Educause Security Discussion mailing list archives
Re: Training and Compliance Portal
From: "Conlee, Keith" <conlee () COD EDU>
Date: Wed, 26 Jun 2019 15:54:17 +0000
We also use KnowBe4. But since you are probably asking about more than Security Training, KnowBe4 will not do it. We use Cornerstone LMS for our Security Training, HR Training - e.g. Sexual Awareness, Ethics, and Compliance Training - e.g. Safety, NIMS, etc. We still use KnowBe4 for phishing simulation, and since KnowBe4's training is scorm compliant/format you can just drop KnowBe4 Security Training modules into Cornerstone and administer Security Training with all the NON-Security Training FROM Cornerstone. It is all administered by HR for completion, discipline for non-completion, etc. Works great. Keith Conlee, JD, MS/BS, PCIP, CISSP, CISA, CBCP Chief Security Officer, IT College of DuPage 425 Fawell Blvd. Glen Ellyn, IL 60137-6599 Ph. - 630.942.3055 conlee () cod edu Date: Fri, 24 May 2019 16:29:36 +0000 From: "Pardonek, Jim" <jpardonek () LUC EDU> Subject: Training and Compliance Portal We have 3 disparate platforms for delivering awareness and compliance training. HR has one, our Information Security Office has one, and our compliance folks have one. We are looking for software that would provide a portal that would be helpful to our end users where they could go to find all of their available and completed training on one dashboard. If you grew your own, please let me know as well Thanks! James Pardonek, MS, CISSP, CEH, GSNA Information Security Officer Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 *: (773) 508-6086 Loyola University Chicago will never ask you for your username or password. For the lastest information security news at Loyola, please follow us online, Twitter: @LUCUISO Facebook: https://www.facebook.com/lucuiso/ Our Blog http://blogs.luc.edu/uiso/ -----Original Message----- From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of SECURITY automatic digest system Sent: Friday, May 24, 2019 5:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: SECURITY Digest - 23 May 2019 to 24 May 2019 (#2019-93) There are 6 messages totalling 1777 lines in this issue. Topics of the day: 1. Proof point vs Mimecast (3) 2. Training and Compliance Portal 3. SecureLink vs VPN for privileged vendor access 4. [EXTERNAL] [SECURITY] SecureLink vs VPN for privileged vendor access ---------------------------------------------------------------------- Date: Fri, 24 May 2019 12:33:38 +0000 From: "Snook, Allen" <asnook () MESSIAH EDU> Subject: Re: Proof point vs Mimecast Thanks everyone for your insightful input. Your input will make my decision much easier. Regards, Allen A. Snook - CISSP Director of Information Security CCNP [cid:part2.C84B68C8.50548032@messiah.edu] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Snook, Allen Sent: Thursday, May 23, 2019 9:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Proof point vs Mimecast Good morning All, Has anyone used either or both of these companies? We have just completed a POC with Proof Point which I feel is a great product/service we just cannot afford the price tag. Currently we are looking at Mimecast to do another POC with to compare the two. I would like to get anyone's feedback to the following questions in regards to Proof Point or Mimecast: * why you picked one over the other, * if you switched from one to the other why, * what you like best of either, or * most importantly what you didn't like. Also is there another product/service you prefer that would be great to know. A little about our environment: For the last 30 days, our average daily email stats look like: email sent: 11,855 email received: 92,692 total mailboxes: 17,000 active mailboxes: 8,168 We use Office365 Exchange with A1 licensing. Currently our heaviest attack vector is Email (with IMAP password discovery, discovered during our POC with Proof Point) with Alumni accounts being compromised most often. Regards, Allen A. Snook - CISSP Director of Information Security CCNP [cid:part2.C84B68C8.50548032@messiah.edu] One College Avenue Suite 3055 Mechanicsburg PA 17055 Tel: (717) 766-2511 x6790 Fax: (717) 796-5246 Cell: (717) 439-0025 ------------------------------ Date: Fri, 24 May 2019 08:44:11 -0400 From: Frank Barton <bartonf () HUSSON EDU> Subject: Re: Proof point vs Mimecast We have looked at enabling the "time-of-click" protection on our Sophos Email Appliance (does part of what ProofPoitn and Mimecast does), but it would involve changing our email flow Are any of those of you that are using these services using Google Apps as your email? Frank On Fri, May 24, 2019 at 8:33 AM Snook, Allen <asnook () messiah edu> wrote:
