Re: Tableau for Student's data Analytics

[Ronald King <ronald.king () MORGAN EDU>]

I did send them the HECVAT Lite version. We will see what comes of it.

*Ronald A. King, CISSP*
Chief Information Security Officer
Morgan State University Office: (443) 885-3372
1700 E. Cold Spring Ln. Email: ronald.king () morgan edu
Baltimore, MD 21251 URL: http://www.morgan.edu

*Growing the future ... Leading the world*
<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>


On Tue, Aug 22, 2017 at 11:14 AM, Klein Keane, Justin <Klein_KeaneJ () mlhs org
> wrote:

> Hello,
>
>
>
>   I responded to Ronald offline, but for the sake of everyone else, we are
> looking at Tableau as well, especially since a lot of vendors are now
> producing data that is formatted for the free Tableau Reader program.  This
> means that a lot of organizations (mine included) are now being asked to
> install Tableau Reader on workstations so that employees can ingest,
> review, and analyze data from third parties.  Evaluating Tableau Reader is
> difficult since we’re not a customer and Tableau has been completely
> unresponsive to our requests for details around the security of this
> program and potential impact on our security profile and overall risk
> assessment.
>
>
>
>   I’m happy to share responses we get from Tableau, if we ever receive
> any, and would be keenly interested in anyone else’s experience.
>
>
>
> Cheers,
>
>
>
> Justin C. Klein Keane, MA MCIT CEPT C|EH
>
> Security Architect
> Enterprise Architecture and Security
> Main Line Health Information Technology
> https://www.mainlinehealth.org/
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mainlinehealth.org_&d=DwMGaQ&c=0CCt47_3RbNABITTvFzZbA&r=hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m=PoZgblcpR7aO2Pwo2EPpR2vt5xeGe2gyxdiTIFUzrxA&s=AqARaAngPJU6RawDhVx0-4MeZOZF4MPrbj23qJxdGvw&e=>
> klein_keanej () mlhs org
> 484-596-2203 <(484)%20596-2203>
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Hart, Michael
> *Sent:* Tuesday, August 22, 2017 11:10 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [EXTERNAL] Re: [SECURITY] Tableau for Student's data Analytics
>
>
>
> This message originated from outside MLHS systems. Any attachments or
> links should be carefully considered before proceeding. Please contact the
> Help Desk at 484-596-4357 <(484)%20596-4357> with any questions or
> forward a questionable email to HelpDesk () mlhs org
>
>
> ------------------------------
>
> The timing of this email is interesting.  I received it while I was in a
> meeting with our business intelligence and institutional research folks
> talking about how to securely utilize Tableau in their departments.
>
>
>
> I’m also interested in hearing from any institutions with Tableau
> experience.  I’m hoping to involve our Data Warehouse team and DBAs to help
> us create appropriate processes and policies around Tableau.  Any input
> would be greatly appreciated.
>
>
>
>
>
>
>
> *Mike Hart  | CISO, Director of ITS Security, Infrastructure, and
> Networking*
>
> *Metropolitan State University of Denver Information Technology Services*
> Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362
> Admin Building - 1201 5th Street 480E  Denver, CO 80204
> 303-615-0541 <(303)%20615-0541> (Office)
> 303-352-7548 <(303)%20352-7548> (Help Desk)
> mhart20 () msudenver edu | www.msudenver.edu/technology
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.msudenver.edu_technology&d=DwMGaQ&c=qqcbk_QeabW4Z7GBhIMNtn_B7aQjktEuWNmUvrzri9o&r=T6Gkm-QA6wMUGmtyL0hrMz5ZqqoLGv5jfrNlZvfp68Q&m=rXJgkYzA7Jw0ML7GQId4WErHLtr2hjqwbbgodSDLKLw&s=ME616t0g_T94hbJSA-g2hfoqYXONPe2jq876U9RRDao&e=>
>
> [image: University_Formal_2CPos[1]]
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [
> mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
> Behalf Of *Ronald King
> *Sent:* Tuesday, August 22, 2017 8:20 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Tableau for Student's data Analytics
>
>
>
> Good morning all,
>
>
>
> We have been approached by Academic Affairs to participate in a project to
> possibly use Tableau for data analytics of our student (FERPA) data. We are
> looking at whether to have it hosted or on premises and potentially have a
> direct feed from our Student Information System (SIS).
>
>
>
> While we have the expected concerns related to any cloud service accessing
> the SIS, what is really concerning is the access to student data. Red flags
> started to fly almost immediately. So, my questions to the group:
>
>    - Is anyone using Tableau for data analytics for enrollment data and
>    student records?
>    - What privacy concerns do you have even if the student records are
>    "de-identified?" (Even if we remove names, socials and student numbers,
>    there are still ways to identify individuals based on other data sets.)
>    - Do we need student permission to provide their "de-identified" data
>    to a cloud service?
>    - Is there any advise you can offer?
>
> Please feel free to contact me directly via email or phone.
>
>
>
> Thank you very much for your time.
>
> *Ronald A. King, CISSP*
>
> Chief Information Security Officer
>
> Morgan State University
>                                          Office: (443) 885-3372
>
> 1700 E. Cold Spring Ln.
>                                                                 Email:
> ronald.king () morgan edu
>
> Baltimore, MD 21251
> URL:    http://www.morgan.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.morgan.edu&d=DwMGaQ&c=qqcbk_QeabW4Z7GBhIMNtn_B7aQjktEuWNmUvrzri9o&r=T6Gkm-QA6wMUGmtyL0hrMz5ZqqoLGv5jfrNlZvfp68Q&m=rXJgkYzA7Jw0ML7GQId4WErHLtr2hjqwbbgodSDLKLw&s=mlC4-Qmn_AE8yzx_mWgERTenJfxKvKPf5nSXeP4M0Uw&e=>
>
>
>
>                                                 *Growing the future ...
> Leading the world*
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.morgan.edu_Documents_ABOUT_StrategicPlan_StrategicPlan2011-2D21-5FFinal.pdf&d=DwMGaQ&c=qqcbk_QeabW4Z7GBhIMNtn_B7aQjktEuWNmUvrzri9o&r=T6Gkm-QA6wMUGmtyL0hrMz5ZqqoLGv5jfrNlZvfp68Q&m=rXJgkYzA7Jw0ML7GQId4WErHLtr2hjqwbbgodSDLKLw&s=Ot4MvOH5C_MtCpIez8q4uNT68-tEGs0yqsAjbjtPmA0&e=>