Chief Information Security Officers (CISOs) identify and exchange security best practices and threat intelligence in order to reduce risks to campus information systems. CISOs share effective practices for information security across domains of policy, strategy, operations, risk management, vulnerability management, IT forensics, and incident response. In addition, CISOs collaborate across campuses to develop and encourage new practices, tools, and technologies that support information security objectives.
A common struggle across institutions is balancing speed and thoroughness in performing security reviews of third-party software. In an effort to address this, the Big Ten Academic Alliance Chief Information Security Officers (CISOs) have joined forces and developed an innovative approach to increase transparency and collaboration by developing a shared approach to assessing the security risk of cloud technologies.
Working with Riskonnect, a leader in integrated risk management solutions, CISOs have developed a shared platform for the universities to streamline the security review process for third-party vendors. The platform also will serve as a channel where members can share security assessment information, resulting in increased efficiency and improved vendor selection process.
OmniSOC is a pioneering initiative of these Big Ten Academic Alliance universities with a goal to help higher education institutions reduce the time from first awareness of a cybersecurity threat anywhere to mitigation everywhere for members.
“With tens of thousands of students, faculty and staff, university campuses are really like small cities, with sensitive data and powerful computing systems that are coveted by cyber criminals,” said Tom Davis, OmniSOC founding executive director and chief information security officer. “Protecting hundreds of thousands of devices and critical data requires expertise, systems, policies and rapid response when new vulnerabilities become known. While campus-by-campus approaches are essential, they are not sufficient for the sophistication of modern cyber risks. The OmniSOC enhances the work of local security professionals to provide greater real-time, sophisticated threat detection, analysis and action for our members.”
OmniSOC is based at Indiana University and leverages two decades of experience and capabilities from the 24/7 Global Research Network Operations Center (GlobalNOC), which provides services to government, research and education networks across the nation. Using real-time security information data feeds from each member campus, as well as governmental and corporate security subscriptions, the OmniSOC identifies suspicious and malicious activity requiring mitigation and provides rapid incident response through human analysis and machine learning.