Skip to Content

IT risk assessment and technical review

April 23, 2017 Case Study 1 min read
A public university improves data security across campus through comprehensive IT assessment and technical review.
Image of people meeting

The client

A large institution with more than 10,000 students and 2,000 faculty.

The challenge

Given the number of data breaches in the higher education space, leaders at the university wanted to strengthen its IT and data security to avoid becoming a victim. Through an RFP process, they engaged our team to perform an IT risk assessment to identify security and technology enhancements to minimize the risk. The assessment spanned the entire organization, including multiple schools and administrative departments.

The solution

We met with key project sponsors, including the IT director, project manager, department heads, and senior staff to gain a deeper understanding of their individual needs and concerns. It was critical to have each university unit represented since the staff held different perspectives on security and IT needs. We then proceeded with a five-week effort to improve the university’s security posture. Those initial conversations led to much enthusiasm and staff engagement during the two-phase project:
  • Risk assessment
    While using NIST 800 series and ISO 27001 frameworks, we analyzed the environment and conducted interviews with academic department members, business staff, deans, managers, and others to learn what measures and processes were currently in place to protect the network and data — and where vulnerabilities might lie.
  • Technical review and simulated hacking
    Our team then conducted network security testing to uncover gaps, including a simulated hack and data breach. We reviewed the university’s security infrastructure design, applications and settings, and the wireless environment. We also tested for evidence of, and vulnerability to, social engineering and phishing.

Our team provided a comprehensive report of findings, giving the university’s executive team a detailed understanding of vulnerabilities and risk.

The benefit

The university gained the information and tools needed to execute a plan to minimize its exposure. The IT department and internal customers gained a fuller appreciation for the need for ongoing work and vigilance to maintain a secure environment. This stronger security awareness led senior management to better allocate resources to remediate gaps identified and to ensure security remains a high priority across campus.

Related Thinking

Group of cybersecurity professionals gathered around a computer.
Dec. 12, 2023

Prioritizing cybersecurity as a holistic leader

Webinar 1 hour watch
Example of railroad that transit agencies are working to strengthen cybersecurity for.
December 12, 2023

Getting on track with TSA cybersecurity rules for public transit

Article 4 min read
A business professional working on a laptop at their desk
December 7, 2023

Cybersecurity insurance: Once optional, now essential

In The News 2 min read