Re: Azure/O365 roles for InfoSec staff

["Jim A. Bole" <jbole () STEVENSON EDU>]

Jose,

The Security Administrator role in O365 has provided me most of what I need access to in Office365/Azure. I also have 
User administrator privileges. As a one-man show, I do a wide range of infosec jobs: IR, compliance, etc.

One role to look at is Service Support Administrator. This allows me to open cases with Microsoft for any security 
issues. Also allows me to view health.

I don’t have any Exchange admin permissions, which means I can’t do some functions such as message tracing. I’ve been 
able to a lot of work around email with other tools, including audit logs and content search.

Jim Bole
Director of Information Security
Stevenson University
1525 Greenspring Valley Road
Stevenson, MD, 21153-0641
jbole () stevenson edu | O: 443-334-2696



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of José A. Domínguez
Sent: Thursday, May 7, 2020 1:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Azure/O365 roles for InfoSec staff

Hello everyone. I wanted to understand what other institutions are doing regarding Information Security roles for cloud 
services like Azure/O365, AWS, Google cloud. My initial interest if for Azure/O365. I have built a crosswalk of 
security-related roles which has been attached to this message.

Let me help set things in the right context. Our Information Security Office (ISO) reports directly to the CIO and it 
has two main groups:

Information Security Services - ISS​
    - Incident Response​
    - Vulnerability Management​
    - Threat Defense​
    - Monitoring, Alerting, Intel Sharing​
    - Investigations​
    - Tools & resource management​
    - CSOC​

Information Security Compliance - ISC​
    - Policies, standards, guidelines​
    - Assessments​
    - Awareness & Training​
    - Application security​
    - Process security ​
    - Risk & Compliance (DFARs, GLBA, GDPR, HIPAA, FERPA, NIST, PCI)​
    - Cybersecurity Metrics program​

Our Identity Management team is part of a different group within the organization and they also manage Active Directory 
services and the Azure/O365 services. What we are trying to figure out is what kind of roles are being assigned to the 
different ISO staff members.

We are also curious as to what are the current Microsoft portals that you use for your day to day operations? What kind 
of licenses are assigned to your user community and your Infosec staff. We are setting up a SIEM connector for Arcsight 
to help collect some data and want to make sure we are doing this in a consistent and sane manner.

I have added a list of helpful URLs we have been using but if you know of others please share them too.

How do things work at your your organizations. What does your InfoSec function interacts with other groups? How about 
roles and responsibilities.

You can reply within this thread or to me directly. Whether you reply directly to me or within the thread, please let 
me know if the information can be used on a comparisons' table. All data and sources will be anonymized.

Thank you everyone,

José.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community