Re: [External] Re: [SECURITY] Top 3 "hot topics" for CYBERSECURITY

["Foss, Henry L. 'Hank'" <fossh () SACREDHEART EDU>]

Our top two are:

  1.  BCP/DR
  2.  MFA


And just behind those are:

  1.  User awareness training
  2.  Aligning to the CIS Critical Security Controls

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Gregg, 
Christopher S.
Sent: Thursday, September 9, 2021 9:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] [External] Re: [SECURITY] Top 3 "hot topics" for CYBERSECURITY

Nathan's Top 2 below are right up there for us, along with:

3a. Growing requirements and expectations around privacy (and privacy related compliance).  For small to medium sized 
universities like ours, there is not a separate privacy function so security seems to be the default landing spot.

3b. Vendor management and risk assessment.  Since more and more we don't host the systems being used by our university, 
tracking, managing, and assessing the risk of our IT vendors has become critical and never ending.  This can be related 
to ransomware since our vendors can be affected by ransomware as well, or contribute to our vulnerability to it.

I would also call out the 2021 EDUCAUSE Horizon Report : Information Security Edition from February that contains a lot 
of information on security trends and forecasts:  
https://library.educause.edu/resources/2021/2/2021-educause-horizon-report-information-security-edition

Thanks,

Chris


Chris Gregg
Associate Vice President of Information Security & Risk Management, CISO
Innovation & Technology Services (ITS)
csgregg () stthomas edu<mailto:csgregg () stthomas edu>
p 1 (651) 962-6265
University of St. Thomas | stthomas.edu<https://www.stthomas.edu/>



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Nathan Phillips
Sent: Wednesday, September 8, 2021 6:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [External] Re: [SECURITY] Top 3 "hot topics" for CYBERSECURITY


these are my top two

1. Protecting against Ransomware (or rather, are we truly protected, which includes having cyberinsurance)
2. Preparing for NIST 800-171 to be required

and can we do the above without extra expense? (i.e., is security a bottomless pit?)

-Nathan

--------------------------------------------------------
Nathan Phillips, CIO (he/him)
American College of Healthcare Sciences
Portland, Oregon
--------------------------------------------------------


On Wed, Sep 8, 2021 at 4:11 PM June Klein <june () kleinnet com<mailto:june () kleinnet com>> wrote:
Hi everyone,

We are embarking on our second Cybersecurity Assessment and the
Finance/Risk Committee of the board is asking what other universities
think are the "hot topics" for cybersecurity in Universities.  If you
can send those to me, I would be grateful so we can make sure we a)
report back to the Board of Trustees what I found out from all of you,
and b) that we include this in our upcoming Cybersecurity Assessment.

Thank you.

- Dr. June Rumiko Klein
Vice President for Business Affairs and Chief Financial Officer

--
Dr. June Rumiko Klein
Vice President for Business Affairs and Chief Financial Officer
Palo Alto University
email:  june () kleinnet com<mailto:june () kleinnet com>
Cell:   650-740-8968                       FAX:    650-856-2430

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Ccsgregg%40STTHOMAS.EDU%7C2ad1bc17168f411ed23408d9732300e7%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C637667416586012394%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=6hKLny6jSNVIVMkhJW7yhz9uURWC3QgfehH6Ofeo9lo%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Ccsgregg%40STTHOMAS.EDU%7C2ad1bc17168f411ed23408d9732300e7%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C637667416586012394%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=6hKLny6jSNVIVMkhJW7yhz9uURWC3QgfehH6Ofeo9lo%3D&reserved=0>
The sender of this email is external to Sacred Heart University. Do not click any links unless you know and trust the 
sender.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community