Thanks everyone for your insightful input. Your input will make my decision much easier. Regards, *Allen A. Snook - CISSP* Director of Information Security CCNP [image: cid:part2.C84B68C8.50548032@messiah.edu] *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Snook, Allen *Sent:* Thursday, May 23, 2019 9:14 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Proof point vs Mimecast Good morning All, Has anyone used either or both of these companies? We have just completed a POC with Proof Point which I feel is a great product/service we just cannot afford the price tag. Currently we are looking at Mimecast to do another POC with to compare the two. I would like to get anyone’s feedback to the following questions in regards to Proof Point or Mimecast: · why you picked one over the other, · if you switched from one to the other why, · what you like best of either, or · most importantly what you didn’t like. Also is there another product/service you prefer that would be great to know. A little about our environment: For the last 30 days, our average daily email stats look like: email sent: 11,855 email received: 92,692 total mailboxes: 17,000 active mailboxes: 8,168 We use Office365 Exchange with A1 licensing. Currently our heaviest attack vector is Email (with IMAP password discovery, discovered during our POC with Proof Point) with Alumni accounts being compromised most often. Regards, *Allen A. Snook - CISSP* Director of Information Security CCNP [image: cid:part2.C84B68C8.50548032@messiah.edu] One College Avenue Suite 3055 Mechanicsburg PA 17055 Tel: (717) 766-2511 x6790 Fax: (717) 796-5246 Cell: (717) 439-0025
-- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University ------------------------------ Date: Fri, 24 May 2019 16:29:36 +0000 From: "Pardonek, Jim" <jpardonek () LUC EDU> Subject: Training and Compliance Portal We have 3 disparate platforms for delivering awareness and compliance training. HR has one, our Information Security Office has one, and our compliance folks have one. We are looking for software that would provide a portal that would be helpful to our end users where they could go to find all of their available and completed training on one dashboard. If you grew your own, please let me know as well Thanks! James Pardonek, MS, CISSP, CEH, GSNA Information Security Officer Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 *: (773) 508-6086 Loyola University Chicago will never ask you for your username or password. For the lastest information security news at Loyola, please follow us online, Twitter: @LUCUISO Facebook: https://www.facebook.com/lucuiso/ Our Blog http://blogs.luc.edu/uiso/ ------------------------------ Date: Fri, 24 May 2019 18:55:48 +0000 From: Colin Abbott <colin.abbott () MCGILL CA> Subject: SecureLink vs VPN for privileged vendor access Hi, As part of our Banner 9 transformation project we are engaging with Ellucian professional services to provide some support. Their new model is that they are refusing to use a client’s VPN and instead forcing the clients to use SecureLink. (https://www.securelink.com/) A quick look at SecureLink it looks pretty interesting, especially the level of audit and notifications when vendors access your systems. Is anyone using this with Ellucian or has anyone implemented it as a solution for vendor access? Has anyone already done an in-depth security assessment of the product? Thanks Colin Abbott, CISSP, CCSP | IT Security Architect | McGill University | Network and Communication Services | 514-398-5070 ------------------------------ Date: Fri, 24 May 2019 15:10:49 -0400 From: Alexandre Adao <Alexandre.Adao () MORGAN EDU> Subject: Re: Proof point vs Mimecast We took advantage of a "promotional pricing" in order for us to purchase ProofPoint back in 2016. So far has served us well and it worth the investment if you can afford. Spams and phishing have been reduced considerably but indeed this product is very expensive. Alex Adao On Fri, May 24, 2019 at 8:44 AM Frank Barton <bartonf () husson edu> wrote:
