Educause Security Discussion mailing list archives

Re: Information Security Plan

From: Colin Abbott <colin.abbott () MCGILL CA>
Date: Thu, 14 Dec 2017 17:07:13 +0000

Hi,

  > Anyone have suggestions for Sensitive information Scanning tools?

  We had looked at a tool called Mentis (http://www.mentisoftware.com/), it looked very promising but the project was 
put on hold so I can’t speak to actual experience.


Colin Abbott, CISSP, CCSP
IT Security Architect
IT Services
T:  514-398-5070
colin.abbott () mcgill ca<mailto:colin.abbott () mcgill ca>  |   www.mcgill.ca/it<http://www.mcgill.ca/it>
805 Sherbrooke St. W, Room 200, Montreal, QC. H3Z 1G2  Canada


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adam 
Maynard
Sent: Thursday, December 14, 2017 10:06 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Information Security Plan

A lot of Higher Ed uses Spirion (formerly Identity Finder).


-Adam

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leon 
DuPree
Sent: Thursday, December 14, 2017 10:00
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Information Security Plan

Technical question.

Anyone have suggestions for Sensitive information Scanning tools?  I used to use Spider many moons ago for scanning 
FERPA data.
Now I am scanning source code that will be re purposed for development... I have some commercial tools like IBM App 
Scan but this tool is looking for OWASP Top 10 and bad coding, not PHI, ot PII data.

Open to suggestions

Thanks

Leon DuPree
Security specialist extraordinaire


On Tue, Dec 12, 2017 at 12:23 PM, Valerie Vogel <vvogel () educause edu<mailto:vvogel () educause edu>> wrote:
Hi Keenan,

Here is one example of an information security strategic plan template from the EDUCAUSE library:
https://library.educause.edu/resources/2008/3/information-security-strategic-plan-template

You can also find additional ideas and resources as you develop your plan in our Information Security Guide’s Security 
Program Development chapter: https://spaces.internet2.edu/display/2014infosecurityguide/Security+Program+Development

Thank you,
Valerie

Valerie Vogel
Senior Manager, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374<tel:(202)%20331-5374> | twitter: @HEISCouncil | vvogel () educause edu<mailto:vvogel () educause 
edu>

From: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on 
behalf of Keenan Martinez <0000004218ecec53-dmarc-request () LISTSERV EDUCAUSE 
EDU<mailto:0000004218ecec53-dmarc-request () LISTSERV EDUCAUSE EDU>>
Reply-To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Date: Monday, December 11, 2017 at 12:45 PM
To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Information Security Plan

Good day members,

If possible, can you please ensure your University’s Information Security Plan?

I am in the research phase of creating a three-five year plan.

Thank You,
Regards,




Keenan Martinez
Manager
Information Technology Department
Arthur Lok Jack Graduate School of Business
Max Richards Drive, Uriah Butler Highway, North West, Mt. Hope. Trinidad & Tobago. (UTC-4 hours)
• (868) 645-6700 ext. 333<tel:(868)%20645-6700> (Ext.) • (868) 662 1411<tel:(868)%20662-1411> (fax) • (868) 
498-0764<tel:(868)%20498-0764> (Mobile)
• k.martinez () lokjackgsb edu tt<mailto:k.martinez () lokjackgsb edu tt> • 
www.lokjackgsb.edu.tt<http://www.lokjackgsb.edu.tt> • support () lokjackgsb edu tt<mailto:support () lokjackgsb edu tt> 
(Helpdesk)





_____________________________________________________________________ Please note that this message and any attachments 
may contain confidential and proprietary material and information and are intended only for the use of the intended 
recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, 
dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received 
this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, 
whether electronic or printed. Thank you.



--
Leon DuPree


Hebrews 12:11 No discipline seems pleasant at the time, but painful. Later on, however, it produces a harvest of 
righteousness and peace for those who have been trained by it.

Current thread:

Information Security Plan Keenan Martinez (Dec 11)
- <Possible follow-ups>
- Re: Information Security Plan Valerie Vogel (Dec 12)
  - Re: Information Security Plan Leon DuPree (Dec 14)
    - Re: Information Security Plan Adam Maynard (Dec 14)
    - Re: Information Security Plan Valdis Kletnieks (Dec 14)
    - Re: Information Security Plan Colin Abbott (Dec 14)
    - Re: Information Security Plan George Larson (Dec 14)
    - Re: Information Security Plan Valdis Kletnieks (Dec 14)