Institutions of learning from elementary schools to universities have more personally identifiable information than nearly any other type of organization. Name, address, date of birth, family information, health records, financial data and transcripts are just the tip of the information iceberg that resides on the institution’s network.

These networks are used by an ever expanding number of education stakeholders who depend on the Internet for teaching, research, healthcare, admissions, fund raising, email and online classes. This information must be protected with the appropriate security controls in accordance with a growing number of regulations including:

PCI DSS – Protection of payment card information

HIPAA/HITECH – Protection of student health records or research involving private health information

GLBA – Protecting financial information

FERPA – Family Educational Rights and Privacy Act – student records privacy

Our Solutions

Risk Based Security offers a number of solutions designed to address the special needs of security professionals in education.

Solution Benefits Of Our Approach
Cyber Risk Analytics Cyber Risk Analytics offers access to a data breach database containing industry specific details on threat vectors and vulnerabilities. The database is easily accessible through analytical tools and dashboards designed to support risk analysis and to identify security risks by industry, giving organizations the power to identify the true risks to their most valuable assets.
Security Intelligence Reports Security Intelligence Reports offers organizations a quarterly report that highlights the global trends in information security incidents along with lessons learned and recommendations. A subscription to Security Intelligence Reports provides organizations with a glimpse into the most current information security breaches and the potential impact on their operation.
YOURCISO YOURCISO is aimed at helping organizations that do not have security resources on staff by providing access to security intelligence and the right expertise on an as needed basis delivered through a SaaS model. All services are fulfilled by an experienced security professional with the objective to assist organizations with the planning and management of their information security and risk management programs.
Risk Assessment Risk assessment is the foundation for building a comprehensive Information Security Program that adequately protects the confidentiality, integrity and availability of an organization’s information assets. Risk Based Security employs a standard assessment methodology and approach based on the guidelines in ISO/IEC 27001:2005, ISO 31000:2009 and NIST SP 800-30 to ensure a consistent and high value result.
Security Policies Documented security policies are the very foundation of an organization’s security program. Employees need to understand management’s expectations in regards to information security in order to have any chance of doing the right things. Risk Based Security’s “Policy Toolkits” provide easy to customize policy documents appropriate for the small business looking for the bare minimum policies and procedures to the mature organization seeking certification to ISO/IEC 27001:2005.
Training One of the best ways to reduce the risk to an organization’s information assets is to institute company-wide security-awareness training. Our training initiatives include links to security awareness website(s) and security awareness, risk assessment and ISO/IEC 27001 presentations.
Network Vulnerability Assessments The overall objective of a Vulnerability Assessment is to scan, investigate, analyze and report on the level of risk associated with any vulnerabilities discovered on public, internet-facing devices and to provide your organization with appropriate mitigation strategies. The Risk Based Security Vulnerability Assessment methodology has been designed to comprehensively identify, classify and analyze known vulnerabilities in order to recommend the right mitigation actions.
Incident Response Everything we do is focused on helping organizations avoid a security incident. However, in today’s environment every organization needs to be prepared for dealing with a data breach. Each client organization will have access to incident response planning documents as well as a security advisor for a 30 minute consultation in case of a breach.
ISO/IEC 27001 Risk Based Security provides customized training, security assessments, security program audits and gap analysis as well as pre-certification consulting services to both protect organizations with best practice security controls and to prepare them for a smooth ISO/IEC 27001:2005 certification audit.
Vulnerability Intelligence Risk Based Security’s VulnDB API is ideal for organizations that need timely information on software threats to their organization, companies that create signatures for security products, and agencies tasked with providing incident response. By leveraging the data available through the VulnDB API, organizations have access to a comprehensive data source that delivers reliable and timely alerts and recommendations about software vulnerabilities and patch availability.
Software Development Life Cycle The intent of a SDLC process is to produce software that is cost-efficient, effective, high quality and secure. Risk Based Security’s SDLC methodology follows the stages defined in Microsoft’s SDL. Our experience, expertise and knowhow allows us to tailor a SDLC process that fits today’s limited budgets while implementing the project in a prioritized manner, resulting in the best ROI.


Our products
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
Risk Management
Learn more
Request Demo