Profile

CommunityPlatform_1350x900.jpg

Bob Barton

Edit My Profile

My Content

1 to 20 of 41 total

RE: GLBA Safeguards Rule 4(d) and 4(g) questions

Posted By Bob Barton 11-20-2023 12:29:09 PM
Found In Egroup: Cybersecurity \ view thread
Afternoon, I've talked to an auditor for some advice. What I say here is an echo of what they said. *** How does your institution satisfy 4(d)(2) of the Safeguards rule (continuous monitoring or periodic vulnerability assessments)? Is a CrowdStrike Falcon Complete, plus annual penetration testing, ...

RE: Verifying Deceased Staff/Faculty/Student

Posted By Bob Barton 09-29-2023 07:58:00 AM
Found In Egroup: Privacy \ view thread
We've looked unsuccessfully for some way to do that for a while. We've been running off "general knowledge" within the organization for a while now and it isn't enough. We are reviewing/removing accounts, but getting on an account that goes with someone that has passed (and will have had an announcement ...

RE: Company Bios and Directories

Posted By Bob Barton 09-25-2023 01:17:34 PM
Found In Egroup: Cybersecurity \ view thread
Afternoon, We are working toward departments being listed on the web site (do they really know who the Registrar is or who they should talk to in Fin Aid?) and a full directory behind our portal. I do not have statistics, but we have had some poorly done spam attacks that basically copied/pasted the ...

RE: Fed Aid and GLBA gap map sheet

Posted By Bob Barton 08-01-2023 10:37:13 AM
Found In Egroup: Cybersecurity \ view thread
You look for a spreadsheet? Robert "Bob" Barton Executive Director of Information Security & Policy Lewis University 1 University Parkway Romeoville, IL 60446-2200 815-836-5663

RE: Consultant Password Policy

Posted By Bob Barton 07-24-2023 08:06:47 AM
Found In Egroup: Network Management \ view thread
Named account with an expiration date. 2FA and VPN required. Robert "Bob" Barton Executive Director of Information Security & Policy Lewis University 1 University Parkway Romeoville, IL 60446-2200 815-836-5663

RE: Cybersecurity/IT Security Tools

Posted By Bob Barton 07-20-2023 11:35:34 AM
Found In Egroup: Cybersecurity \ view thread
For FSA, you need to worry about NIST 800-171. For GLBA, you need to worry about the Safe Guards Rule. For both of those, Educause has created an evaluation/cross-walk. You should be able to find the 800-171 now, but the Safeguards Rule spreadsheet is not finished. I'm on both groups. For vulnerability ...

RE: Cybersecurity/IT Security Tools

Posted By Bob Barton 07-20-2023 08:31:11 AM
Found In Egroup: Cybersecurity \ view thread
Morning, That is a broad ask. Can you narrow that down or are you seeking any ideas? Robert "Bob" Barton Executive Director of Information Security & Policy Lewis University 1 University Parkway Romeoville, IL 60446-2200 815-836-5663

RE: Security Advice - Working Remotely from Other Countries

Posted By Bob Barton 03-10-2023 10:13:57 AM
Found In Egroup: Cybersecurity \ view thread
I recommend...whatever you decide...make a policy for the future. You need to be consistent. In my case, it was China (which has a lot of issues), but the outcome was a policy that we can use in the future. Robert "Bob" Barton Executive Director of Information Security & Policy Lewis University ...

RE: Mapping the Safeguards Rule

Posted By Bob Barton 02-09-2023 11:49:00 AM
Found In Egroup: NIST 800-171 Compliance \ view thread
I can volunteer some time. Robert "Bob" Barton Executive Director of Information Security & Policy Lewis University 1 University Parkway Romeoville, IL 60446-2200 815-836-5663

RE: Workstation Security Remediation Process

Posted By Bob Barton 12-20-2022 09:28:11 AM
Found In Egroup: Cybersecurity \ view thread
Morning, We've moved to the same here; a) possible vs b) confirmed. a)Possible - just to add to Frank's list; Cisco Umbrella or WebTitan redirects. We do usually got to the machine, check updates, currently replace Symantec with Sophos, and a few other things. If it still has redirects the next (or ...

