When it comes to safeguarding student data, educational institutions must meet several compliance requirements. The Gramm-Leach-Bliley Act (GLBA) is one regulation that has established a set of baseline standards for handling confidential information. Penetration testing and vulnerability assessments under GLBA will be required as of December 9, 2022, for many educational organizations that collect, process, maintain, or handle personally identifiable financial information.
To ensure compliance with GLBA, educational organizations may need to undergo regular penetration testing and vulnerability assessments. The penetration testing simulates a real-world attack on the institution's systems and data to identify vulnerabilities that hackers could exploit. Vulnerability assessments scan for known vulnerabilities across infrastructure and applications.
There are two parts to the GLBA Compliance Penetration test. First, Secure Ideas will perform a penetration test focused on the security of the information in scope for GLBA. The test will cover your internal and external network surfaces. Second, Secure Ideas will perform two vulnerability assessments over one year, spaced apart by approximately six months. Currently, this service is designed for educational organizations, not full-service financial institutions.
We understand that the education industry is highly competitive and views regulatory compliance as a necessary obligation rather than an intrinsic priority. We price all of our penetration testing services as fixed-bid work, using our highly skilled US-based consultants. We have made the following concessions to keep our price as low as possible without sacrificing quality:
Your quote will include an indication of the number of days of effort. We calculate this number by comparing your scoping information to similar projects that we have tested in your industry. We then multiply the effort by our standard daily rate to determine the total cost.