Skip to end of metadata
Go to start of metadata


The following list of information security risk assessment consultants are offered as a reference list only; no endorsement of their effectiveness for any particular work is implied. This list is offered solely as a possible starting point in the search for consultants or consulting organizations - the focus of this list is consultants who provide some form of risk assessment consulting services or products.

Any consultant or consulting firm on this list has been added by an EDUCAUSE member institution which has engaged that consultant or firm. The minimum information provided is:

  • Vendor name and contact information
  • Listing entry institution name and contact information (if more than one institution has listed the same vendor, the contact information is provided for each listing institution)
  • A brief description of the consulting services provided (if more than one institution has listed the same vendor, the information is provided for each listing institution)

Institutions providing this information are willing to discuss their experiences with other EDUCAUSE institutional members.

List of Consultants

Accudata Systems Inc.

Listing Institution: Baylor University

  • Contact: Jon Allen
  • Email:
  • Phone: 254-710-4793
  • Years of Consult: 2004, 2005, 2007
  • Consulting Engagement: Full IT Security Assessment. Onsite scanning, offsite scanning, policy review, social engineering and phishing.

BSI Management Systems America, Inc.

Listing Institution: Georgia State University

  • Contact: William Monahan
  • Email:
  • Phone: 404-413-4527
  • Year of Consult: 2007-2008
  • Consulting Engagement: Conducted ISO 27001:2005 preassessment, Phase I, and Phase II audits of GSU's Information Security Management System.

Cedric Bennett & Associates

Listing Institution: University of South Carolina

  • Contact: Marcos Vieyra
  • Email:
  • Phone: 803-777-4685
  • Year of Consult: 2008
  • Consulting Engagement: High-level assessment of the information security state-of-readiness for the University of South Carolina. This engagement included a week of interviews with executives at our institution.

CyberIntelligence, Inc.

  • Contact: Sean Ensz
  • Email:
  • Phone: 405-747-7028
  • Addr: 206 Chautaugua, Norman, OK 73069
  • URL:

Listing Institution: University of North Carolina at Chapel Hill

  • Contact: Sallie Wright
  • Email:
  • Phone: 919-445-9395
  • Year of Consult: 2006-2007
  • Consulting Engagement: CyberIntelligence was hired to investigate an incident requiring computer forensics expertise.

Information Methodologies, Inc.

Listing Institution: Stanford University

  • Contact: Cedric Bennett
  • Email:
  • Phone: 650-858-0883
  • Year of Consult: 2002
  • Consulting Engagement: imi was hired to provide an overall security assessment. This was to include a sense of the current security posture of the university, a sense of the status of the current security program, and recommendations for improvement. In a second engagement the same year, imi provided facilitation support to a team working on security policy.

Integrigy Corporation

Listing Institution: Lansing Community College

  • Contact: Chris A. Bennett
  • Email:
  • Phone: 517-483-5264
  • Year of consult: 2004
  • Consulting Engagement: Technical Oracle security assessment covering Oracle 11i eBusiness Suite, Oracle Portal/Collaboration Suite, Oracle Internet Directory, and source code review of custom timecard application.

Intel Guardians

Listing Institution: University of Florida

  • Contact: Kathy Bergsma
  • Email:
  • Phone: 352-392-2061
  • Year of consult: 2003
  • Consulting Engagement: Comprehensive ISO17799 risk assessment originally contracted with Predictive. Ed Skoudis, the lead consultant, is now with Intel Guardians.

iSecure Solutions

Listing Institution: Calvin College

  • Contact: Henry DeVries, CIO
  • Email:
  • Phone: 616-526-6148
  • Year of consult: 2004-2010
  • Consulting Engagement: iSecure Solutions has provided a wide variety of services: 1) security policy gap analysis recommendations, 2) internal and external network vulnerability scanning and penetration testing, 3) network topology re-design, 4) server scanning for operating system security vulnerabilities, 5) IT Risk and GLBA compliance assessment, and 6) support for PCI-DSS compliance.

Listing Institution: Messiah College

  • Contact: Richard Dent, CIO
  • Email:
  • Phone: 717-796-1800, ext. 6014
  • Year of consult: 2005-2007
  • Consulting Engagement: Provided a basic security assessment, to include a current security posture of the institution and recommendations for improvement (2005-2006). Conducted an IT risk and Gramm-Leach-Bliley compliance assessment (2006-2007). iSecure Solutions provides basic security assessment including policy analysis, network architecture review and network vulnerability scanning of critical servers. They specialize in the higher education market.

LarsonAllen, LLP

Listing Institution: Minnesota State Colleges & Universities

  • Contact: John Hoffoss
  • Email:
  • Phone: 651-201-1453
  • Year of consult: N/A
  • Consulting engagement: I am a former employee and have not retained LarsonAllen's services (nor am I in a position to do so). - In the past, LarsonAllen has performed IT audits in support of financial controls for colleges from small, private colleges to large, land grant universities. The firm has a wide variety of expertise that is not specific to higher education, including extensive risk assessment within financial institutions, which can be leveraged in a variety of engagements.


Listing Institution: University of Kansas

  • Contact: Charles Crawford, Director/IT Security Officer
  • Email:
  • Phone: 785-864-0491
  • Year of consult: The initial assessment took place in 2006, follow up scheduled in June of 2008
  • Consulting Engagement: Engagement of Information Governance and ISMS implementation. This assessment and compliance with the ISMS standard is the basis for our ongoing compliance efforts with PCI, HIPAA, GLBA, and FERPA.

Security Horizon

Listing Institution: Rochester Institute of Technology

  • Contact: Jim Moore
  • Email:
  • Phone: 585-475-5406
  • Addr: 5350 Tomah Drive, Suite 3500, Colorado Springs, CO 80918
  • Year of consult: 2003
  • Consulting Engagement: Security posture assessment (policy to process to technology support assessment)


Listing Institution: Stanford University

  • Contact: Cedric Bennett
  • Email:
  • Phone: 650-858-0883
  • Year of Consult: 2002-2003
  • Consulting Engagement: SystemExperts provided several highly focused vulnerability assessments for specific administrative application systems.

Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

information information Delete
security security Delete
risk risk Delete
assessment assessment Delete
consultants consultants Delete
list list Delete
educause educause Delete
heisc heisc Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.