RE: Duo - Verified Push

Posted By Bob Barton 12-16-2022 03:16:41 PM
Found In Egroup: Cybersecurity \ view thread
Afternoon, We do use it here. When we first moved to Duo, we allowed users to use SMS, token, phone, and codes (emergency). We found this to be limiting (and could cause us issues with our telephony credits). We're now opened to the push/app and people are just not moving to it. We had thought people ...

RE: Interested in hearing real-world use cases for MIcrosoft Power Platform apps

Posted By Bob Barton 12-02-2022 11:34:00 AM
Found In Egroup: Microsoft Tools in Education \ view thread
We've used Power Automate to move from a paper/sneaker process for our tuition waivers to a digital process. We move to user testing next month. It is our first one. A member of our HR Office did the great bulk work (I help with direction, flow, review and testing). The estimate they gave was 75-100 ...

RE: November Meeting Tuesday the 15th 10:30-11:30 EST

Posted By Bob Barton 11-15-2022 10:53:00 AM
Found In Egroup: NIST 800-171 Compliance \ view thread
I talked to Jay and he thought asking our group may lead to some answers.... In the realm of forms and check lists, where could I find something for GLBA? Seems I'll have a new duty and I'm looking not to recreate the wheel. Even a starting point would help.... If there is somebody (somewhere) better ...

RE: Security Incident Record Retention

Posted By Bob Barton 11-14-2022 08:01:14 AM
Found In Egroup: Cybersecurity \ view thread
We do not have an official policy (tied up in committee), but I date anything I create/keep and plan to keep it for seven years (legal discovery), unless told otherwise by Leadership/policy. Robert "Bob" Barton Executive Director of Information Security & Policy Lewis University 1 University Parkway ...

RE: Role/Security in Non-IT Administered Applications

Posted By Bob Barton 10-20-2022 08:43:00 AM
Found In Egroup: NIST 800-171 Compliance \ view thread
We use the same. By policy, we have reports and a review of the people in Slate. The reports come to Info Sec and are stored. The review is done by the department head of the area over Slate and their attestation as to who and what access is needed is kept in Info Sec. Yes...who is watching the watchmen...but ...

RE: Password Management Tool

Posted By Bob Barton 09-28-2022 08:06:15 AM
Found In Egroup: Cybersecurity \ view thread
For individuals we have used and recommend Password Safe by Bruce Schneier (free to use, he is behind Blowfish, Twofish and bunch of others). For the departments, we are looking to move to password manager pro by ManageEngine (any comments welcome). pwsafe[.]org Robert "Bob" Barton Executive ...

RE: Incident Response Playbook for Email Account Compromise

Posted By Bob Barton 09-26-2022 07:48:51 AM
Found In Egroup: Cybersecurity \ view thread
What are teams using for their paybooks? Seems like Word is inefficient, and Excel could be better. Anybody using OneNote for the team? Robert "Bob" Barton Executive Director of Information Security & Policy Lewis University 1 University Parkway Romeoville, IL 60446-2200 815-836-5663

RE: Joining AD Domain not for Edu Sector?

Posted By Bob Barton 09-22-2022 09:11:49 AM
Found In Egroup: Cybersecurity \ view thread
Faculty are provided laptops to use for University needs. They are owned and managed by central IT. They are refreshed on a 4-5 year cycle (there is an opt-out that is taken by a few). Robert "Bob" Barton Executive Director of Information Security & Policy Lewis University 1 University Parkway ...

RE: HEISC TOP CG Meeting

What time is the meeting today? It seems to have fell off my calendar. Robert "Bob" Barton Executive Director of Information Security & Policy Lewis University 1 University Parkway Romeoville, IL 60446-2200 815-836-5663

RE: KnowBe4 Alternatives

Posted By Bob Barton 08-26-2022 01:30:41 PM
Found In Egroup: Cybersecurity \ view thread
SANS has the discount for REN-ISAC members. Robert "Bob" Barton Executive Director of Information Security & Policy Lewis University 1 University Parkway Romeoville, IL 60446-2200 815-836-5663