As part of our internal audit role, we look at information technology operations to assess how effective the internal controls are at reducing the risk of unauthorized access to systems and critical/sensitive data. Public schools are a known target for hackers and cybercriminals as schools often maintain student, employee and financial data on their local servers. However, these schools often do not have the budgeted funds to implement the latest state-of-the-art hardware and software that can provide strong cybersecurity monitoring. They often also lack the funds needed to hire an independent company to perform vulnerability assessments and penetration tests (aka, “pen tests”) which can identify security gaps.
One possible budget-friendly approach we recently learned about is the use of a virtual pen test. While this will not fully replace a comprehensive manual penetration test, it can be a cost-effective preliminary measure to identify easily exploitable vulnerabilities. Vonahi Security has developed a product that provides continuous network monitoring called vPenTest. The software is a full-scale penetration testing platform that incorporates the latest methodologies and techniques, making it a more affordable option. The platform claims to provide more accurate, faster, consistent, reporting which is not prone to human error. Their website has several blog articles about pen tests, case studies, a list of open-source tools, and other technical resources.
Adam Brigandi, CPA, MBA
Supervisor
Adam is a Supervisor who works with both nonprofit and education clients. His auditing experience allows him to assist in vital audit functions such as systems testing and analysis.
