IT SECURITY AUDIT
Helping schools to identify and tackle IT security threats and vulnerabilities since 2001
A regular IT Security Audit is essential for all schools to help mitigate against things like cyber attacks and other types of data breaches. According to recent findings, over 90% of primary and secondary schools have experienced cyber attacks in 2020 via fraudulent emails or websites.
We contract expert ICT Security penetration testers Caretower to undertake penetration testing at schools. Caretower agrees a test scope ahead of testing and carries out all testing in accordance with the agreed scope. All testing is carried out in accordance with Government standards and is repeated on an annual basis and/or after significant architectural changes to the system.
Examples of the scope of testing include:
Web application security penetration testing to cover:
- User and administrator user interface portals
- Testing of authentication service and other system API interfaces
Infrastructure security penetration testing to cover:
- Internal network vulnerability testing covering internal and Internet facing devices, and enumeration and testing of active services
- Firewall build review
- Server build review
- Database settings review
- Network segregation testing
A full report for the school is then produced in accordance with the standard Caretower security testing report format.