NAVEX Case Studies Major University with Diverse Requirements Automates Information Security

Edit This Case Study Record

	Major University with Diverse Requirements Automates Information Security NAVEX

Major University with Diverse Requirements Automates Information Security

NAVEX

Technology Category	Cybersecurity & Privacy - Cloud Security
Applicable Industries	Education
Applicable Functions	Business Operation
Use Cases	Cybersecurity
Services	System Integration
Challenge	The biosciences division of a major university, comprising 5,000 faculty and staff across 32 departments, faced a significant challenge in managing its information security. Each department had its own IT support and unique cybersecurity requirements, creating a siloed environment that hindered the security team's ability to assess the entire IT landscape. This resulted in gaps in security controls, inconsistencies in applying these controls, and duplication of efforts. The university's commitment to open inquiry and interdisciplinary research, which involved freely sharing information, introduced additional risk. The security team also struggled to comply with the Federal Information Security Management Act (FISMA) procedures and controls for protecting government information, operations, and assets. Read More
About Customer	The customer in this case study is a major university's biosciences division. This division is large, with 5,000 faculty and staff members spread across 32 departments. Each department has its own IT support and unique cybersecurity requirements. The university is committed to open inquiry and interdisciplinary research, which involves freely sharing information throughout the university, with other institutions, and around the world. This open culture, while beneficial for academic pursuits, introduces significant risk from an information security perspective. The division also has to comply with the Federal Information Security Management Act (FISMA) procedures and controls for protecting government information, operations, and assets. Read More
Solution	The university division selected NAVEX's governance, risk management, compliance (GRC) platform, NAVEX IRM, for its capabilities in integrated risk management (IRM). NAVEX IRM enables the university to gain a comprehensive view of their business and operations from a risk perspective—connecting individual risk disciplines and managing them in one centralized program. The security team completed some groundwork before implementing NAVEX IRM, which included process mapping, defining roles and responsibilities, classifying and taking inventory of information systems, and defining a process for automating cybersecurity tasks like scanning, prioritizing, assessing, and reporting vulnerabilities. Assets were given a confidentiality, integrity, and availability (CIA) score to determine their importance to the division’s operations. NAVEX IRM automatically performed a Priority Impact Analysis (PIA) on each new vulnerability detected across the IT landscape of 32 departments. The team consulted a heat map on a dashboard showing the PIA score, along with the asset CIA score. As a result, the team could address the most severe vulnerabilities first and manage the entire process more efficiently. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Cloud Security

Applicable Industries

Education

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Services

System Integration

Challenge

The biosciences division of a major university, comprising 5,000 faculty and staff across 32 departments, faced a significant challenge in managing its information security. Each department had its own IT support and unique cybersecurity requirements, creating a siloed environment that hindered the security team's ability to assess the entire IT landscape. This resulted in gaps in security controls, inconsistencies in applying these controls, and duplication of efforts. The university's commitment to open inquiry and interdisciplinary research, which involved freely sharing information, introduced additional risk. The security team also struggled to comply with the Federal Information Security Management Act (FISMA) procedures and controls for protecting government information, operations, and assets.

About Customer

The customer in this case study is a major university's biosciences division. This division is large, with 5,000 faculty and staff members spread across 32 departments. Each department has its own IT support and unique cybersecurity requirements. The university is committed to open inquiry and interdisciplinary research, which involves freely sharing information throughout the university, with other institutions, and around the world. This open culture, while beneficial for academic pursuits, introduces significant risk from an information security perspective. The division also has to comply with the Federal Information Security Management Act (FISMA) procedures and controls for protecting government information, operations, and assets.

Solution

The university division selected NAVEX's governance, risk management, compliance (GRC) platform, NAVEX IRM, for its capabilities in integrated risk management (IRM). NAVEX IRM enables the university to gain a comprehensive view of their business and operations from a risk perspective—connecting individual risk disciplines and managing them in one centralized program. The security team completed some groundwork before implementing NAVEX IRM, which included process mapping, defining roles and responsibilities, classifying and taking inventory of information systems, and defining a process for automating cybersecurity tasks like scanning, prioritizing, assessing, and reporting vulnerabilities. Assets were given a confidentiality, integrity, and availability (CIA) score to determine their importance to the division’s operations. NAVEX IRM automatically performed a Priority Impact Analysis (PIA) on each new vulnerability detected across the IT landscape of 32 departments. The team consulted a heat map on a dashboard showing the PIA score, along with the asset CIA score. As a result, the team could address the most severe vulnerabilities first and manage the entire process more efficiently.

Impact #1	The security team’s unified approach to vulnerability management was accepted by all 32 departments.
Impact #2	Automating scanning and processing activities promoted accountability among departments.
Impact #3	Automated notifications and reminders compelled IT custodians to take action to stop notification and prevent escalation.

Impact #1

The security team’s unified approach to vulnerability management was accepted by all 32 departments.

Impact #2

Automating scanning and processing activities promoted accountability among departments.

Impact #3

Automated notifications and reminders compelled IT custodians to take action to stop notification and prevent escalation.

Benefit #1	Response time to address vulnerabilities was reduced by 77%
Benefit #2	100% of vulnerabilities were addressed

Benefit #1

Response time to address vulnerabilities was reduced by 77%

Benefit #2

100% of vulnerabilities were addressed

Download PDF Version

Overview

Major University with Diverse Requirements Automates Information Security

Operational Impact

Quantitative Benefit