Wed, Oct 29, 2014

The End of October Is Here, Check Out Our Final NCSAM Post

An Education in University Information Security

Managing the risks to college and university data protection
From student transcripts and medical records to research findings and financial information, academic institutions shoulder a heavy burden when safeguarding confidential data. A college or university data breach means navigating a maze of regulations, while working to maintain credibility in the eyes of key constituencies. When leadership is juggling competing priorities such as controlling costs, harnessing e- learning and improving student outcomes, little time or resources are left to focus on university cyber security threats.

When you need to

  • Benchmark current data security where are we strong, what should we fix? We can help you define the appropriate standards to apply and then identify security gaps, inappropriate controls, lax security and technological vulnerabilities at all levels of your institution. We’ll translate our findings into actionable initiatives, with prioritized recommendations.
  • Navigate compliance issues confidently. Beyond technology-level security deployment, we also cover organizational-level awareness, examining policies and procedures. Kroll enhances the institution’s ability to respond to threats in accordance with applicable regulations and standards – whether FERPA, HIPAA, PCI, GLB, or others.
  • Determine what really happened. While scoping the nature of the breach and how many records were involved, Kroll can quickly identify the presence of PHI or PII in the data so that you are well prepared for next-step decisions.
  • Prepare for breach notification, if required. Breach notification strategies are informed by the results of our data analysis. These results can be used to determine what consumer remedy is most relevant to risk of harm, as well as generate mail-ready contact files.
  • Improve the odds that breached individuals are notified wherever they are now. An academic breach can affect applicants, alumni, sponsors, students, faculty and staff – current and former alike. When outdated files and unstructured data are involved, Kroll updates and standardizes records to optimize message delivery, save money, reduce returned mail and preserve confidence.
  • Provide answers, experts and real solutions to alleviate concern and remedy identity theft risks. Kroll sets the bar for notifying audiences impacted by a breach – whether victims number in the hundreds or hundreds of thousands. We can quickly mobilize a multilingual domestic call center to field questions and ease concerns; customize risk-based consumer safeguards; and put licensed investigators to work for people who may be more vulnerable to identity theft.

The right solution for any stage of incident response

Kroll provides academic institutions with a number of other cost-effective data breach and incident response services, such as cyber investigation and consumer restoration and threat monitoring.
Comprised of former FBI agents, attorneys, corporate security directors, cyber investigators, computer forensic engineers and networking professionals, our experts speak the same language as the institution’s own diverse team. Kroll is uniquely qualified to collaborate with and leverage the input of the university’s counsel, executive leadership and internal IT team to devise and implement a plan that meets the specific needs of the institution.

Moreover, our customizable solutions assist in navigating compliance issues and technological challenges while also meeting stake holder expectations.

Our experts can

  • Provide comprehensive benchmarks for your institution using risk assessment technology
  • Identify PHI/PII present in breached data
  • Work alongside your internal team to help ensure uninterrupted operations and effective data breach management
  • Reinforce you institution’s commitment to serving the breached community by providing a seamless response process from setting up a dedicated call center to preparing and distributing breach notification to developing customized consumer remediation solutions

Kroll Difference

Whether assessing potential security gaps, assembling an incident response team or exploring the possibility that a data breach has occurred, Kroll is here to help. With more than 40 years of experience, Kroll is the world’s leading risk identification and mitigation consulting firm. Known for our service to academic institutions, we leverage a unique blend of data, technology and human intelligence to help colleges and universities investigate, mitigate and anticipate security-related incidents.


Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Cyber Risk Assessments

Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.