Jan 2022: Populating the HECVAT as an Academic Research Provider - Representing Your Security Posture For Your Higher-Ed Information Security Partners
To read more about our engagement with OSC and Trusted CI's contribution to the HECVAT, see our recent blog post.
At one time, higher-ed was the requestor of HECVAT's - now we are being called to populate them for our peers. The Higher Education Community Vendor Assessment Toolkit (HECVAT) has become the de facto standard for vendor risk and security assessment in higher education and the number of universities around the globe using the HECVAT in their assessment process is well into the hundreds. As researchers, and those in the academic mission, consume services of academic research providers (e.g., the Ohio Supercomputer Center, OSC), and thus sharing institutional data, their security offices are increasingly conducting security and risk assessment of these providers to ensure they are meeting the risk tolerance of their institution.
Taking a proactive approach to mitigate unnecessary burden in this space, Trusted CI lead an engagement looking to provide response guidance for these academic research service providers on how to properly represent the security state(s) of their environment. Join Kyle Earley, High Performance Computing Security Engineer from the Ohio Supercomputer Center and Charlie Escue, Information Security Manager at Indiana University and co-chair of EDUCAUSE's HECVAT Users Community Group, as they discuss this collaboration and the tangible guidance that was produced during the engagement.
Speaker Bios:
Charles Escue manages Indiana University's Extended Information Security (EIS) team, a pioneering effort focused on improving university incident remediation capabilities and the handling of imminent threats, beyond the scope of our traditional security office. With over fourteen years of information technology (IT) experience at Indiana University, Charles proudly leads and contributes his expertise as co-chair of EDUCAUSE's HECVAT Users Community Group.
Kyle Earley serves as the High Performance Computing Security Engineer for the Ohio Supercomputer Center (OSC). He is the single security resource for the center covering everything from day-to-day security operations to specific engagements and audits. Kyle graduated with a bachelor's degree in Management of Information Systems Enterprise Security from Georgia Southern University. Prior to his time at OSC, he worked for Accenture on a wide array of projects from Department of Defense (DoD) contracts to Fortune 500 clients, last serving as a Senior Security Analyst in the consulting track.