ORION has been running a shared CISO pilot for the past 20 months that has been born out of a collaborative initiative supported by ORION and five of their client Universities (G5) and three Colleges. The role has provided this community with strategic security thought leadership, while bringing them tangible security guidelines for compliance, risk management, a governance framework as well as roadmap of broader shared security services. This comes at a much-needed time in the academic arena when many of Ontario’s Universities and Colleges are challenged to address security for several reasons. For example, IT budgets are strapped and Provincial government funding is more limited than ever before, all this at a time when cyber threats are evolving at a much faster pace than these organizations can handle.
The current shared CISO constituents comprise of a finite group of Universities and Colleges across the province, they include: Brock, Laurier, Laurentian, OCAD, Queen’s University, Humber, Niagara and St. Lawrence Colleges.
Given the success of the shared CISO model with the G8 we are looking to transform the shared CISO pilot in to full time service for the universities and colleges, with potential service expansion to School Boards, Research Institutes, Hospitals in the future.
Challenges to our community (Based on the input of G8)
- Lack of available cybersecurity talent
- Skyrocketing cybersecurity salaries
- Limited operating budgets
- Organizational challenges
- Existing security team caught up in day to day issues
- Retention of cybersecurity talent
Goals of the ON-CHEC Program
- Provide a benchmarking model to assess the current state of cybersecurity
- Strengthening the cybersecurity posture of the institution being served
- Virtualizing the cybersecurity team of the constituent who is being served
- Providing security thought leadership
- Provide a scaled approach to meet the organizational needs for running a successful security program
Cybersecurity for Higher Education
ON-CHEC provides cost-effective cybersecurity guidance, programs, and services to meet the needs of ORION’s community. This will be achieved through engaging with community to understand needs and enable/support national community cybersecurity programs.