Contact HotSkills
HotSkills
SEARCH
How to reach us: 800.507.4517 info@hotskills-inc.com

 

HotSkills launches Orange Parachute!
Orange Parachute specializes in ISO 27001 certification and information security program evaluation, design and implementation.
click here for more details

ISMS for Higher Education

Public Sector - Higher Education

Business Motivators

The client was a state college system with 37 campuses scattered statewide.

  • The Presidents Critical Infrastructure Protection Board released its National Strategy to Secure Cyberspace. This plan specifically identified institutions of higher education as part of the cyberspace security problem
    • Under the national microscope, it became clear that they had no coherent information security program
  • EDUCAUSE, the higher education lobby responded to the CIPB report with an information security action plan that was heartily endorsed throughout academia.
    • Committed to supporting the EDUCAUSE response, the client had neither means nor strategy to participate in the EDUCAUSE initiative
  • An industry specific information protection regulation, FERPA, as well as a state date protection act became regulatory requirements
    • With possibly serious liability concerns, the client found their diligence indefensible
  • Academic freedom and privacy issues between librarians, students, and government agencies were becoming increasingly hostile
    • The client had no mechanism to address improper usage of state information assets, yet had liability for results of improper usage

The Challenge

  • Each campus was autonomous, with its own CIO in charge of information technology
    • CIO's varied wildly in competence, sophistication, and enthusiasm
  • Every move was put under the "academic freedom" microscope
    • There was continual risk of lawsuits, accusations, and censure
  • Security activities assigned to employees were scrutinized and challenged
    • A strong union required appeasement

The Solution

An Information Security Management System (ISMS) was designed and implemented to serve as the basis for the Information Security Program. The resultant ISMS included:

  • A management framework that was sensitive to the cultural and political environment unique to higher education
  • A risk assessment methodology that was both defensible, and compatible with state audit requirements
  • Information security standards that clearly defined enforceable and auditable requirements
  • Strategic plans that showed alignment with EDUCAUSE goals and a going forward roadmap
  • Incident management capabilities aligned with state guidelines

The Result

The deployment of the ISMS resulted in the information security program obtaining the following benefits:

  • A minimum baseline of information security throughout the system
  • Clear guidance to information technology employees and users
  • Empowerment through structure
  • Defensibility through demonstrated diligence
  • Regulatory compliance
  • Auditability

info@hotskills-inc.com
(800) 507-4517
 © Hotskills 2005-2008 All Rights Reserved. Privacy Policy 4801 Nicollet Ave S, Suite A
Minneapolis, MN 55419
Site Map Services Industries About Us Contact