Profile

Michael Menne

Edit My Profile

My Content

1 to 11 of 11 total

RE: Average turnaround time expected in completing an assessment with HECVAT

Posted By Michael Menne 05-11-2022 08:32:40 AM
Found In Egroup: HECVAT Users \ view thread
My experience has been much the same as Jay's. Vendors who are familiar with it or have their act together are pretty quick about it. We've had a few vendors buck at it, but we've told them it's a requirement of doing business with us. The naked yes/no answers are a huge problem in many of the HECVATs ...

RE: Lab Endpoints and MFA

Posted By Michael Menne 04-22-2022 02:00:59 PM
Found In Egroup: Cybersecurity \ view thread
Our biggest MFA deployment is M365. We made the conscious decision not to use conditional access polices to allow it to be bypassed. We wanted it to just become a way of life and not create any confusion around when it's required and not required. It's always required and just part of life. The only ...

RE: Any thought on using CYBER HYGIENE SERVICES - cisa.gov

Posted By Michael Menne 02-11-2022 07:45:09 AM
Found In Egroup: CIO \ view thread
I've been aware of this service for a while. I haven't investigated it much, but also curious on other people's thoughts. Get Outlook for Android

RE: And now for something a little different--the revised FTC Safeguards Rule

Posted By Michael Menne 01-18-2022 09:41:20 AM
Found In Egroup: HEISC 800-171 Compliance \ view thread
Jarret, There are a lot of questions regarding this and we are all of course trying to get ahead of it. Would it be possible to put together a webinar with the information you have and allow the community to ask questions? Thank you, Michael Menne, CISSP Chief Information Security Officer IT ...

RE: Desktop Removal of Admin Rights

Posted By Michael Menne 01-13-2022 05:33:54 PM
Found In Egroup: Cybersecurity \ view thread
We have not gone down the route of removing admin rights yet. It's been a discussion a few times, but gets mired in politics. Academic Freedom is a red herring argument. It has nothing to do with the technology faculty use to teach. Academic Freedom has to do with the subjects faculty teach. For ...

RE: EDR, MDR, XDR

Posted By Michael Menne 01-12-2022 12:06:42 PM
Found In Egroup: Cybersecurity \ view thread
We have noticed zero issues with the macOS client. We haven't seen much in the way of alerts due to a layered DNS protection. I've seen MDE monitor exploit behavior, but then our DNS blocked when the exploit got to the command and control stage. Michael Menne, CISSP Chief Information Security Officer ...

RE: Analysis of new FTC Safeguards Rule in EDUCAUSE Review online

Posted By Michael Menne 01-05-2022 12:11:44 PM
Found In Egroup: Cybersecurity \ view thread
The new rules are prescriptive in the sense that they tell you WHAT to do, but are very vague in the sense of HOW to do it or how they will be evaluated. That has yet to come from my understanding. I've been pouring over these for a couple weeks now trying to put together a summary for my boss of what ...

RE: Analysis of new FTC Safeguards Rule in EDUCAUSE Review online

Posted By Michael Menne 01-03-2022 07:43:43 AM
Found In Egroup: Cybersecurity \ view thread
I read through the actual text a couple weeks ago. It was published on December 9, 2021 with an effective date of January 10, 2022 with the exception of Section 314.4(a), (b)(1), (c)(1) through (8), (d)(2), (e), (f)(3), (h), and (i) are effective as of December 9, 2022. These are the more prescriptive ...

RE: EDR, MDR, XDR

Posted By Michael Menne 12-17-2021 11:33:23 AM
Found In Egroup: Cybersecurity \ view thread
We have been using Microsoft Defender for Endpoint for nearly 2 years now. It's been extremely valuable and extremely effective. Combined with Cisco Umbrella (OpenDNS), the combination has been nearly 100% effective. I've only had to investigate a handful (2-3) university owned devices in the last 2 ...

RE: Redrock Software

Posted By Michael Menne 10-13-2021 09:53:17 AM
Found In Egroup: Cybersecurity \ view thread
I've been engaged with them on a 3rd party risk assessment for a few months now for their TracCloud product. They have refused to fill out a full HECVAT, insisting that the HECVAT Lite is good enough. For our institution's process, we will only accept a HECVAT lite for public data only. Michael ...

RE: Welcome to the Cybersecurity community on EDUCAUSE Connect

Posted By Michael Menne 09-30-2021 07:07:00 AM
Found In Egroup: Cybersecurity \ view thread
Change is hard for many people. Instead of snarky comments about the change that happened, I'd love to see this community come together to support the Educause leadership for trying. Applaud the Educause leadership for TRYING something. Finding messages in the old system that were before I subscribed ...