The REN-ISAC has recently launched the Information Security Kickstart, a brand-new Information Security Assessment and Advisory Services (ISAAS) offering designed to assist smaller colleges and universities. Shane Albright was inspired to come up with the InfoSec Kickstart concept based on his previous role as a systems administrator. “I worked in an understaffed and underfunded division within a large university that dictated a number of ‘unfunded mandates.” It was frustrating. I had to learn how to secure the systems for which I was responsible with very few resources.” According to Shane, this is an all too common scenario amongst small organizations. Staff there are responsible for running and securing systems while lacking the necessary resources. “I wanted to help my colleagues make their way down the path I’d tread before,” he said.
Who would most benefit from the InfoSec Kickstart?
The program is designed for
- Institutions with less than 10,000 students
- Colleges that are part of a larger, decentralized university
- Research and education networks
- Any group in higher education that’s responsible for managing their own IT and information security with a small team that feels like they could use some guidance
What is the InfoSec Kickstart?
It’s a one-and-a-half-day engagement that combines facilitated discussion, expert assessment, and an incident response tabletop exercise. Through the process, clients will be able to launch or relaunch an information security management program, improve an existing information security management program, or simply create a more secure computing environment with existing resources.
The Kickstart process includes
- The participation of most, if not all, of an institution’s IT staff in addition to other stakeholders in the learning and assessment process.
- A prediscovery phase where the institution completes a pre-assessment questionnaire and provides necessary documentation.
- Onsite facilitated discussions on a variety of information security topics from asset management and vulnerability management to security operations and incident response planning.
- An incident response tabletop exercise.
Is there an after-action report?
Absolutely! A week or two after the engagement, you will receive a final report that is uniquely tailored to your organization’s needs. The report will include a list of three to five information security management processes and guidance for implementing and/or improving those processes. The report also includes an executive summary that provides a summary of the InfoSec Kickstart engagement and a high-level review the strengths and weaknesses of your infosec management program
How do I learn more or set up a consultation?
If you think an Information Security Kickstart engagement might be valuable to your organization, Shane is offering a free, public webinar on Wednesday, October 16 at noon ET. You can also visit our website or contact us directly. We are happy to answer your questions.