For the past six years, Security within Educational Institutions has appeared at #1 or #2 on the “potential to become more significant in the coming year” list
- EDUCAUSE 2011 Top 10 IT Issues
According to the 2011 EDUCAUSE Survey, IT Security is the #4 ranked issue facing education institutions. In 2010, the topic of EDUCAUSE’s security conference was the gran challenge of privacy and the additional Family Educational Rights and Privacy Act (FERPA) and Payment Card Industry Data Security Standard (PCI) issues facing universities and colleges it is easy to see why EDUCAUSE states each organization should ask themselves the following:
- Does your organization have an integrated security and privacy strategy with meaningful support at the highest levels? Is there a person or office clearly recognized as accountable for security and privacy strategy and implementation?
- Does your organization have a comprehensive communications plan for spreading the word about what is being done and for involving community members (e.g., academic, financial, procurement, legal, law enforcement, medical, student) as partners in the solutions?
- Does your organization have a risk-based approach to evaluating threats and prioritizing investments in mitigation?
- Does your organization have an appropriate governance structure for balancing the demands of security and privacy against the other, very real imperatives faced by leadership?
- Does your organization have a formal, auditable approach to evaluating and mitigating risk introduced by externally sourced IT services? Does it have a methodology for revealing and addressing the new concerns that will arise in the move from internal to external provisioning
Savid’s consulting services help colleges and universities meet the needs of FERPA and PCI compliance by leveraging our proven risk assessment methodology that helps prioritize risk using asset value, impact, and likelihood based off our extensive attacker research. Our structured deliverable and extensive experience with educational institutions enables stronger communication from the security or audit teams with the business when discussing security remediation and security controls.
Savid’s Consulting Services include:
Savid’s Technology Implementation Services include the auditing, installation, and configuration of:
- Log Management
- Security Information and Event Management (SIEM)
- Intrusion Detection (IDS) and Intrusion Prevention (IPS)
- Vulnerability Management
- Encrypted Email
- Database Security
- Mobile Device Security
- Endpoint Protection (Anti-Virus, Anti-Malware)