As campuses deploy or identify cloud services in use, they need to ensure the cloud services are appropriately assessed. Many campuses have established a cloud security assessment methodology and have the resources to assess many of their cloud services, but few campuses have sufficient resources to assess all cloud services. A HEISC working group was formed with EDUCAUSE, Internet2, and REN-ISAC members to develop the Higher Education Cloud Vendor Assessment Tool (HECVAT), which was published in late 2016. Please join the creators of this tool to discuss goals for the HECVAT, how the tool was developed, and how to adopt the tool and integrate it into your institution's security assessment process. This is a deep dive/advanced level session.
Outcomes: Learn about the working group and how to participate in higher ed shared assessments * Learn about implementing the HECVAT at your institution * Gain insight into future efforts of the working group and how to contribute to them
Presenters
Jon Allen
Associate Vice President CIO & CISO, Baylor University
Charlie Escue
Information Security Manager, Indiana University
Nick Lewis
Program Manager, Security and Identity, Internet2
Mitch Parks
Chief Information Security Officer, University of Idaho
Laura Raderman
Policy and Compliance Coordinator, Carnegie Mellon University