Higher Education Expertise

Why It Matters

Universities and other higher education institutions have complex security and regulatory requirements. Working with a security vendor that does not understand the many facets of your university or college operations the need for silos and shared data environments, how overlapping compliance mandates compete with security, and the types and sensitivities of data stored across administrative departments can lead to results that lack proper context and incorrectly assessed risk, and overblown remediation.

How We Help You

Penteor provides services to higher education institutions covering the full spectrum of public and private, including for-profit, colleges and universities. We understand that educational institutions face a plethora of legal, regulatory and industry requirements arising from the wide-ranging nature of their operations to protect the privacy of their students and to conduct and advanced research and intellectual property. These include Payment Card Industry Data Security Standards (PCI DSS, Family Educational Rights and Privacy Act (FERPA), and Health Insurance Portability and Accountability Act (HIPAA). We understand the nature and sensitivity of the data collected by educational institutions, which require special security considerations. We also understand the tight budgets many educational institutions face, and the high priority placed on increasing efficiency while meeting security requirements. In addition, we understand the challenges associated with enabling and securely supporting mobile students (including Bring-Your-Own-Device) and faculty.

We offer a range of services to meet the diverse needs of public and private higher education institutions, including:

  • PCI Consulting, including Readiness Reviews, Gap Analysis, Mock Audits, Report on Compliance and Self-Assessment Questionnaire engagements
  • PCI Scanning
  • FISMA Compliance (when working with federal agencies)
  • FERPA Compliance
  • HIPAA Compliance (when providing student healthcare resources)
  • IDS/IPS Monitoring and Management
  • Mobile Application Security Assessment
  • Wireless Security Testing
  • Security and Risk Assessment
  • Firewall Monitoring and Management
  • Log Monitoring
  • Security Architecture and Documentation
  • Incident Response Programs and Client Notification
  • Independent third-party review of security, both technical and general controls
  • Vulnerability Testing—including networks, applications, systems, databases, etc.
  • Penetration Testing (internal and external)
  • Web Application Testing
  • Web Application Firewall (WAF) Management