San Juan Unified School District (SJUSD) needed a comprehensive risk assessment and a robust information security program to enhance its cybersecurity posture. This initiative was part of a 5-year plan sponsored by the Board of Education and the Director of Technology. The challenge was to address both technical and non-technical vulnerabilities while ensuring compliance with evolving cybersecurity standards.

What Omnistruct Did to Solve the Challenge:

Comprehensive Risk Assessment:

• Conducted a thorough risk assessment using the NIST 800-115 standard.
• Performed automated application and network penetration testing of both internal and external technology assets.

Deliverables:

• Executive and technical reports identifying vulnerabilities.
• Development of a new information security program based on National Institute of Standards and Technology (NIST) cybersecurity standards.

Assessment Highlights:

• Identified and addressed technical vulnerabilities such as end-of-life servers, antivirus deficiencies, security patch issues, and CVE/CVSS vulnerabilities.
• Highlighted non-technical vulnerabilities including dormant Active Directory user accounts, gaps in security events, incident detection and response plans, and cyber risks in regulatory and statutory governance.

 

Results achieved:

Cost Savings:

• The assessment and subsequent program development enabled the district to prioritize and allocate budget more efficiently.

Enhanced Cybersecurity Posture:

• Implemented a comprehensive information security program with written policies and technical controls.
• Improved the district’s readiness to respond to cyber threats.

Executive and Board Support:

• Secured additional budgetary allocations and staffing from the Board of Education.
• Ensured executive support for the technology plan and cybersecurity investments.

Compliance and Growth:

• Ensured compliance with evolving cybersecurity standards and regulations.
• Provided a model for other educational institutions to follow in enhancing their cybersecurity measures.

Conclusion:

By partnering with Omnistruct, SJUSD successfully enhanced their cybersecurity posture, addressed critical vulnerabilities, and established a sustainable information security program. This strategic approach not only safeguarded the district’s current operations but also positioned them for future growth and compliance with industry standards. This case study highlights the importance of a thorough risk assessment and a well-structured information security program in protecting educational institutions from cyber threats.