NetSPI partnered with MnSCU to develop organizational and campus-based IT security programs

Modern day universities and colleges face myriad challenges in trying to protect the availability, integrity, and confidentiality of institutional assets: students who “push the envelope” on the use of resources, the deployment of new technologies like networks, a strong tradition of academic freedom that supports open access, and a broad range of compliance requirements like PCI, HIPAA, and FERPA.

Adding to these challenges, the centralized leadership of Minnesota State Colleges and Universities (MnSCU) is faced with creating a definitive yet flexible security and compliance program framework that can be executed cost-effectively across a range of independent-minded organizations. MnSCU’s Office of the Chancellor’s IT group must ensure security, compliance, and risk management, and they must also ensure that attacks don’t emanate from within the campus IT environments.

A long-term partnership with NetSPI

MnSCU has partnered with NetSPI since 2002 to develop organizational and campus-based IT security programs. Initially, the NetSPI team was brought in to review the security program and to create a strategy for developing security programs. The ongoing partnership since then has been focused on the execution of strategic and tactical program elements including:

• Strategic Program Review
• ISO 17799 Based Policy and Standards Development
• Compliance-Based Assessment
• Security Assessment Program Development

In addition to these projects, the NetSPI team is a regular presenter at the yearly MnSCU technology conference, as well as at many of the meetings of CIOs and campus-based committees.

With relationships with numerous higher education organizations, NetSPI has developed a strong understanding of federal legislation such as FERPA, HIPAA, and GLBA, as well as of the PCI standards that apply to MnSCU campuses.

In-depth understanding

The NetSPI team has a deep understanding of the issues that affect campus-based IT security. The team has spent a significant amount of time understanding campus operations, library requirements, wireless use, and network architecture. Combining this knowledge with an understanding of organizational nuances has allowed NetSPI to be successful in helping MnSCU create realistic goals and strategies to meet their security, compliance, and risk management requirements.

“From the CIO steering committee, the technical team, to internal and external audit, NetSPI has worked exceptionally well with all groups within MnSCU to ensure that policy and recommendations apply to all of the very different groups in our organization. NetSPI’s strong understanding of organizational retirements, IT and IT security, have made them a key resource in developing and implementing portions of our security program.”

Bev Schuft
Director of Information Security at MnSCU