Join Us at EDUCAUSE CPP Conference - Early Registration Ends 3/22

Trusted CI will be presenting at the 2022 EDUCAUSE Cybersecurity and Privacy Professionals Conference on May 3 - 5th in Baltimore, MD. The CPPC is “the premier forum for connecting with higher education information security and privacy professionals.” Early registration for this conference ends Tuesday, March 22nd. Trusted CI’s Ishan Abhinit, Kathy Benninger, and Mark Krenz will be participating in the sessions listed below. We are looking forward to seeing you at this exciting event!

Training: Security Log Analysis
Tuesday, May 03 | 8:30AM–12:00PM ET
Presenters: Ishan and Mark
The security log analysis workshop walks participants through the security log analysis life cycle, providing considerations for centralized log collection and log management tools, phases of compromise, and examples from real attacks. We will be analyzing logs from Zeek Network Security Monitor, the Apache web server, two-factor authentication systems, cloud service logs, and others. This workshop also includes a hands-on exercise that will demonstrate techniques to analyze logs to detect security incidents using both the command line and Elastic Stack (aka ELK). The hands-on exercise will provide an overview of investigation techniques to determine security incident logs of some common attacks like SQL injection, filesystem traversal, brute force attacks, command-line injection, and more. Recent security vulnerabilities, such as log4shell, will also be discussed, along with techniques for detection. This will be an interactive session allowing Q&A and will also feature interactive polls to enhance participants' learning experience.

Training: Security in the Shell (or, How I Learned to Think Before Forking)
Tuesday, May 03 | 1:00PM–4:30PM ET
Presenters: Ishan and Mark
Although it is one of the oldest technologies in IT, the command line and terminal emulators continue to be in wide use for modern IT needs. Although people may think of these technologies as having a solid security footing, there are a number of ways someone can shoot themselves in the foot while using them, and I'm not just talking about running "rm -fr /". In this workshop, Mark Krenz, the creator of the popular Twitter account climagic, will demonstrate these and guide students through how to practice better command line security, from understanding the metadata that is generated by your favorite editor to knowing how to exploit SSH, knowing how to protect yourself when checking malware, and much more. There is something for everyone in this workshop, and you are sure to come away with a plethora of job-saving tips.

Breakout session: Security Recommendations for Science DMZs
Wednesday, May 04 | 10:45AM–11:30AM ET
Presenters: Ishan, Kathy, and Mark
A Science DMZ is a special network architecture designed to improve the speed at which large science data transfers can be made. They have become a common solution to the issue of busy academic networks causing slowdowns or failures of large data transfers. A new paper published by Trusted CI on the security of Science DMZs provides an overview of this type of network architecture, summarizing the current best practice cybersecurity risk mitigations as well as providing additional security recommendations. This session is a brief introduction to the Science DMZ concept and presents an overview of the mitigations documented in the paper.

Trusted CI Webinar: Populating the HECVAT as an Academic Research Provider, January 24th @11am EST

Indiana University's Charles Escue and Ohio Supercomputer Center's Kyle Earley are presenting the talk, Populating the HECVAT as an Academic Research Provider - Representing Your Security Posture For Your Higher-Ed Information Security Partners, on Monday January 24th at 11am (Eastern).

Please register here.

To read more about our engagement with OSC and Trusted CI's contribution to the HECVAT, see our recent blog post.

At one time, higher-ed was the requestor of HECVAT's - now we are being called to populate them for our peers. The Higher Education Community Vendor Assessment Toolkit (HECVAT) has become the de facto standard for vendor risk and security assessment in higher education and the number of universities around the globe using the HECVAT in their assessment process is well into the hundreds. As researchers, and those in the academic mission, consume services of academic research providers (e.g., the Ohio Supercomputer Center, OSC), and thus sharing institutional data, their security offices are increasingly conducting security and risk assessment of these providers to ensure they are meeting the risk tolerance of their institution.

Taking a proactive approach to mitigate unnecessary burden in this space, Trusted CI lead an engagement looking to provide response guidance for these academic research service providers on how to properly represent the security state(s) of their environment. Join Kyle Earley, High Performance Computing Security Engineer from the Ohio Supercomputer Center and Charlie Escue, Information Security Manager at Indiana University and co-chair of EDUCAUSE's HECVAT Users Community Group, as they discuss this collaboration and the tangible guidance that was produced during the engagement.

Speaker Bios: 

Charles Escue manages Indiana University's Extended Information Security (EIS) team, a pioneering effort focused on improving university incident remediation capabilities and the handling of imminent threats, beyond the scope of our traditional security office. With over fourteen years of information technology (IT) experience at Indiana University, Charles proudly leads and contributes his expertise as co-chair of EDUCAUSE's HECVAT Users Community Group.

Kyle Earley serves as the High Performance Computing Security Engineer for the Ohio Supercomputer Center (OSC). He is the single security resource for the center covering everything from day-to-day security operations to specific engagements and audits. Kyle graduated with a bachelor's degree in Management of Information Systems Enterprise Security from Georgia Southern University. Prior to his time at OSC, he worked for Accenture on a wide array of projects from Department of Defense (DoD) contracts to Fortune 500 clients, last serving as a Senior Security Analyst in the consulting track.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Trusted CI engagement with OSC contributes to HECVAT 3.0

The EDUCAUSE Higher Education Information Security Council (HEISC) launched the latest version of the Higher Education Community Vendor Assessment Toolkit (HECVAT and HECVAT Lite v3). The new version has gone through a substantial overhaul to ensure the questions reflect the modern cloud research environment. More information about the new and improved HECVAT can be found on EDUCAUSE’s website.

The HECVAT is designed specifically for colleges and universities to measure vendor risk. It is presented as a questionnaire that focuses on the unique needs of a college or university. It can also be used by solution providers to demonstrate their organization’s adherence to the security expectations outlined by the HEISC. Providers are encouraged to fill out the HECVAT and share it in the Community Broker Index.

During the development of v3 of the HECVAT and HECVAT Lite, the HEISC Shared Assessments Working Group reached out to representatives of the higher ed community with expertise in industry standards (e.g., CIS Security Controls, HIPAA, ISO 27002:2013, various NIST frameworks, and the Trusted CI Framework) to conduct a “crosswalk.” Trusted CI contributed to the crosswalk by mapping the HECVAT questions to one or more of the 16 Musts in the Trusted CI Framework. Trusted CI has also published guidance on applying the HECVAT for NSF research projects. 

Our collaboration with EDUCAUSE on the HECVAT v3 was prompted by Trusted CI’s recent engagement with Ohio Supercomputer Center. We are very proud to have contributed to this important project. During our Fall 2021 engagement, OSC successfully completed the HECVAT-Lite Version 3 questionnaire on request by a research project at another university that planned to use OSC’s HPC services. OSC's HECVAT can be accessed through the Community Broker Index.
Trusted CI will be presenting a webinar on the new version of the HECVAT on Monday January 24th at 11am Eastern. Registration information is available at trustedci.org/webinars.