Protect academic and financial information across campuses with an integrated system.
Secure Digital Solutions (SDS) understands the complexity of university systems. Academic, financial, and even health records can be exposed to cybertheft—and the risks may be different for each campus location.
We recently worked with the University of California, a major state higher education system, to determine the risk to student health information. They engaged SDS to conduct an assessment of their multi-campus student health facilities. The business objective was to determine the strength of their information security, privacy programs, and practices across 10 geographically dispersed campuses.
SDS gathered and assessed all pertinent information within four weeks across all locations. The approach used was qualitative, yet consistent. It used automated surveys, onsite visits, and information gathering against standardized observation checklists. Each clinic of the U of C’s 10 campuses was measured against a uniform set of control requirements approved by the university’s enterprise information security office.
Findings Presented to Executives as a Dashboard
Results from the risk assessment were provided in a custom report for each Student Health Services office, segmenting the findings by campus location. In addition, a full report highlighting all sites was provided to the Office of the President.
To aid in this executive-level communications, the findings were also provided as an Information Security Dashboard application that kept each site anonymous, using a three-dimensional risk plot. Under the five major categories of maturity, each benchmark received a green, yellow, or red score, along with a “high, medium, or low” ranking on impact to the University of California. Areas marked red and high-impact were flagged as priorities.
Other consultants report in a more document-focused approach. I’m not aware of anybody doing the Information Security Dashboard,” says SDS Practice Manager Mike Edlund. “We’ve seen a methodology put forth by ISACA, but nothing quite like this, especially automated.
SDS’s assessment method and clear report provided an unbiased discussion around risk posture and remediation, comparing each office. Where gaps were found, the assessment results were used to prepare for further remediation work.