What makes universities and colleges unique also makes them vulnerable to cyber attacks. As centers of research and keepers of vast amounts of personal data, universities are inviting targets for hackers and cyber criminals. On top of this, a culture of collaboration, combined with bring-your-own-device policies, exposes a university or college system to an attack. All of this in concert makes having an effective cyber security strategy imperative.
A large, public university had difficulty understanding their cyber security posture due to a decentralized governance model and operating structure. They struggled with unifying information security policies across institutions and satellite campuses. The university wondered if they could set cyber security standards and enforce governance in such a unique environment.
First, we conducted a risk assessment. We fielded more than six weeks’ worth of research via onsite visits, scrutinized over 100 documents, performed more than 90 interviews, and conducted penetration tests of large-scale applications. Our findings gave us an understanding of the university’s system complexities, which we compared to the National Institute of Standards and Technology’s (NIST) trusted model for a cyber security framework.
Based on the initial success of our work, we were asked to develop a comprehensive information security program. We combined our assessment findings with our knowledge of their risk appetite across the different institutions to deliver a transformational cyber risk strategy. A tailored three-year implementation roadmap now guides their way.
- Delivered a cyber risk strategy and three-year implementation roadmap tailored to the university’s risk appetite
- Gave a decentralized institution the confidence and ability to run their own cyber security program and secure a vast network
- Fostered relationships across university officials and stakeholders, resulting in a long-term trusted advisor partnership