At BerryDunn, we work collaboratively with colleges and universities across the country to help them with organizational change, technology transformation, and risk and compliance issues. Our work is at the nexus of people, process, and systems—positioned to help you do what you do, better. We recently partnered with the Massachusetts Executive Office of Education (EOE) to help them develop a shared cybersecurity model for the state's public higher ed institutions.
The challenge
The Massachusetts Executive Office of Education (EOE) works with each educational department within the state and is responsible for connecting programs and policies across the entire public education system. Due to increased cybersecurity risks in higher education, and foundational gaps in institutions’ cybersecurity programs, EOE engaged BerryDunn to assess cybersecurity practices across 15 community colleges and nine state universities and develop a coordinated approach to supporting and maintaining proper cyber hygiene at each institution.
This initiative focused on strengthening institutions’ ability to detect and prevent unauthorized access and damage to networks, devices, programs, and data. With a focus on strengthening institutions’ ability to prevent and detect cyber incidents, the EOE also sought to establish a shared service model to promote collaboration and centralize skilled resources across all of the institutions.
Our approach
BerryDunn’s team of higher education consultants and cybersecurity professionals led EOE through a four-step process. 
Our team led a security assessment of Center of Internet Security (CIS) Critical Security Controls (CSC) (a prioritized set of actions developed by a global IT community) for the 24 institutions to determine their level of compliance. We analyzed feedback received by each institution to help us establish initial baseline recommendations for policies, standards, and metrics, helping each institution identify gaps to compliance with expectations established in the CIS CSC.
Continuing to build off initial outcomes of our engagement, we developed a proposed cybersecurity shared services model. To help determine the components for building the shared services model, we conducted listening sessions with the 24 institutions to gather their feedback on specific aspects they wanted to be implemented.
From these listening sessions, we were able to understand that the shared services model should:
- Include representation from multiple institutions to help ensure proper governance
- Be adopted over time as existing contracts expire
- Enable institutions to save time and money
Our team developed the shared services model to include detailed policies, standards, and metrics in collaboration with the Higher Education Cybersecurity Coordinating Committee to help guide governance and adherence across all 24 institutions.
Outcomes
By engaging our team, the EOE achieved the following outcomes:
- An independent, objective security assessment with actionable outcomes
- A holistic view and understanding of security compliance across institutions
- A collaborative and coordinated effort to strengthen cybersecurity posture across the state
Learn more about our higher education consulting services and meet our team.
Skip to Main Content