Profile

CommunityPlatform_1350x900.jpg

Sean Hagan

Edit My Profile

My Content

1 to 8 of 8 total

Reminder - No Monthly Meeting Tomorrow (12/19/2023)

Posted By Sean Hagan 12-18-2023 02:48:00 PM
Found In Egroup: Cybersecurity and Privacy Governance, Risk, and Compliance \ view thread
Hi GRC Friends - Just a friendly reminder that we won't be holding a December GRC meeting as scheduled tomorrow, December 19, and instead will reconvene in January. We also expect to update (replace) the calendar invite in the coming weeks since none of the current co-chairs have the ability to edit ...

RE: Internal Audit office and ERP system data

Posted By Sean Hagan 11-20-2023 11:32:19 AM
Found In Egroup: Cybersecurity \ view thread
Hi Joe (and unnamed institution) - our answer is yes, they do have such access, and yes, it is explicitly called out in policy. I'm told this is fairly standard if your institution aligns with the Institute of Internal Auditors, but of course not everyone follows that. Policy link: https://www.alask ...

RE: Standardized list of risk factors?

Posted By Sean Hagan 10-03-2023 10:50:29 AM
Found In Egroup: Cybersecurity \ view thread
Timothy - that's an interesting question and I'd love to see any lists that others might be aware of. My initial response is that I can't recall seeing something so detailed, especially across relatively broad categories like generalized compliance, third party/vendor risk management, and security operations. ...

RE: November Meeting Tuesday the 15th 10:30-11:30 EST

Posted By Sean Hagan 11-15-2022 11:36:00 AM
Found In Egroup: NIST 800-171 Compliance \ view thread
Hi Bob - As far as a starting point, there are a number of great resources from EDUCAUSE (with specific credit to Jarret Cummings) and from plenty of vendors, though I'm not certain on forms/checklists. I'll link to a few resources that I've used before. If you have specific questions, I'll shamelessly ...

RE: Information Security Report - Suggested Areas of Reporting

Posted By Sean Hagan 10-25-2022 12:12:00 PM
Found In Egroup: Cybersecurity and Privacy Governance, Risk, and Compliance \ view thread
Hi Ron - Time will tell if we're doing this correctly or not, but I just wrapped up my final draft in preparation for a board meeting in the coming weeks. Ours is two pages long, includes the sections listed below, and is intended to be a high-level overview. I've tried to avoid anything that's likely ...

RE: EDR in labs and classrooms?

Posted By Sean Hagan 01-28-2022 10:14:00 AM
Found In Egroup: Cybersecurity \ view thread
Hi Ryan - We negotiated with Microsoft to include language in our license agreement allowing installation of Defender for Endpoint in our lab and shared spaces for no additional cost (this was part of an A5 agreement, which otherwise is licensed on a per-user, not per-device, basis). I believe technically ...

RE: Recommendations for MFA Hardware Tokens

Posted By Sean Hagan 12-14-2021 01:33:17 PM
Found In Egroup: Identity and Access Management \ view thread
I've used Duo, Yubico, and Feitian tokens and keys when deploying Duo. I would not recommend the Duo tokens due to cost and reliability concerns, though they're arguably the easiest to deploy. Yubico keys work great but aren't necessarily the most cost effective (the Security Key NFC is very low cost ...

RE: How is it going with cybersecurity insurance renewals this year?

Posted By Sean Hagan 11-19-2021 10:56:00 AM
Found In Egroup: Cybersecurity \ view thread
A QuickTalk would be really informative. We just wrapped up our FY22 renewal earlier this month (I think our experience largely mirrored what others here faced) and I've already received a list of FY23 expected requirements from my broker. I will need every bit of the next 11 months to get prepared and ...