Major University with Diverse Requirements Automates Information Security
Company Size
1,000+
Region
- America
Country
- United States
Product
- NAVEX IRM
Tech Stack
- Vulnerability Management
Implementation Scale
- Enterprise-wide Deployment
Impact Metrics
- Digital Expertise
- Productivity Improvements
Technology Category
- Cybersecurity & Privacy - Cloud Security
Applicable Industries
- Education
Applicable Functions
- Business Operation
Use Cases
- Cybersecurity
Services
- System Integration
About The Customer
The customer in this case study is a major university's biosciences division. This division is large, with 5,000 faculty and staff members spread across 32 departments. Each department has its own IT support and unique cybersecurity requirements. The university is committed to open inquiry and interdisciplinary research, which involves freely sharing information throughout the university, with other institutions, and around the world. This open culture, while beneficial for academic pursuits, introduces significant risk from an information security perspective. The division also has to comply with the Federal Information Security Management Act (FISMA) procedures and controls for protecting government information, operations, and assets.
The Challenge
The biosciences division of a major university, comprising 5,000 faculty and staff across 32 departments, faced a significant challenge in managing its information security. Each department had its own IT support and unique cybersecurity requirements, creating a siloed environment that hindered the security team's ability to assess the entire IT landscape. This resulted in gaps in security controls, inconsistencies in applying these controls, and duplication of efforts. The university's commitment to open inquiry and interdisciplinary research, which involved freely sharing information, introduced additional risk. The security team also struggled to comply with the Federal Information Security Management Act (FISMA) procedures and controls for protecting government information, operations, and assets.
The Solution
The university division selected NAVEX's governance, risk management, compliance (GRC) platform, NAVEX IRM, for its capabilities in integrated risk management (IRM). NAVEX IRM enables the university to gain a comprehensive view of their business and operations from a risk perspective—connecting individual risk disciplines and managing them in one centralized program. The security team completed some groundwork before implementing NAVEX IRM, which included process mapping, defining roles and responsibilities, classifying and taking inventory of information systems, and defining a process for automating cybersecurity tasks like scanning, prioritizing, assessing, and reporting vulnerabilities. Assets were given a confidentiality, integrity, and availability (CIA) score to determine their importance to the division’s operations. NAVEX IRM automatically performed a Priority Impact Analysis (PIA) on each new vulnerability detected across the IT landscape of 32 departments. The team consulted a heat map on a dashboard showing the PIA score, along with the asset CIA score. As a result, the team could address the most severe vulnerabilities first and manage the entire process more efficiently.
Operational Impact
Quantitative Benefit
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
Related Case Studies.
Case Study
IoT platform Enables Safety Solutions for U.S. School Districts
Designed to alert drivers when schoolchildren are present, especially in low-visibility conditions, school-zone flasher signals are typically updated manually at each school. The switching is based on the school calendar and manually changed when an unexpected early dismissal occurs, as in the case of a weather-event altering the normal schedule. The process to reprogram the flashers requires a significant effort by school district personnel to implement due to the large number of warning flashers installed across an entire school district.
Case Study
Revolutionizing Medical Training in India: GSL Smart Lab and the LAP Mentor
The GSL SMART Lab, a collective effort of the GSL College of Medicine and the GSL College of Nursing and Health Science, was facing a challenge in providing superior training to healthcare professionals. As clinical medicine was becoming more focused on patient safety and quality of care, the need for medical simulation to bridge the educational gap between the classroom and the clinical environment was becoming increasingly apparent. Dr. Sandeep Ganni, the director of the GSL SMART Lab, envisioned a world-class surgical and medical training center where physicians and healthcare professionals could learn skills through simulation training. He was looking for different simulators for different specialties to provide both basic and advanced simulation training. For laparoscopic surgery, he was interested in a high fidelity simulator that could provide basic surgical and suturing skills training for international accreditation as well as specific hands-on training in complex laparoscopic procedures for practicing physicians in India.
Case Study
Implementing Robotic Surgery Training Simulator for Enhanced Surgical Proficiency
Fundacio Puigvert, a leading European medical center specializing in Urology, Nephrology, and Andrology, faced a significant challenge in training its surgical residents. The institution recognized the need for a more standardized and comprehensive training curriculum, particularly in the area of robotic surgery. The challenge was underscored by two independent studies showing that less than 5% of residents in Italian and German residency programs could perform major or complex procedures by the end of their residency. The institution sought to establish a virtual reality simulation lab that would include endourological, laparoscopic, and robotic platforms. However, they needed a simulator that could replicate both the hardware and software of the robotic Da Vinci console used in the operating room, without being connected to the actual physical console. They also required a system that could provide both basic and advanced simulation training, and a metrics system to assess the proficiency of the trainees before they performed surgical procedures in the operating theater.
Case Study
Edinburgh Napier University streamlines long-distance learning with Cisco WebEX
• Geographically dispersed campus made in-person meetings costly and inconvenient.• Distance-learning programs in Malaysia, India, and China required dependable, user-friendly online tools to maximize interaction in collaborative workspaces.• Virtual learning environment required a separate sign-in process, resulting in a significant administrative burden for IT staff and limited adoption of collaboration technology.
Case Study
8x increased productivity with VKS
Before VKS, a teacher would spend a lot of time showing a group of 22 students how to build a set of stairs within a semester of 120 hours. Along with not leaving the teacher much time to provide one-on-one support for each student to properly learn carpentry, it also left a considerable amount of room for error. Key information would be misinterpreted or lost as the class was taught in the typical show-and-tell way.
Case Study
Scalable IoT Empowering GreenFlex's Sustainable Growth
GreenFlex, a company that supports sustainable development, decarbonization, and energy efficiency, faced several challenges in its quest to expand its business. The company needed to deploy a robust and sustainable IoT technology to support its growth. It was crucial for them to monitor and control devices at customer sites in a safe and reliable manner. They also needed to integrate devices across a range of communication protocols and gather and act on data to meet efficiency targets. GreenFlex had previously built IoT capabilities into its digital platform, GreenFlexIQ, to monitor and manage customer sites remotely. However, they soon realized that they needed a new platform to support their ambitions. They needed a platform that could scale to connect more devices for production management and make it easier for the operations team to manage devices in the field.
