Educause Security Discussion mailing list archives
Security Assessment -- Firms and Costs
From: Kevin Casey <CaseyK () HUSSON EDU>
Date: Sat, 15 Jan 2011 07:16:42 -0500
Good morning. We have a common-enough story: we're a small university (3k students, a third of whom live on campus) with an under-staffed IT department. We've got the "annoyance" threats contained, and have some data security safeguards in place to help keep us off the front page of our local newspaper, but we've never done a large, thorough technical audit. Some research has revealed assessment firms and rough pricing. Some in our administration, however, seem surprised/appalled that it would cost this much. So I'm looking for a little more evidence that, yes, it does cost this much. I was hoping that folks might be willing to share in brief their experiences with this, something like, "We've got 5k students, we used this firm, and it cost about $x at the end of the day." We're looking for pretty complete internal/external vulnerability/penetration testing, a review of our policies, and a focus on about five applications. The chief goal is to prevent an episode where student/employee data is compromised. I understand student numbers is not the best unit of comparison (as opposed to IP addresses, etc.), but I'm just looking for rough figures. Thanks! Kevin Casey Husson University
Current thread:
- Security Assessment -- Firms and Costs Kevin Casey (Jan 15)
- <Possible follow-ups>
- Re: Security Assessment -- Firms and Costs Barron Hulver (Jan 15)