Lone Star ahead of its class in information security
Protecting any enterprise from security threats can be a daunting endeavor, but few organizational structures are more difficult to secure than a college or university. Students, faculty, administrators and alumni—each group has differing IT needs, creating not just one, but many unique security challenges.
Because of that complexity, many colleges are finding it highly beneficial to bring in a third-party expert to assess existing security capabilities and make recommendations to help strengthen security controls. The Lone Star Community College System offers a wide range of educational opportunities, including associate degree programs and degree programs designed to help students transfer to senior institutions, as well as adult education and literacy courses.
The administration at Lone Star is committed to providing a dynamic learning environment that empowers community members to succeed in today’s competitive work environment. To better support the institution’s goals, Lone Star’s Office of Technology Services (OTS) recently began an initiative to consolidate and upgrade IT resources across the campuses to increase systemwide access, efficiency, and effectiveness. And because colleges are a magnet for a wide range of threats, Shah Ardalan, Lone Star’s vice chancellor and chief information officer, also felt it was critical to go the extra mile to protect students’ safety and identity, as well as the school’s reputation.
The OTS team had built an effective rules-based security foundation, but Ardalan wanted a trusted third party to test the college’s security systems. OTS chose Verizon because of its established reputation as a security leader. Verizon ran a series of penetration tests, trying to compromise Lone Star’s internal, external, and wireless systems.
The results were eye opening for the Lone Star team. The factbased, objective analysis verified that OTS needed to address a number of security issues in its multi-layered infrastructure, including serious risks in the wireless environment. OTS then asked Verizon to develop a formal and documented framework that would apply industry standards to Lone Star’s security infrastructure. Verizon developed a framework- based assessment using the ISO 27000 family of information security standards, which covers over 600 requirements across 12 categories.
A scorecard was developed that identified the gaps between Lone Star’s security controls and those outlined in the ISO standards. The ISO 27000 framework now provides the basis for evaluating campus security processes and procedures, empowering Lone Star to manage, monitor and align its security controls with the global standards. Verizon was also tapped to write a capstone program to formally establish security policies for Lone Star, which are now integrated into the college’s governance and management policy.
Verizon is helping the school maintain compliance with security regulations and mandates, too. “Lone Star has always maintained a careful watch on compliance,” says Link Alander, associate vice chancellor, technology services, “but sometimes you need that outside expertise to make sure that you’re staying on top of things.” Lone Star is realizing significant benefits from Verizon’s security engagements. It now has segmented architecture that protects the user community from internal and external threats.
This allows Lone Star to provide open access to the community, while still protecting sensitive data and systems— and its students and faculty. “The ability to have outside experts to strengthen the environment and develop policies to give us peace of mind was critical,” says Alander. “Every penny we spent with Verizon was worth spending.”
To learn more, visit www.verizonwireless.com/education