Security Operations Plan: Duke University’s Approach to Cloud Security
Time 12/10/19 02:40PM-03:30PM
Room Grand Chenier (5th)
Duke University School of Nursing (DUSON) recently developed an application that we hosted at Duke in our data center. Other peer institutions found out about our work and asked if we would be willing to host an instance of the application for them. We agreed and decided that Amazon Web Services (AWS) would be the ideal hosting platform. Over the next year, we moved our development environment to AWS and began a long process of developing the necessary security controls in the AWS shared security model, culminating in the creation of a full Security Operations Plan.
In this interactive session, I will detail the steps we took and the decision-making process used (in collaboration with the Duke University and Duke Health System Information Security Offices) to build our plan. On the flip side, I’ll demonstrate how we work with the security offices of our customer peer institutions, including a review of our HECVAT. The session allows for audience response (through cell-phone polling), where attendees will predict key milestone activities to see if we “got it right”. Finally, all attendees upon request will receive a copy of our most recent DUSONCloud Security Operations Plan and our completed HECVAT.
I have attached a session outline so that you can get a better idea of what I'm proposing and what I feel is important to attendees.
Speaker Glenn Setliff Duke University
Primary track Cloud Architecture
Secondary tracks Information Security