Security Musketeers: Summer Edition
By Joanna Lyn Grama, EDUCAUSE
This blog post is cross-posted at the EDUCAUSE, Internet2, and REN-ISAC websites and is an update on security collaborations between the three organizations during the third quarter of 2016.
As we mentioned last quarter, EDUCAUSE, Internet2, and REN-ISAC staff members meet regularly to share information and discuss information security collaboration at a high level, and individually we collaborate on projects and initiatives. Our organizations have been very busy this summer, and today's blog post provides an update on our "fun in the sun" third-quarter activities:
- Our main activity over the summer has been continuing work on our joint cloud security assessment project. The first phase of the project to create a higher education–specific cloud security questionnaire is nearly complete. Thanks to the many hours of conversation and dedicated work of our volunteers, we anticipate publishing the completed assessment before the end of the month. Phase II of the project, which is to review and define a proof-of-concept sharing infrastructure, will start in early 2017.
- EDUCAUSE and REN-ISAC staff and member volunteers participated in several sessions at the Internet2 Technology Exchange conference in September. Numerous conversations on information security technologies, threats, and innovations took place. Attendees also explored issues of diversity and inclusion in information security.
- Individually we have heard from several campuses that are creating security operations centers (SOC) or working with other institutions to create shared SOCs. Several large campuses already have SOCs, but many campuses do not have formal SOCs. We discussed if it would be valuable for the community to have some shared resources describing how to create a SOC on campus or outsource these operations. We also discussed how shared SOCs might make it easier to share threat intelligence. EDUCAUSE will follow up with HEISC working groups to provide direction on needed resources.
- EDUCAUSE opened a call for proposals (CFP) for the 2017 Security Professionals Conference, "Acknowledge the Past, Assess the Present, Anticipate the Future," named to honor the conference's 15th anniversary. Responses to the CFP are due November 14, and we all agreed that we will encourage our respective members to submit proposals. In addition, the CFP form was modified so that members can indicate their memberships in EDUCAUSE, Internet2, and REN-ISAC so that affiliation information can be highlighted in the conference program.
- EDUCAUSE hosted two virtual events that we all helped promote: The business continuity and disaster recovery online event on September 20 and the September 29 "coffee chat" with NIST Fellow Ron Ross regarding the new NIST special publication 800-171.
- REN-ISAC recently went into production with a passive DNS (pDNS) service, which was the focus of a session at I2 Tech Ex in Miami. This service is available to all higher education institutions, and campuses are being recruited to participate in the service.
- In response to discussion in the community, Keith Hartranft and Colin Foley of Lehigh University presented a webinar entitled "School of Phish: Sink & SIEM to Seal Leaking Credentials," describing some creative angling techniques to Sink, SIEM, and seal up those leaking credentials and perhaps even lure the Phishers themselves into our nets. The webinar had over 100 attendees and a recording is available from REN-ISAC.
Finally, we all discussed how good it is to have data about the state of information security programs in higher education. To that end, we agreed to encourage our respective members to participate in the EDUCAUSE Core Data Service (CDS) survey and complete the Information Security Module. This year's module has some new questions, particularly in the identity and access management category, that were created as a result of collaborations by this group of "security musketeers."
It is very important that institutions complete the information security module before this year's due date (November 4). CDS offers a number of modules to complete each year, but these modules rotate in and out of the survey so that they can be refreshed regularly. The information security module will not be offered in 2017 as part of the content refresh strategy. So, institutions are especially encouraged to contribute data this year. Having access to this data is critical for our information security collaborations—to help inform the types of materials we create and to help make the case for higher education information security.
Our ongoing conversations continue to be fruitful, and we hope that our collaboration and coordination ensures that we are utilizing our community resources in a manner that best serves us all. If you have any suggestions or feedback, please let us know! We're always interested in hearing from the community. You can contact us individually or at firstname.lastname@example.org.
Joanna Lyn Grama is director of cybersecurity and IT GRC programs for EDUCAUSE.
© 2016 Joanna Lyn Grama. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.