Today higher education institutions are faced with complex choices when it comes to security and information assurance—choices that must carefully balance protection, costs, and risks. It is harder than ever to prevent unwanted privacy intrusions, media exposure, regulatory penalties, and perhaps even lawsuits. While the marketplace offers many technology options to protect information systems, the operationally mature techniques needed to implement and manage the myriad security controls and effectively secure an enterprise can be elusive. It is vital to select a security partner with the right mix of experience and specialized expertise to achieve reliable, consistent protection at a reasonable cost.
Why CIBER?
CIBER’s Global Security Practice has more than a decade of experience securing the information assets of institutions, businesses and government entities. We have designed and deployed comprehensive security solutions that protect high-profile systems in high-risk environments, such as:
- Protecting $2 trillion in annual high-volume electronic funds transactions for the Internal Revenue Service
- Insulating government communications vital to national security for NASA and the National Security Agency
- Protecting the privacy and integrity of student records and other private personal information for institutions of higher education and state/local governments..
“One size fits all” technical security solutions are not the right answer. Security is more than just technology—our solutions include the programmatic elements and management processes needed to make sure that institutions obtain the maximum benefit from their security technology investments.
A Balanced, Long-Term Approach to Security
CIBER delivers operationally mature, long-term protection for your critical information assets in three stages:
- Defining your security goals
- Achieving your optimum security posture
- Maintaining your secure position
Define Your Security Goals
Building an effective security program starts with assessing your current situation. CIBER offers a full suite of assessments to evaluate the security practices, vulnerabilities, risks, regulatory compliance, and overall security strategy of higher education institutions. Our assessments provide a comprehensive, objective review of the presence and effectiveness of technical and programmatic security controls. CIBER can provide several types of assessments to meet your security needs:
Risk and Vulnerability Assessment
- Program and practices review
- Application security testing
- Penetration testing (“ethical hacking”)
- Perimeter and internal network vulnerability testing
- Network device and system configuration review
- Wireless security testing
Regulatory Compliance Analysis
- Custom security program and policy frameworks based on international standards and tailored to the unique needs of higher education
- Requirements traceability and forecasting
- Readiness planning for HIPAA, GLB, PCI-DSS, Sarbanes-Oxley, and government grant security requirements
Institution Security Strategy
- Security program planning
- Risk management support and methodologies
- Security architecture development
- Achievable business-driven security roadmaps
Identity Theft Assessment
- Business application and database surveys to determine location of personal information storage
- Evaluation of control effectiveness
Business Continuity Management
- Business impact analysis
- Critical business process availability risk analysis
Achieve Your Optimum Security Posture
CIBER delivers comprehensive solutions that blend technology, processes, and people to permanently reduce security risk. Institutions who have been bombarded by vendor-driven point solutions appreciate CIBER’s enterprise risk management perspective and vendor-neutral approach. CIBER has a proven methodology to build a mature organizational culture to effectively manage business continuity and security. We tailor security solutions to your needs, fix security issues at the root cause, and deliver cost-effective security with minimal disruption to your business. Turn to CIBER for:
- Application security
- Security technology and process integration
- Security policy and procedure development
- Remediation of security deficiencies
- Business continuity management program development
- Disaster recovery planning
- Disaster/incident exercise and test planning and coordination
- Security and business continuity training and knowledge transfer
- Security incident response
- Identity theft protection
Maintain Your Secure Position
CIBER’s managed security clients benefit from advanced security techniques at a much lower cost than comparable in-house solutions. Our managed security services feature state-of-the-art security event management (SEM) tools and a 24x7 Security Operations Center that deliver reliable security at a predictable monthly cost. Our highly trained operations staff focuses exclusively on keeping clients’ systems safe through vigilant monitoring of threats and proactive analysis of risks.
CIBER provides the “human touch” needed to determine if an event poses a real threat. Our security team analyzes suspicious events identified by event correlation software to determine if an active defensive response is warranted, and we work with you to neutralize the risk. And, of course, we provide the service level metrics and reporting necessary to comply with security regulations and database breach laws and to demonstrate to auditors that sensitive information is continually protected.
CIBER’s managed security services include a full range of monitoring and management services for reliable, consistent protection:
- Real-time 24x7 event monitoring
- Security device management
- Vulnerability management
- Incident investigation, response, and recovery
- Event correlation
- Compliance reporting
Business Continuity and Disaster Recovery P... (936KB)
Manage Operational Risk Like a Bank!
IT Assessment Cost vs. Value – A Market Response Analysis
