Services in Information Assurance

The George Washington University has a large and diverse program consisting of highly-regarded schools of law, engineering, medicine and many other disciplines.  While many of the enterprise information systems are hosted by GW Information Systems and Services (ISS) and maintained in a professional data center environment with state-of-the-art controls and governance processes, a significant portion of GW IT assets, to include information, are distributed throughout the various schools and physical locations.  The varying degrees of processes and knowledge controlling these resources represented a security risk.  The GW Chief Information Officer, with help from Indigo IT security consultants, took a unique approach to identify, assess, plan, report, on these assets.  Rather than attempting to centralize all assets, the project team took a collaborative approach with the various schools that consisted of educating managers on their risk portfolio, providing options for remediation, assisting with application moves to centralized hosting in some cases, and setting standards and remediation plans in other cases.  Establishing a collaborative process for identifying applications, and, when needed, “corralling rogue servers,” proved extremely effective.  In less than 10 months GW had a tremendously better understanding of the risk and how to manage it.  Moreover, the process became operational in nature, to allow continued monitoring and management by ISS.  Many schools are presented with very similar risk due to the decentralized nature of information technology at most universities.  Because of this project, however, the CIO was honored and GW recognized within academia as leader in managing these issues.