Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Suggestion for use/modification to HECVAT

From: Richard Gould <Richard.Gould () ASU EDU>
Date: Fri, 20 Dec 2019 17:39:49 +0000
All,
Any thoughts or alternatives to the idea of adding two columns in the Analyst Report to show the original Vendor score 
and the Analyst score.
The Analyst score would be based on the overrides provided in  column G typically rows 31 and beyond, which should have 
documentation on why the Analyst is overriding the Vendor score.
We would also add a feature to easily add override rows for the analyst for any entry that the vendor provided.

The goal is to show the vendors response and the resultant grade then document the analysts review with documentation.  
This will provide us a document that we can refer to for the periodic reviews and if any issues come up.
Our analyst overrides or comments are necessary as they are specific to the context, and contract specifics of the 
project and the data.

How do you handle the particulars of accepting or rejecting response lines?  We dicussed using an additional document 
but rejected as keeping the two documents matched up would cause us more work when performing annual reviews.

My apologies if this has already been discussed.



VENDOR

ANALYST
Report Sections
Max_Score
Score
Score %
Score
Score %
Documentation
100
0
0%
0
0%
Company
115
0
0%
0
0%
Application Security
110
0
0%
0
0%
Authentication, Authorization, and Accounting
100
0
0%
0
0%
Business Continuity
55
0
0%
0
0%
Change Management
80
0
0%
0
0%
Data
225
0
0%
0
0%
Database
80
0
0%
0
0%
Datacenter
160
0
0%
0
0%
Disaster Recovery
70
0
0%
0
0%
Firewalls, IDS, IPS, and Networking
140
0
0%
0
0%
Physical Security
80
0
0%
0
0%
Policies, Procedures, and Processes
160
0
0%
0
0%
Systems Management & Configuration
30
0
0%
0
0%
Vulnerability Scanning
80
0
0%
0
0%
Overall Score
F
0
0.00%
0
0.00%

Best Regards,
Rick

Richard (Rick) Gould
Director, Research Technology Operations
ASU Knowledge Enterprise
Advancing Research, Entrepreneurship and Economic Development
Research Technology Office
researchmatters.asu.edu<https://researchmatters.asu.edu> | research.asu.edu<https://research.asu.edu>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: