Exploring the Future of Cloud Vendor Security Assessments

Wednesday, October 25, 2017

12:00 PM


Slides: Available as PDF

Audience:[1]: Public [Pb]

Assessing vendor risk and security posture continues to be a time-consuming effort for many security professionals in higher education. Although many campuses commit resources to the highest priority assessments, few are able to assess all cloud services that host institutional data. To explore the potential for collaborative risk security assessments, a HEISC working group was formed with EDUCAUSE, Internet2, and REN-ISAC members to develop the Higher Education Cloud Vendor Assessment Tool (HECVAT), published in late 2016. Please join Charles to discuss the origin and goals of the HECVAT, how the community
will guide future development, how to leverage the HECVAT for beginning and existing security assessment programs, and discover ways to contribute.


Charles Escue is a Lead Security Analyst with the University Information Security Office, protecting institutional data by conducting IT security reviews, third-party risk/security assessments, and IT policy implementation. Escue previously served with Campus Network Infrastructure and IT Community Partnerships and has more than 10 years of IT experience at IU.


[1] Information Sharing Guidance: TechBursts marked with "MG" are open to members and hosted trusted guests of members. Because access to MG TechBursts require authentication with a REN-ISAC userid and password, guests must view the webcast with the member present. One marked "Pb" are open to the public (link). Ones not marked with MG or Pb are available to members only.