CYB 6010 · St. Francis College

Executive Command Center

Current Security Posture

Critical Risks

1

High Risks

2

Medium Risks

2

Strategic Goal

Reduce Critical and High Risks Before the Next Academic Registration Cycle

Year 1 Investment

$60K–$88K

Three strategic programs · Board approval requested

St. Francis College · 2,500 students

Institutional Metrics

MFA Coverage

60%

Vendor Assessments

0%

IR Testing Status

Not Tested

FERPA Audit Logging

Partial

Top Institutional Risks

R-1Phishing / BEC
Critical · 16
R-2FERPA Data Breach
High · 12
R-3Ransomware (ERP/SIS)
High · 12
Risk Center

Strategic Priorities

Security Awareness & Phishing Resilience

$18K-$25K/yr

Zero Trust Access & Identity Governance

$30K-$45K Y1

Third-Party Risk Management

$12K-$18K Y1

Strategic Programs

Program Mission

Establish a risk-based cybersecurity program that protects FERPA-regulated student data, F-1 immigration records, and mission-critical academic systems while aligning with NIST CSF 2.0 governance principles appropriate to a tuition-dependent liberal arts institution.

Board Decision Request

We request Board approval of this strategy and Year 1 funding to reduce Critical and High risks before the next academic registration cycle.

  • ·Approve Year 1 security budget of $60K-$88K across three strategic initiatives
  • ·Adopt the cybersecurity oversight charter for Board review
  • ·Mandate IR playbook completion and tabletop exercise by Month 6
  • ·Authorize CISO to enforce MFA and vendor questionnaire program

Framework alignment

NIST Cybersecurity Framework 2.0 · Primary governance structure
ISO/IEC 27001:2022 · ISMS design principles
FERPA · Mandatory compliance
NY SHIELD Act · State regulatory requirement
CISA Education Sector Guidance · Baseline posture reference

St. Francis College Cybersecurity Governance Portal · CYB 6010 · For executive and board use