Azure/O365 roles for InfoSec staff

[José A. Domínguez <jad () UOREGON EDU>]

Hello everyone. I wanted to understand what other institutions are doing
regarding Information Security roles for cloud services like Azure/O365,
AWS, Google cloud. My initial interest if for Azure/O365. I have built a
crosswalk of security-related roles which has been attached to this message.

Let me help set things in the right context. Our Information Security
Office (ISO) reports directly to the CIO and it has two main groups:

Information Security Services - ISS​
    - Incident Response​
    - Vulnerability Management​
    - Threat Defense​
    - Monitoring, Alerting, Intel Sharing​
    - Investigations​
    - Tools & resource management​
    - CSOC​

Information Security Compliance - ISC​
    - Policies, standards, guidelines​
    - Assessments​
    - Awareness & Training​
    - Application security​
    - Process security ​
    - Risk & Compliance (DFARs, GLBA, GDPR, HIPAA, FERPA, NIST, PCI)​
    - Cybersecurity Metrics program​

Our Identity Management team is part of a different group within the
organization and they also manage Active Directory services and the
Azure/O365 services. What we are trying to figure out is what kind of
roles are being assigned to the different ISO staff members.

We are also curious as to what are the current Microsoft portals that
you use for your day to day operations? What kind of licenses are
assigned to your user community and your Infosec staff. We are setting
up a SIEM connector for Arcsight to help collect some data and want to
make sure we are doing this in a consistent and sane manner.

I have added a list of helpful URLs we have been using but if you know
of others please share them too.

How do things work at your your organizations. What does your InfoSec
function interacts with other groups? How about roles and responsibilities.

You can reply within this thread or to me directly. Whether you reply
directly to me or within the thread, please let me know if the
information can be used on a comparisons' table. All data and sources
will be anonymized.

Thank you everyone,

José.


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Attachment: Role Groups in O365.pdf
Description:

Attachment: Portals and Admin Centers Links.pdf
Description:

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature