Private Liberal Arts College

A private liberal arts college in the Northeastern United States with over 3,500 undergraduate and graduate students is dependent on its information technology systems to deliver fast, reliable, and secure technology services to students, faculty, researchers, and staff around the world.

Vantage was brought in to help the college evolve its institutional information security program to better meet its growing technology and data security needs. We created and held two workshops to facilitate the development of a roadmap for the information security program.

In Phase 1, we worked with the college’s leadership team to identify the unique risks and challenges that should be identified in the college’s information security strategy. We also worked with the IT leadership team to discuss and document current information security strategy, services and operations, program management, policy, compliance, awareness activities, and to outline desired outcomes and success factors for the information security program. Following the completion of the Phase 1 workshop, we assisted in developing an information security governance structure and preparing a charter for its information security program.

In Phase 2, we met with the IT team to conduct an information security controls assessment using the NIST Cybersecurity Framework. Our assessment evaluated the current maturity of the specified controls, the future desired maturity for that control, and the potential risk of a control failure. Our assessment also included a review of the current information security policies and standards and advice for future improvement.

Our deliverables included all workshop facilitation materials, information security program documentation, and a phased roadmap outlining future information security program activities designed to reduce institutional risk. A key feature of this project was providing the IT team with executive-ready presentations and briefings detailing workshop results and our recommendations.