We have looked at enabling the "time-of-click" protection on our Sophos Email Appliance (does part of what ProofPoitn and Mimecast does), but it would involve changing our email flow Are any of those of you that are using these services using Google Apps as your email? Frank On Fri, May 24, 2019 at 8:33 AM Snook, Allen <asnook () messiah edu> wrote:Thanks everyone for your insightful input. Your input will make my decision much easier. Regards, *Allen A. Snook - CISSP* Director of Information Security CCNP [image: cid:part2.C84B68C8.50548032@messiah.edu] *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Snook, Allen *Sent:* Thursday, May 23, 2019 9:14 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Proof point vs Mimecast Good morning All, Has anyone used either or both of these companies? We have just completed a POC with Proof Point which I feel is a great product/service we just cannot afford the price tag. Currently we are looking at Mimecast to do another POC with to compare the two. I would like to get anyone’s feedback to the following questions in regards to Proof Point or Mimecast: · why you picked one over the other, · if you switched from one to the other why, · what you like best of either, or · most importantly what you didn’t like. Also is there another product/service you prefer that would be great to know. A little about our environment: For the last 30 days, our average daily email stats look like: email sent: 11,855 email received: 92,692 total mailboxes: 17,000 active mailboxes: 8,168 We use Office365 Exchange with A1 licensing. Currently our heaviest attack vector is Email (with IMAP password discovery, discovered during our POC with Proof Point) with Alumni accounts being compromised most often. Regards, *Allen A. Snook - CISSP* Director of Information Security CCNP [image: cid:part2.C84B68C8.50548032@messiah.edu] One College Avenue Suite 3055 Mechanicsburg PA 17055 Tel: (717) 766-2511 x6790 Fax: (717) 796-5246 Cell: (717) 439-0025-- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University
-- ============================================= Alexandre Magno Adão Interim Chief Information Security Officer Morgan State University (CGW 300k) Division of Information Technology (DIT) 443-885-4415 Office 443-803-3154 Cell <http://www.morgan.edu> ------------------------------ Date: Fri, 24 May 2019 13:34:29 -0700 From: Gene LeDuc <gleduc () SDSU EDU> Subject: Re: [EXTERNAL] [SECURITY] SecureLink vs VPN for privileged vendor access We've been using SecureLink for vendor access for a few years and are pretty happy with it. It is on the pricey side, though. My users really like the ability to replay RDP and SSH sessions so they can see what kind of pixie dust the vendor uses to fix the problem. We only allow campus-affiliated users to have VPN access. Gene On 5/24/19 11:55 AM, Colin Abbott wrote:
Hi, As part of our Banner 9 transformation project we are engaging with Ellucian professional services to provide some support. Their new model is that they are refusing to use a client’s VPN and instead forcing the clients to use SecureLink. (https://www.securelink.com/) A quick look at SecureLink it looks pretty interesting, especially the level of audit and notifications when vendors access your systems. Is anyone using this with Ellucian or has anyone implemented it as a solution for vendor access? Has anyone already done an in-depth security assessment of the product? Thanks Colin Abbott, CISSP, CCSP | IT Security Architect | McGillUniversity | Network and Communication Services| 514-398-5070
-- Gene LeDuc | You can tell the greatness of a man by Technology Security | what makes him angry. San Diego State University | --Abraham Lincoln ------------------------------ End of SECURITY Digest - 23 May 2019 to 24 May 2019 (#2019-93) **************************************************************
Current thread:
- Training and Compliance Portal Pardonek, Jim (May 24)
- Re: Training and Compliance Portal Eric Epps (May 28)
- <Possible follow-ups>
- Re: Training and Compliance Portal Conlee, Keith (Jun 26)
- Re: Training and Compliance Portal Neal O'Farrell (Jun 26)
- Re: Training and Compliance Portal Eric Epps (Jun 26)