Do They Measure Up? Assessing the Security Posture of Third-Party Service Providers

Tuesday, April 05 | 11:45AM–12:45PM | Travis AB/Third Level
Session Type: Professional Development, SEC11
In these days of outsourcing, SaaS, and clouds, higher education is increasingly turning to third parties to host institution-owned data to gain efficiencies and reduce cost. But how do we assess the incremental risk of engaging third parties to host our data? How can we ensure that adequate security practices are in place prior to finalizing any contractual agreement? This session will introduce a general strategy and several tools already in use for prequalifying and auditing third parties and provide a roadmap of how one institution dealt with these issues.

Presenters

  • David Escalante

    Director of Computer Security, Boston College

  • Shirley Payne

    AVP for Information Security, Policy & Records (Retired), University of Virginia

  • Kevin Savoy

    Director of Information Technology Audits, University of Virginia

  • Miguel Soldi

Resources & Downloads

http://educause.mediasite.com/Mediasite/Play/71cb1ef8cded4d2f97f77ec3ac10de291d

Audio of Session
23 MB, MP3 Audio
Uploaded on 09/08/2013
SEC2011 Third-Party Assessments slides.pdf
1 MB, PDF
Uploaded on 04/09/2011