Educause Security Discussion mailing list archives

Re: Info Sec at Small Colleges

From: Robert Smith <Robert.Smith () UCOP EDU>
Date: Fri, 9 Mar 2018 22:57:09 +0000

Hello small colleges,

A few other low/no cost resources.

Also, several large schools, us included, make some useful resources available too.  You, with attribution, are welcome 
to use these materials:
https://security.ucop.edu/resources/security-awareness/index.html

https://security.ucop.edu/resources/factsheets.html

For state schools, MS-ISAC is also valuable.   If you have  a medical/nursing school or student health clinic of some 
sort, NH-ISAC is extremely valuable. Last, some states, ours does, also have SOCs that can support you.  Even though we 
are not small, we work closely with our state SOC and that is a very valuable resource and relationship.  Ours also has 
forensic capabilities too.

Also for state/local schools, FedVTE has great courses that are free for qualifying .gov and .edu users. 
(https://niccs.us-cert.gov/training/federal-virtual-training-environment-fedvte)

Using the HECVAT and leveraging the larger schools pushing this is also free.  
https://library.educause.edu/resources/2016/10/higher-education-cloud-vendor-assessment-tool


Last, don't forget to sign up for dorkbot - also free.  https://security.utexas.edu/dorkbot

Have an awesome day,

Robert Smith, CISSP, PMP
University of California Office of the President
(510) 587-6244 (o)
(510) 541-8103 (m)
robert.smith () ucop edu<mailto:robert.smith () ucop edu>


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joanna 
Grama
Sent: Friday, March 9, 2018 2:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Info Sec at Small Colleges

Hi Everyone:

We plan to publish a set of "budget conscious infosec" resources in April. These resources, prepared by members of the 
Higher Education Information Security Council, provide budget-conscious advice for IT leaders and managers tasked with 
developing and delivering institutional information security programs and services.  There are three papers and I hope 
that at least one of them will be published before the EDUCAUSE Security Professionals Conference.  We also have a 
couple of sessions on the same coming up at the Security Professionals Conference if you plan to attend.

As more resources on this topic are published, I will be sure to send a note to this list.

Kind regards,
Joanna


Joanna Grama, JD, CISSP, CRISC, CIPT
Director of Cybersecurity and IT GRC Programs

EDUCAUSE
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000, Louisville, CO 80027
direct: 720.406.6769 | jgrama () educause edu<mailto:jgrama () educause edu>

Become a Member- Everyone at your organization is an EDUCAUSE member when you join | Access discounts, resources, and 
valuable peer networks | Discover membership<https://www.educause.edu/about/discover-membership>





From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Davis, 
Chris
Sent: Friday, March 9, 2018 2:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Info Sec at Small Colleges

I apologize if this is a double email for anyone.  I sent this question the small college group, but then thought, it 
might get more traction/attention here.

Before my question, a brief background on my school.  We are a small Catholic liberal arts university with an 
enrollment of approximately 1,300 students.

We attended a webinar today on GDPR which led to a larger discussion regarding information security.  My question to 
the group is, how do the smaller colleges justify the expenditures required for a decent info sec program to your 
administration given the size of our institutions.  Also, would anyone be willing to hop on a call to discuss info sec 
programs at small colleges and what you are doing to stay compliant with the various regulatory requirements - PCI, 
HIPAA, GLBA, Red Flag, FERPA, and potentially, GDPR.

Many thanks in advance!

Chris


Christopher Davis, Ph.D.
Chief Information Officer
Lourdes University
6832 Convent Blvd. | REH 003P | Sylvania, OH 43560
cdavis () lourdes edu<mailto:cdavis () lourdes edu>

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) 
and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not 
the intended recipient of this message or their agent, or if this message has been addressed to you in error, please 
immediately alert the sender by reply email and then delete this message and any attachments. If you are not the 
intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its 
attachments is strictly prohibited.

Current thread:

Info Sec at Small Colleges Davis, Chris (Mar 09)
- Re: Info Sec at Small Colleges Barton, Robert W. (Mar 09)
- Re: Info Sec at Small Colleges Ken Connelly (Mar 09)
- Re: Info Sec at Small Colleges Colleen Keller (Mar 09)
- Re: Info Sec at Small Colleges Radhakrishnan, Rashmi (Mar 09)
- Re: Info Sec at Small Colleges Hagan, Sean (Mar 09)
- Re: Info Sec at Small Colleges Kurtz, Eric (Mar 09)
- Re: Info Sec at Small Colleges Joanna Grama (Mar 09)
  - Re: Info Sec at Small Colleges Robert Smith (Mar 09)