Universities as places of learning depend on the ability to share data but need to do so without introducing undue risk to its data used by students or staff. A University IT security health Check (ITHC) will provide you with the assurance that your data is appropriately protected.
A recent test of UK university defences against cyber-attacks, found that in every case, hackers were able to obtain “high value” data within two hours (source: BBC News).
With more and more personal and sensitive data being held by Universities and Research Centres, these institutions are at an increased risk of attack or a breach. Phishing attacks are particularly prevalent, with phishing emails becoming more sophisticated and authentic looking.
With many years of experience of evaluating security, penetration testing and conducting red teaming exercises for our clients, Prism Infosec is ideally placed to offer this short and competitively priced University IT Security Health Check.
The service is designed to be delivered in less than a week, with an initial Open Source Intelligence test to identify vulnerabilities in publicly available data:
University ITHC deliverables include a report highlighting areas of IT risk identified and prioritised and pragmatic recommendations for reducing this risk.
A further optional on-site debrief of the key findings and recommendations can also be provided, if required, which can facilitate interactive discussion of key points with internal teams.
Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.
The IT Security Health Check will focus on other areas that may not necessarily be assessed during an Infrastructure or Web Application Pen test. This service is a focussed test which simulates the approach that real hackers may take to compromise your systems.
For the OSINT Assessment, no details or preparation is required. This is essentially a “black box” engagement, where our Consultant will use a toolkit to attempt to find available data, just as a real hacker would. For the Internal Pen Test element, we may need a few details to enable a smooth and effective test. For the Phishing exercise, we just require the target email addresses, and potentially a relevant theme for the email content.
Yes, our consultants will work with you to determine areas to focus on. This may mean a separate engagement to the Health Check package.
The majority of the test can be conducted remotely, however there may be some elements that will require a consultant to conduct testing onsite.