Aalborg University

Security master plan brought about a lasting collaboration

“Netic is very open about their progress. We are on the same wavelength, and it was quickly apparent that Netic had the experience we were looking for. And we were able to start right away. Something that was crucial.”

One step ahead

In January 2019 the National Audit Office published a report (link is in Danish) criticizing numerous Danish universities for their outdated IT standards, with emphasis on cyber security. This was also mentioned in the media (link is in Danish). What the story doesn’t tell is that Aalborg University together with Netic had already addressed the areas of concern. They had already composed and got their new security master plan approved.

Prior to this the university conducted a GAP analysis with the purpose of identifying potential security gaps, and in addition to reports both by the Danish Centre for Cyber Security and a similar English institution, risk assessments of the most business-critical systems and a maturity analysis with reference to ISO 27001 were conducted.

It’s all about being prepared

AAU was well prepared for the report by the National Audit Office. However, it did serve as a foundation for further improvement for Netic and the Information Security Manager of Aalborg University, Gitte Melph, who set out to integrate the National Audit Office’s five focus areas into the university’s future operations.

Development never stalls – neither for us nor for the bad guys – and mistakes can have serious consequences. It’s all about being prepared and building the right barricades at the right places before a weakness is exploited by the wrong people,” Gitte Melph says.

There are a lot of barricades to keep track of for an institution the size of Aalborg University. Not only does the agency recommend that Aalborg University, like every other public institution, implement various security standards such as ISO 27001. They are also responsible for personal data belonging to about 30,000 students and 5,000 employees together with their many research projects and collaborations spread all across the globe.

Aalborg Universitet Case

The more the merrier

This also means that there are many potential gaps to entrench before it’s too late. For this reason, Aalborg University decided in mid 2018 that a new master plan concerning focus areas and execution should be conducted. This is where Netic enters the picture.

“We were in need of qualified and professional sparring in order to draw up the strategy. We needed more people to take a look at the case. The assistance from Netic allowed us to execute faster and more efficient,” Gitte Melph says.

Since the university’s deadline was short (just about four months), it was important that the sparring partner was able to contribute with value from day one. 

“Netic is very open about their progress. We are on the same wavelength, and it was quickly evident that they had the experience we were looking for. And we were able to start right away,” Gitte Melph says.

Thorough analysis supports the plan

The collaboration already started at the first consultation meeting. The project plan was divided into three overall steps. The first step was the drafting of a security maturity assessment, and subsequently 16 different efforts were identified, including network segmentation for prevention of cybercrime and protection of mobile devices. This analysis served as a basis for the following priority plan that was set out to be in effect the coming two-three years.

Success leads to continued collaboration

At first Aalborg University was looking for assistance with the plan itself, but when it was ready and the implementation process of the planned initiatives was approaching, the university chose to continue the collaboration with Netic.

“Our goal is and has always been to increase the security. It is the reason why we’ve been brought into this world. Our continued collaboration with Netic allows us to draw on existing expert know-how, and we hope to benefit from this as long as possible,” Gitte Melph says.