Skip to navigation Skip to main content Skip to footer

Case Study: Improving Security for a University

08 March 2023

By NCC Group

Situation

A leading university recently appointed NCC Group to review its online security and help implement the changes needed to gain Cyber Essentials accreditation. This is now a mandatory requirement for many funding applications and has become a top priority for the university, albeit with a very strict deadline.

Fortunately, once in place, it makes it much easier to continue receiving research funding in the future. After being approached, the Remediate team quickly identified a number of key risks and action points that needed to be addressed.

During a two-day workshop, they created a step-by-step project plan, which they implemented in collaboration with the university’s own in-house experts–resulting in key policy changes, reduced risks, and significant improvements to all aspects of their cyber security.

At a Glance

Organization: University

Industry: Education

Challenge: Review security and implement changes necessary for Cyber Essentials accreditation

Solution: Collaborative plan created and executed to streamline implementation, adjust policies and introduce new tools

Result: Security enhancements were introduced across the board, and the client is now well on its way to achieving its accreditation

Challenge

The university had a strong and capable IT team, but their dedicated resource was limited, which was putting them under a great deal of pressure. The additional capacity and experience of NCC Group freed up their time and allowed them to approach some of the more high-risk areas with added confidence. More importantly, it helped to speed up the process, mitigate unnecessary risks and avoid any unwelcome downtime for students and university staff.

In an environment that is used to open discussion and fluid communication, the challenge was to introduce controls that would protect the university’s data, systems, and network without restricting the free flow of information. Some of the new policies might require one or two behavioral changes. But it was important that this didn’t cause too much disruption or unduly affect the culture of the university.

 

Solution

The initial workshop identified 156 action points in 21 different areas, all critical to the success of the project. With time being of the essence, NCC Group and the university put together a collaborative plan, which used agile project management techniques to implement changes in a series of six, three-week sprints–with regular meetings to review progress and potential obstacles. This made it much easier to focus on individual tasks without losing sight of the overall goal.

The plan itself included some important technical changes, such as reviewing and updating firewalls, extending the scope of multi-factor authentication, and introducing software updates to restrict access on shared computers. It also involved a number of policy adjustments to ensure the safe management of mobiles and other devices, along with new security protocols to avoid information getting lost, misused, or corrupted. Individual tasks were assigned to the cross-functional team made up of NCC Group experts and university employees.

Some of the new policies were written by NCC Group. Others were written by the university and guided by NCC Group based on its library of precedents. Working collaboratively in this agile way made it easier to manage change, introduce seamless processes, and transfer skills that would ultimately leave the university self-sufficient on completion of the project.

Result

By working as an extension of the university’s team, NCC Group has helped to implement a large number of the 156 action points across the 21 areas identified as being of utmost importance in a very short space of time, including risk reduction, policy updates, and ongoing device management.

Thanks to efficient gap analysis, effective resolution management, and clear progress tracking, the university is now well on its way to achieving Cyber Essentials accreditation. Plus, its cyber security is stronger than ever.

NCC Group

NCC Group

NCC Group exists to make the world safer and more secure.

As global experts in cyber security and risk mitigation, NCC Group is trusted by over 14,000 customers worldwide to protect their most critical assets from the ever-changing threat landscape.

Get Started on Your Cyber Security Journey 

Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what NCC Group can do for your organization's unique cybersecurity needs.