.isora.saltycloud.com

I hope this can be helpful.

On Mon, Jan 13, 2020 at 11:51 AM Frank Barton <bartonf () husson edu> wrote:
We have gotten some pushback from existing vendors - what we have started doing is really pushing it when contracts 
come up for renewal... this seems to get their attention.

The other thing that we have mentioned is that, yes, the first time through it can be rather daunting to complete, 
but then keeping it up to date is pretty simple, and the form can be reused with effectively *ALL* higher education 
with very little re-work.

Frank

On Mon, Jan 13, 2020 at 11:40 AM Ronald Loneker <rloneker () cse edu> wrote:
Good Morning -

We recently were made aware of, and decided to start using, the HECVAT tool with new vendors we use for future 
projects.

I'm wondering whether we should go back to our current vendors offering cloud applications and have them complete the 
tool even though we're existing customers.

Just asking for thoughts and whether anyone has done this before and gotten a lot of pushback from existing vendors.

I think our IT auditors would be pleased if we have this information centralized.

Ron Loneker, Jr.
Director, IT Special Projects
College of Saint Elizabeth
Mahoney Library
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229

e-mail:  rloneker () cse edu


CSE's IT department will never ask for your password, social security number or other personal information in an 
e-mail message.

Please do not share any information with others!





**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community



-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University
PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437
**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community



-- 
=============================================
Alexandre Magno Adão
Interim Chief Information Security Officer
Morgan State University (CGW 300k)
Division of Information Technology (DIT)
443-885-4415 Office
443-803-3154 Cell

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


This message is from an external sender. Learn more about why this matters.





**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Attachment: smime.p7s
Description:

Current thread:

HECVAT Tool with Current Vendors Ronald Loneker (Jan 13)
- Re: HECVAT Tool with Current Vendors Frank Barton (Jan 13)
  - Re: HECVAT Tool with Current Vendors Alexandre Adao (Jan 13)
    - Re: HECVAT Tool with Current Vendors Cam Beasley (Jan 13)
  - Re: [EXTERNAL]Re: [SECURITY] HECVAT Tool with Current Vendors Jason Fried (Jan 13)
  - Re: HECVAT Tool with Current Vendors Dennis Bolton (Jan 22)
- Re: HECVAT Tool with Current Vendors Madl, Michael (Jan 15)
  - Re: HECVAT Tool with Current Vendors Wessam Maher (Jan 22)
- Re: HECVAT Tool with Current Vendors Clark Gaylord (Jan 22)
  - Re: [External] Re: [SECURITY] HECVAT Tool with Current Vendors Thomas Dugas (Jan 23)