SUMMARY
A mid-sized state university with approximately 12,000 students needed to develop a full scope information security program as part of an ITS revitalization initiative and in preparation for an upcoming state audit engagement.
Vantage worked closely with the university to develop an information security program guided by higher education best practices and the requirements of the ISO 27002 information security framework, including scope to:
- Create an information security program charter
- Develop an information security governance structure
- Update and create policies, operational standards, and baseline procedures
- Complete information security maturity assessments for all applicable campus units
- Complete a campus IT risk assessment.
- Provide guidance in implementing a vulnerability scanning program
- Determine roadmap of prioritized improvements for information security plans
- Update and facilitate table-top exercise of enterprise-wide contingency plans for business continuity and disaster recovery
BENEFITS
- Defined a cohesive, unified approach to Information Security to meet ISO 27002 framework and other regulatory compliance programs
- Engaged governance groups that supported annual plans and cycles of assessment to foster best practices and improve information security posture of the university
- Coordinated a risk-based, transparent, program of Information Security services to support faculty, staff and students
SERVICES
- Information Security Assessment
- IT Governance Formation
- Information Security Program Development
EXPERTISE
- Higher Education Information Security strategy and best practices
- ISO 27002 framework
- Research and regulatory compliance
- Information Security certifications
- Information Security audit preparation
- Client: Mid-sized State University
- Location: Southeast US
- Project Type: Education
- Services: Information Security Initiative