EDUCAUSE, Internet2, and REN-ISAC continue to actively collaborate on projects and to update each other on their activities.
Since the last EDUCAUSE, Internet2, and Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) partnership blog post [https://www.internet2.edu/blogs/detail/17052] in February, our three organizations have continued to actively collaborate on projects and to update each other on our activities. During an EDUCAUSE Security Professionals Conference presentation by me (Internet2), Todd Herring (REN-ISAC), and Brian Kelly (EDUCAUSE), we heard that parts of the higher education information security and privacy community are unaware of our coordination, so we're going to continue to publish blog posts and present updates at conferences for the community.
One of the pieces of feedback we received on our presentation was that we should stop using so many acronyms and that we should provide more examples of how campuses can benefit from our collaborations. Information security is rife with abbreviations, acronyms, and shorthand, but these shortcuts do create communication difficulties, so we'll keep that in mind for future blog posts and presentations. (Even during the writing and editing of this blog post, we caught ourselves using acronyms!)
There are a number of ways in which campuses benefit from our collaborations where we try to coordinate who's leading community activities and where we can more effectively help each other. For example, when we hear that someone in the community has a question, we know who can answer the question the most efficiently, and we can help to connect the two parties. We also continue to participate in each other's working groups and advisory boards to facilitate coordination across the higher education community. This cross-participation reduces duplicate efforts and ensures that we effectively engage with the community on the most important issues. We also continue to meet monthly to coordinate these activities and share what we're working on with the higher education information security and privacy community.
During our coordination calls over the last six months, we have discussed major projects, new resources, organizational updates, and future plans. Some of the efforts we've shared recently include the following:
- EDUCAUSE Security Professionals Conference
- National Cybersecurity Awareness Month
- Coordination with National Cyber Security Alliance on an updated blog post [https://staysafeonline.org/blog/multi-factor-authentication-deployment-higher-education/] about multifactor authentication (MFA) adoption in higher education as part of National Cybersecurity Awareness Month
- The integration of the Higher Education Information Security Council (HEISC) working groups with EDUCAUSE Community Groups and the selection of new co-chairs
- The EDUCAUSE Information Security Almanac 2019 (with 2018 Core Data Service data)
- CyberRISK Workshop for Minority Serving Institutions
- Internet2 NET+ Splunk town hall and monthly user group call [https://www.internet2.edu/blogs/detail/17271]
- Splunk REN-ISAC App discussion
- InCommon training and education
- InCommon baseline expectations
- Internet2's work [https://www.internet2.edu/blogs/detail/16921] on inter-domain routing security (Mutually Agreed Norms for Routing Security [MANRS])
- Internet2 webinars on Internet Routing Registry (IRR) and Resource Public Key Infrastructure (RPKI)
- Internet2 IPv6 Remote Triggered Blackhole Filtering (RTBH) support
- REN-ISAC's new peer assessment program
- REN-ISAC's new version of Security Event System (SES) [https://www.ren-isac.net/member-resources/SES/index.html]
- REN-ISAC working groups
EDUCAUSE, Internet2, and REN-ISAC also coordinate on the Higher Education Cloud Vendor Assessment Tool (HECVAT) community resource by providing staff support to the campuses participating in the working group. As part of the HECVAT workshop and presentation at the 2019 Security Professionals Conference, we received feedback on the HECVAT and how we can improve engagement with the community to encourage broad adoption of this tool. We received valuable feedback during our joint workshop at the EDUCAUSE Annual Conference on "Strategies for Streamlining Security Assessments Using the HECVAT." We also presented a "Shared Cloud Security Assessments Working Group Update 2019" during the EDUCAUSE Annual Conference. We're going to use this feedback in planning for the next phase for the HECVAT work group.
If you have any questions or feedback about how we collaborate or suggestions for future areas of collaboration, please reach out to us!
For more information about information security governance, compliance, data protection, and privacy programs, please visit the EDUCAUSE Review Security Matters blog as well as the Cybersecurity Program page.
Nick Lewis is Program Manager for Security and Identity at Internet2.
© 2019 Nick Lewis. The text of this work is licensed under a Creative Commons BY-NC-ND 4.0 International License.