Educause Security Discussion mailing list archives
Re: Azure/O365 roles for InfoSec staff
From: "Jim A. Bole" <jbole () STEVENSON EDU>
Date: Thu, 7 May 2020 13:01:29 +0000
Jose, The Security Administrator role in O365 has provided me most of what I need access to in Office365/Azure. I also have User administrator privileges. As a one-man show, I do a wide range of infosec jobs: IR, compliance, etc. One role to look at is Service Support Administrator. This allows me to open cases with Microsoft for any security issues. Also allows me to view health. I don’t have any Exchange admin permissions, which means I can’t do some functions such as message tracing. I’ve been able to a lot of work around email with other tools, including audit logs and content search. Jim Bole Director of Information Security Stevenson University 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu | O: 443-334-2696 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of José A. Domínguez Sent: Thursday, May 7, 2020 1:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Azure/O365 roles for InfoSec staff Hello everyone. I wanted to understand what other institutions are doing regarding Information Security roles for cloud services like Azure/O365, AWS, Google cloud. My initial interest if for Azure/O365. I have built a crosswalk of security-related roles which has been attached to this message. Let me help set things in the right context. Our Information Security Office (ISO) reports directly to the CIO and it has two main groups: Information Security Services - ISS - Incident Response - Vulnerability Management - Threat Defense - Monitoring, Alerting, Intel Sharing - Investigations - Tools & resource management - CSOC Information Security Compliance - ISC - Policies, standards, guidelines - Assessments - Awareness & Training - Application security - Process security - Risk & Compliance (DFARs, GLBA, GDPR, HIPAA, FERPA, NIST, PCI) - Cybersecurity Metrics program Our Identity Management team is part of a different group within the organization and they also manage Active Directory services and the Azure/O365 services. What we are trying to figure out is what kind of roles are being assigned to the different ISO staff members. We are also curious as to what are the current Microsoft portals that you use for your day to day operations? What kind of licenses are assigned to your user community and your Infosec staff. We are setting up a SIEM connector for Arcsight to help collect some data and want to make sure we are doing this in a consistent and sane manner. I have added a list of helpful URLs we have been using but if you know of others please share them too. How do things work at your your organizations. What does your InfoSec function interacts with other groups? How about roles and responsibilities. You can reply within this thread or to me directly. Whether you reply directly to me or within the thread, please let me know if the information can be used on a comparisons' table. All data and sources will be anonymized. Thank you everyone, José. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Azure/O365 roles for InfoSec staff José A . Domínguez (May 06)
- Re: Azure/O365 roles for InfoSec staff Jim A. Bole (May 07)