EDUCAUSE, Internet2, and REN-ISAC Coordination Update: Fall 2019

min read

EDUCAUSE, Internet2, and REN-ISAC continue to actively collaborate on projects and to update each other on their activities.

handshake with background symbols of a pie chart, plug, and lightbulb
Credit: Max Griboedov / © 2019

Since the last EDUCAUSE, Internet2, and Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) partnership blog post [] in February, our three organizations have continued to actively collaborate on projects and to update each other on our activities. During an EDUCAUSE Security Professionals Conference presentation by me (Internet2), Todd Herring (REN-ISAC), and Brian Kelly (EDUCAUSE), we heard that parts of the higher education information security and privacy community are unaware of our coordination, so we're going to continue to publish blog posts and present updates at conferences for the community.

One of the pieces of feedback we received on our presentation was that we should stop using so many acronyms and that we should provide more examples of how campuses can benefit from our collaborations. Information security is rife with abbreviations, acronyms, and shorthand, but these shortcuts do create communication difficulties, so we'll keep that in mind for future blog posts and presentations. (Even during the writing and editing of this blog post, we caught ourselves using acronyms!)

There are a number of ways in which campuses benefit from our collaborations where we try to coordinate who's leading community activities and where we can more effectively help each other. For example, when we hear that someone in the community has a question, we know who can answer the question the most efficiently, and we can help to connect the two parties. We also continue to participate in each other's working groups and advisory boards to facilitate coordination across the higher education community. This cross-participation reduces duplicate efforts and ensures that we effectively engage with the community on the most important issues. We also continue to meet monthly to coordinate these activities and share what we're working on with the higher education information security and privacy community.

During our coordination calls over the last six months, we have discussed major projects, new resources, organizational updates, and future plans. Some of the efforts we've shared recently include the following:

EDUCAUSE, Internet2, and REN-ISAC also coordinate on the Higher Education Cloud Vendor Assessment Tool (HECVAT) community resource by providing staff support to the campuses participating in the working group. As part of the HECVAT workshop and presentation at the 2019 Security Professionals Conference, we received feedback on the HECVAT and how we can improve engagement with the community to encourage broad adoption of this tool. We received valuable feedback during our joint workshop at the EDUCAUSE Annual Conference on "Strategies for Streamlining Security Assessments Using the HECVAT." We also presented a "Shared Cloud Security Assessments Working Group Update 2019" during the EDUCAUSE Annual Conference. We're going to use this feedback in planning for the next phase for the HECVAT work group.

If you have any questions or feedback about how we collaborate or suggestions for future areas of collaboration, please reach out to us!

For more information about information security governance, compliance, data protection, and privacy programs, please visit the EDUCAUSE Review Security Matters blog as well as the Cybersecurity Program page.

Nick Lewis is Program Manager for Security and Identity at Internet2.

© 2019 Nick Lewis. The text of this work is licensed under a Creative Commons BY-NC-ND 4.0 International License.