Colleges and universities thrive on the free flow of information. At the same time, they must comply with standards such as FERPA, HIPAA, PCI, and GLBA and protect sensitive data for their students and schools. NetSPI delivers a range of advisory, assessment, and audit services that can reduce risk while helping you meet a range of compliance requirements.
Advisory Services
Strategic Security Services.
Not every security need fits neatly into a predefined project. That's why NetSPI offers client-driven Strategic Security Services to educational institutions. This customized security consulting includes program development, interim CSO/CISO support, and program leadership services.
Security Program Analysis and Development.
Developing a mature security program can be a challenge for any college or university. Through the application of security fundamentals and the use of frameworks such as ISO and NIST, NetSPI helps to align the people, processes, and technology that are key to realizing your security goals and protect student data. Areas of focus include security program strategy, roles and responsibilities, governance, critical security processes, and working with stakeholders to form a roadmap that can assist clients in addressing security weaknesses. By identifying areas for improvement and providing a roadmap of recommendations, NetSPI enables you to progress toward your security goals. NetSPI leverages its specific vertical industry knowledge to assist IHL clients in building compliance-related programs in the areas of PCI, GLBA and HIPAA.
Assessment Services
Application Security Assessment/Secure Code Review.
NetSPI can help minimize risk within applications through multi-layer testing: dynamic application, penetration, and code-level review. We also perform security assessments of databases, thick clients, and web applications.
Internal Vulnerability Assessment.
In performing an Internal Vulnerability Assessment, we use multiple industry-leading tools, combined with expert manual testing by our consultants to verify findings and eliminate false positives. We apply the same thoroughness to quarterly ASV Scans that are part of the PCI compliance process, which applies to almost every IHL.
Penetration Testing.
In both internal and external penetration testing services, NetSPI uses manual techniques and tools that we developed to identify vulnerabilities that allow us to bypass authentication / authorization controls, escalate privileges, and gain access to sensitive information. Penetration testing is particularly important for college and universities, which need to balance network access by large numbers of students, faculty, and administrators with the need to protect confidential information.
Audit Services
PCI Consulting and Audit.
NetSPI offers a complete set of PCI pre-post-audit services as well as PCI ROC attestation within higher-education. NetSPI has the experience to efficiently and effectively help higher-education institutions prepare and comply with PCI.
Regulatory Audit.
There is a lot of uncertainly in how information security measures should be applied at colleges and universities when they deal with healthcare. NetSPI has extensive experience to guide you through the maze. That experience includes working with FERPA, HIPAA, and other healthcare-related compliance requirements.
