State University System Office

The Information Technology group based in the System Office of a large multi-campus state university with over 200,000 students realized they needed a robust information security program to address the growing needs of a rapidly changing educational environment.

In addition to providing local technology services for System Office staff, the System Office Information Technology Services (ITS) provides shared enterprise application, hosting, and payroll services to some of the member universities. The information security program included unique requirements to account for the role of ITS as a service provider to other member institutions and coordination for shared initiatives across all of the campuses in the system.

To meet their needs, Vantage created and held a workshop to facilitate the development of a roadmap for an information security program and strategic plan. The workshops were organized into two phases:

• In Phase 1, we worked with the leadership team to identify the unique risks and challenges facing the System Office, to categorize the governance groups and administrative roles with touchpoints to Information Security, and to discuss various topics that impact Information Security such as value, desired outcomes and success factors
• In Phase 2, we met with the ITS Division leadership and management to determine program management capabilities and organization, policy and compliance service levels, education and awareness services, and Information Security operations and risk management services

In addition, Vantage worked with the System Office to create a Chief Information Security Officer position description to properly address and manage the information security requirements for shared technology services as well as desired collaboration across the system as envisioned by the CIO.