• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Unified Vulnerability Management
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
  • Security Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Advisories
• Vulnerabilities Tested
• Compliance
  • Education
  • Healthcare
  • Financial Services
  • Government
  • Merchants
  • Public Companies
• White Papers & Articles
• SSHredder Test Suite

Of further interest:

• Using the PCI Data Security Standard - White Paper
• Carnegie Mellon University
• George Washington University School of Law
• Valdosta State University

Related services:

• Web Application Security Audit
• PCI Compliance Testing
• Penetration Testing

Educational Institutions

Protecting Personal Information of Students, Faculty & Staff

Colleges and universities process are under extreme pressure to protect the large amounts of personal information they collect from students, faculty, staff and the general public. These institutions collect and process personal information through their daily business of admissions, research, student loans, campus retail establishments and other business conducted on campus. The shear volume of this sensitive data makes colleges and universities prime targets for security breaches.

Many well-publicized incidents of security breaches of campus technology networks exist. The Privacy Rights Clearinghouse indicates that since February 2005, over 50 million people have had their personal information potentially exposed by unauthorized access to the networks, and that 50% of all reported security breaches have occurred at colleges and universities.

There are several pieces of federal and industry regulations are directly applicable to higher education:

• Family Educational Rights and Privacy Act (FERPA) - designed to protect privacy rights and accuracy of student education records.
• Gramm-Leach-Bliley Act (GLBA) – defines requirements for how financial institutions protect personal financial information.
• Health Insurance Portability and Accountability Act of 1996 (HIPAA) - defines requirements for access to and transfer of health data for any institution that collects medical records.
• Payment Card Industry Standard (PCI) - defines merchant requirements for securing cardholder information.

Educational institutions need access to a lot of critical personal information in order to provide the student and faculty experiences expected today. However, the shear volume of this information and the volatility of a campus network makes securing this information significantly more complex than some public companies. In order for colleges and universities to ensure they are protecting their constituents personal information, they must employ a solution that safeguards their information systems against unauthorized access, fraud and data theft.

How NeXpose Helps

NeXpose can help educational institutions ensure that the confidentiality, integrity, and availability of electronic personal information, whether admissions records, financial data or health information, is maintained. NeXpose scans Web servers, databases, operating systems, and network devices to locate threats to the environment, then devises a remediation plan to address and remove those threats. Through regular audits of your IT environment, you are able to identify and prioritize vulnerabilities based on the risk they present to your institution, enabling you to better utilize resources fixing the more critical issues.

NeXpose provide reports that help you evaluate compliance with defined security policies. Rapid7 has also successfully completed the PCI Standards Council Vendor Compliance Testing Program, which certifies us to help colleges and universities achieve compliance with the Payment Card Industry (PCI) Data Security Standard.

Rapid7 Professional Services

Rapid7 Professional Services has developed service offerings that can help you get to compliance with these regulations more quickly. Our audit services provides an overview of the effectiveness of the security controls you have in place, including adherence to the requirements outlined in the regulations listed above. We ensure that your network is properly configured to safeguard the integrity of your constituents confidential information and records. Some of our professional services offerings include:

• PCI Compliance Testing
• Penetration Testing
• Best Practices Consulting
• Social Engineering

Contact us to find out how Rapid7 can help your educational institution achieve and maintain security of the myriad of personal information you need to conduct your daily business.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact