Information security is becoming more and more of a priority for educational institutions the world over, but it’s a serious challenge to find the right personnel to fulfill the role. This is due to the current lack of talent in the cybersecurity industry because of the relative infancy of the industry and the significant competition for cutting-edge information security officers.
This leaves many educational institutions with somewhat of a conundrum. This is a role that cannot be ignored, and yet – it seems that they can never find the right person. To fill this gap, many have turned to virtual Chief Information Security Officers which are utilized as a service, rather than looking to hire someone in-house. This is a fascinating way to cover your bases and one that the entire education industry could benefit from.
What are the Benefits of Having a Virtual Chief Information Security Officer? (vCISO)
Some of the key reasons that a vCISO makes so much sense for educational institutions are as follows:
Those are just some of the reasons why a vCISO can be so valuable. To illustrate the points above, let’s look at a case study where we worked with a sophisticated higher education research institute to implement a vCISO in lieu of a new permanent hire.
The institute in question included 700 professionals, students, and support staff from 38 different countries. Combine this with a vast network of more than 200 public and private research sponsors and you have yourself a complex and nuanced information security landscape. From a regulatory perspective, they needed to be compliant with NIST 800-171, NIST 800-53, FERPA, and TAC 202 as a state agency and educational institution. And they also had a reporting deadline to the state in just a few months which required a risk register, security plan, and security program.
With a significant budget constraint, they turned to the services of a vCISO.
“We faced significant security concerns, but we couldn’t absorb the cost of a qualified, full-time CISO when ours accepted a promotion. We had heard about Columbia Advisory Group through their work with peer institutions, and we decided to consider their services in lieu of making another hire.”
We took on the role on a 6-month interim basis and assigned one of our strongest vCISO to right the ship. Immediately, the client felt the difference that an experienced and well-resourced team was bringing to the table. Even in the midst of changing requirements from the Texas DIR, we managed to vastly increase the overall effectiveness of the security program at around 40% of the cost of a permanent hire.
An unexpected side effect of this was that the savings allowed for an internal IT operator to transition into a junior security role, making the cybersecurity strategy that much more robust and streamlining workflows across the organization.
The client had this to say: “We have found CAG to be responsive and efficient at leading and managing all cybersecurity projects and needs. CAG provides product and tool recommendations for security monitoring as part of our vCISO service, helping us make more nimble and cost-effective solutions. As part of the vCISO service, CAG provides ongoing vulnerability scans, more often than the organization did previously. Our vCISO is fully integrated into weekly staff meetings and meets with researchers and staff regularly. Sometimes the vCISO acts as the ‘heavy’ when tough decisions need to be communicated to researchers and stakeholders regarding cybersecurity and their work. The voice of his expertise and seniority within higher education data security circles adds weight to these decisions.”
Hopefully, you can see just how powerful a vCISO can be for educational institutions to transform their cybersecurity setups. If this is of interest to your organization, be sure to get in touch today, and let’s see how we can help.
ABOUT CAG: CAG is a highly experienced IT consulting firm. With 100+ years of combined technology experience and business acumen, CAG’s team has assessed and helped improve the per formance of more than 300 technology organizations and IT depar tments. By focusing on simple, meaningful, and practical solutions combined with straight-for ward analysis and recommendations, C AG’s team has experience in many regulator y and economic environments with companies and organizations of all sizes. CAG not only offers a deep understanding of IT, but its solutions are sof t ware and hardware agnostic. Whether a client is high growth or economically challenged, CAG can adapt to the complexities and nuances of that business. Based in Dallas, Texas, C AG works extensively with clients throughout the U. S. For more information, visit columbiaadvisory.com