State University System Office

Information Security Initiative


The Information Technology group based in the System Office of a large multi-campus state university with over 200,000 students realized they needed a robust information security program to address the growing needs of a rapidly changing educational environment.

In addition to providing local technology services for System Office staff, the System Office Information Technology Services (ITS) provides shared enterprise application, hosting, and payroll services to some of the member universities. The information security program included unique requirements to account for the role of ITS as a service provider to other member institutions and coordination for shared initiatives across all of the campuses in the system.

To meet their needs, Vantage created and held a workshop to facilitate the development of a roadmap for an information security program and strategic plan. The workshops were organized into two phases:

  • In Phase 1, we worked with the leadership team to identify the unique risks and challenges facing the System Office, to categorize the governance groups and administrative roles with touchpoints to Information Security, and to discuss various topics that impact Information Security such as value, desired outcomes and success factors
  • In Phase 2, we met with the ITS Division leadership and management to determine program management capabilities and organization, policy and compliance service levels, education and awareness services, and Information Security operations and risk management services

In addition, Vantage worked with the System Office to create a Chief Information Security Officer position description to properly address and manage the information security requirements for shared technology services as well as desired collaboration across the system as envisioned by the CIO.


  • Outlined an Information Security program and developed a sustainable framework for managing operations and services
  • Defined a risk-based and transparent program of services to support the System Office and System institutions
  • Defined metrics and a roadmap for implementation of an Information Security program
  • Developed a collaborative process to support annual plans and assessment cycles to foster best practices and improve Information Security posture of the University System
  • Created a position description for a new Chief Information Security Officer role to manage the program on a going forward basis


  • Information Security Assessment
  • IT Governance Formation
  • Information Security Program Development


  • Higher education Information Security strategy and best practices
  • University system leadership, strategic planning and governance
  • Enterprise application project leadership and best practices
  • IT audit preparation and management
  • Information Security certifications
  • Client: State University System Office
  • Project Type: Education
  • Services: Information Security Initiative