All for One, One for All: Security Musketeers
As a community, we have had a busy couple of months with very successful events at the EDUCAUSE Security Professionals Conference, the Internet2 Global Summit, and the REN-ISAC Member Meeting. These events allowed us to catch up with the higher education information security community and with each other. One thing we realized is that we need to do a better job across our three organizations to update the community on how we're coordinating to improve higher education information security.
EDUCAUSE, Internet2, and REN-ISAC actively meet to share information and discuss collaboration at a high level, and individually we collaborate on projects and initiatives. Much of this goes on behind the scenes—we typically don't notify you about the collaboration, but you see the results of it:
- Participation in each other's working groups and activities
- The creation of joint working groups to address special initiatives
- Joint presentations at other events to promote the higher education information security profession
- Working together to bring special events to the community (like the FBI classified threat briefing at the 2016 Security Professionals Conference)
This blog provides an update on our last collaboration call. Some of the significant and relatively mundane activities we discussed (though some of us think that our conversations are never mundane) include:
- A new joint working group is forming to work on shared cloud security assessments. Participation includes security practitioners from higher ed and representation from all of our organizations.
- Based on sessions and interest at the Security Professionals Conference and Global Summit, Science DMZ and researcher security is a hot topic. We discussed what resources are available and in development, as well as what the community might additionally need. Nick is working on a blog post on NET+ AWS security for researchers.
- For this fall's Technology Exchange, Internet2 is planning a gender and diversity in information security panel. EDUCAUSE was happy to pitch in some related resources from their 2016 research on the IT workforce, and REN-ISAC agreed to participate.
- EDUCAUSE updated the Core Data Service (CDS) Information Security module based on feedback from REN-ISAC and Internet2 colleagues as well as others in the community. The CDS will include these updates in future surveys. The updated module has new benchmarking and planning capabilities that can help an institution identify areas where it can improve in information security program maturity.
- The group discussed what resources are available and under development regarding ransomware, which has bubbled up as a major threat in 2016. Nick recently wrote a blog post about ransomware threats and how to prevent them.
- We discussed coordinating with other sector information sharing and analysis centers (ISACs) and learned a bit about the complex political world of ISACs from our colleagues at REN. Some member institutions participate in more than one ISAC, as higher education institutions have operations that cross boundaries. Our networks make us unique, and many of our institutions are like small cities. Other ISACs can provide valuable resources but may not be aware of the nuances of higher education.
- We discussed the REN-ISAC Friday Pulse survey and other surveys of the community used to measure current issues and hot topics.
- EDUCAUSE reminded us about an August 3 virtual event focusing on contingency planning in higher education, which will include an abbreviated tabletop exercise. (We can't wait to see how our friends at EDUCAUSE are going to make that happen!)
In the past, our discussions and coordination have been wide-ranging, covering topics such as the security of the Internet2 network, TIER, the RSA Conference, coordination with government agencies, and many others. This collaboration and coordination is important to ensure we're most effectively utilizing our community resources and our time.
If you have any suggestions or feedback, please let us know! We're always interested in feedback. You can contact us individually or at email@example.com.
This blog post is cross-posted at the EDUCAUSE, Internet2, and REN-ISAC websites.