As more people join the higher education information security community or start new responsibilities around cloud security for SaaS services or cloud vendor risk management, they need an introduction to how to assess the security of SaaS cloud services. A key part of this assessment is HECVAT. This workshop will be an introduction to using HECVAT across your campus to manage risk around SaaS cloud services. We’ll discuss tactical and strategic aspects to include in these efforts.
This year, we’ll do breakouts based on institution size to help you work with the group to identify the next strategic and tactical steps for developing your cloud security assessments program, using HECVAT as a standard assessment tool in your campus process. We’ll scale the discussion from one-person security offices to larger programs! We’ll have an additional exercise focusing on choosing a specific area of cloud vendor risk management to improve on your campus. We’ll ask for questions in advance of the workshop to frame the discussion.
