Strategic Cybersecurity Assessment for a Public School District

One of the largest public school districts in the United States, comprised of roughly 250 schools and over 200,000 students, teachers, and staff members, engaged Focal Point for a strategic cybersecurity assessment. The District’s recently appointed Chief Information Officer (CIO) was seeking the help of an outside firm in order to gain a better understanding of the existing IT security systems, processes, and risks. More specifically, the CIO was interested in gaining an independent evaluation of the team, the current security strategy, the budget allocation for IT and security resources, and the systems and applications supporting the District.

After reviewing proposals from a number of consulting firms, including some of the nation’s top strategy experts, the District selected Focal Point because the CIO felt that Focal Point had the best understanding of their objectives and could provide the most actionable guidance. The assessment spanned 14 weeks and resulted in a 200+ page report that provided the District with a practical roadmap to improving their cybersecurity strategy.

Project Summary

Challenge 1: Lack of Insight into Cybersecurity Program

For this engagement, Focal Point conducted initial discovery sessions with key IT and business process owners to gain insight into the business, key data flows, and the technology environment. In addition, the team reviewed policy process documentation and inspected select operating systems, networks, and applications.

Over the course of the project, Focal Point identified a number of areas that lacked sufficient strategic planning, which had created a reactive governance posture and led to overspending. In addition, vulnerabilities were found within their networks and systems that could have exposed thousands of students’ private information.

Based on the issues found during this assessment, the Focal Point team developed a multi-year strategic roadmap to help the District build a mature cyber strategy and IT governance structure, creating a phased approach to addressing high, medium, and low risk issues. This enabled the District to effectively budget and plan for future IT and security initiatives, taking into account their limited financial resources. This roadmap now serves as the foundation of their IT security program.

Challenge 2: Team Organization

As part of this assessment, Focal Point evaluated the current IT and cyber organization. This assessment covered personnel structure and team salaries, skillsets, and needs. Focal Point found several opportunities to restructure the current team so it could better support the needs of the District. Focal Point delivered a report documenting the recommended personnel structure (including a short-term and long-term plan), cyber skills gaps and opportunities for improvement, and justification for salary changes.

Challenge 3: Application Portfolio Alignment

Like many large organizations, the District had a host of tools and applications running, many of which had not been evaluated in a number of years. During the assessment, Focal Point analyzed the District’s full application portfolio to ensure every tool was meeting the needs of the business. This analysis uncovered a number of opportunities to optimize the tools in place and sunset outdated applications. In particular, the Focal Point was able to save the District $250,000 in licensing costs by establishing a formal end-of-life plan for outdated tools.

Success and Continued Support

Following this assessment, the District was able to build a comprehensive security strategy, based on the report and roadmap. Focal Point helped the District carry out a number of new IT security initiatives based on the recommendations the team provided, helping them establish a robust IT governance structure, clean up their application portfolio, and better organize their team.

In addition, the District has continued to partner with Focal Point over the years on various additional services, including quarterly internal and external vulnerability assessments, network infrastructure stabilization and implementation, and incident response planning.

Case Study: A Large Public School District Protects Sensitive Data With a Strategic Cybersecurity Assessment 1
Featured Service

Cyber Strategy Assessment

Focal Point’s cyber strategy assessment evaluates the current state of your cyber organization, delivers a detailed gap analysis of your security posture, and provides future-state recommendations for improvement. We help you act on these recommendations, streamlining processes, optimizing solutions, and improving operations – advancing your overall cybersecurity posture.

Learn More

Featured Case Studies

Check out more stories about the exciting projects we've been working on.
Case Study: Leading Global Call Center Achieves Compliance with PCI Risk Assessment and Roadmap 1
Case Study

A Large Dental Benefits Administrator Improves Overall Operations With a BC/DR Plan

One of the largest dental benefits administrators in the U.S brought Focal Point in to perform a business impact analysis and business continuity risk assessment to reduce future business interruptions.
Learn More
Case Study: Implementing SailPoint’s IdentityIQ for a National Water Company
Case Study

A Top State University Gets Back on Track with an Upgrade to Oracle Identity Manager

A major university in the U.S was operating an overly complex IAM system and purchased Oracle Identity Manager as a more effective solution, but after two years, the system had still not been implemented.
Learn More
Case Study: A Large Public School District Protects Sensitive Data With a Strategic Cybersecurity Assessment
Case Study

Leveraging Data Analytics for Retail Supply Chain Optimization

A Fortune 500 Retailer engaged Focal Point to assist with improving the inventory management and demand planning performance of the company.
Learn More