Data Privacy & Security Services
Welcome to the Orange-Ulster BOCES Data Privacy and Cybersecurity Services Vendor Catalog
This catalog showcases our awarded vendors for the 2024 RFP. To facilitate your decision-making process, we’ve also included a service matrix that allows you to browse by specific service categories. We encourage all component districts to explore these options to find the best fit for their needs, as your choices will ultimately guide the future stages of the Data Privacy and Security Services program.
Acture Solutions + Computer Systems Integrators (CSI)
Since 1984, Acture Solutions has been a leading provider of managed IT services, cybersecurity, cloud solutions, networking, and classroom collaboration. Acture's mission is to protect and guide the technology decisions of our community’s most important institutions—including K-12 schools, vocational schools, regional banks, community-centric non-profits, pharmaceutical companies, and local hospitals. Acture passionately believes that these institutions deserve enterprise-level IT and cybersecurity protections at an affordable price. With the acquisition of CSI, a trusted enterprise network, computer support, and consulting provider since 1991, Acture further strengthens its dedication to serving the unique IT needs of educational organizations and local government. CSI’s Principal Officers have been working with technology systems since the 1970s, and their decades of experience in K-12 schools have fostered a deep understanding of the challenges these entities face — from budget constraints to regulatory compliance and limited hardware resources. Our combined team brings unmatched expertise and passion for excellence, with engineers holding advanced certifications in Aruba, Cisco, Microsoft, and VMware. Many team members have been with us for over 20 years, providing stability and consistency in a rapidly changing technology landscape. Together, we are committed to delivering secure, stable, and productive environments for our clients. Our mission remains clear: to ensure that the community’s most vital institutions are empowered with leading-edge IT services and cybersecurity solutions, while keeping them safe and sound. With Acture and CSI, "You'll never go it alone."
AgileBlue
AgileBlue's 24/7 AI-Powered SecOps platform is perfectly aligned with Orange-Ulster BOCES’s goal of enhancing the data privacy and cybersecurity posture of component districts. Their fully managed SOC provides real-time monitoring and rapid response to threats, while the AI-powered platform uses advanced analytics to detect anomalies and correlate security events across the network. With comprehensive compliance reporting, scalability, and customization, AgileBlue has built a tailored approach that helps school districts across the U.S. & many organizations in New York, such as New York Board of Elections and Niagara Frontier Transportation Authority, meet regulatory requirements while protecting sensitive networks and data.
ArkTech
Ark Tech Security and compliance In an era where security and compliance are ever-evolving, Ark Technology Consultants offers you the agility and adaptability you need. We work with leading solutions to achieve both value creation and operational efficiency. Unlock a fortified digital environment that supports your organization’s core objectives with security solutions that are in alignment with the Cyber NIST framework.
Awareness Training
- Automated Training Campaigns
- Fully Automated Phishing Attacks
- Enterprise-Strength Reporting
Zero Trust Capabilities
- Allowlisting
- Ringfencing
- Elevation Control
- Storage Control
- Network Access Control
Security Assessment
- M365 Analysis
- Penetration Testing
- Internal & External Vulnerability Scanning
EDR & MDR Services
- Custom Playbooks
- Threat Hunting
- Investigation and Remediation
- Supports Windows, Mac, and Linux
- Cloud Based Implementation
Artilus
"Artilus is a leading provider of advanced cybersecurity solutions specifically for the educational sector. With extensive experience and insight into the unique challenges faced by school districts, Artilus offers cutting-edge technologies such as XDR, SOC, and penetration testing to enhance data privacy and cybersecurity. Their services include robust threat detection and tailored solutions that help districts comply with stringent data protection regulations, supporting frameworks like NIST. Notably, their Lightkeeper service meets 25 NIST CSF controls fully and partially meets an additional 23. By partnering with Artilus, school districts benefit from proactive security measures, real-time monitoring, and incident response strategies, ensuring the protection of sensitive information and a secure learning environment. "
Bulletproof
With locations across North America and around the globe, Bulletproof has decades of IT, security, and compliance expertise. The company collaborates with the Orange-Ulster Board of Cooperative Educational Services, utilizing its extensive industry experience to strengthen data privacy and cybersecurity measures. Recognized as Microsoft’s global Security Partner of the Year in 2021 for its outstanding and innovative end-to-end security solutions, Bulletproof is also a member of the Microsoft Intelligent Security Association (MISA) and received the 2024 MISA Excellence Award as a Security Trailblazer.
Caetra io
CyMetric is a one-stop shop for understanding, documenting and communicating the strategy, accountability, activities and status of a District's cybersecurity program. The CyMetric platform is a centralized repository:
- Defines activities and tactics that satisfy regulatory, insurance, and contractual requirements written in language technology resources understand
- Documents the cybersecurity and privacy program components that District and State stakeholders require
- Directly ties District network, security, and operational processes districts implement to elements of the NIST CSF and Part 121 or any business or auditor requirement
- Enables the assessment of the cyber program to identify and prioritize risk as well as document remediation strategies to address risk
- Produces reports that communicate the status of the program from asset inventory to compliance with regulatory requirements
- For stakeholders who are less technologically focused, CyMetric provides a risk communication mechanism to understand where risk exists within their environment and visualize program status via reports and graphical dashboards
- Helps identify gaps and risks in the cybersecurity program model that need to be addressed and prioritized which can quantify budgetary and resource requests
- Demonstrates progress of the cybersecurity program over time at the organizational or individual system level
- Adapts to changes in the law or its requirements by proactively delivering updated program recommendations reflecting guidance from New York based law firm, Harris Beach PLLC
Districts who use CyMetric can choose between industry standard controls and tactics suggested by National Institute of Standards and Technologies (NIST) SP 800-53 publication or from the Center for Internet Security (CIS) v8.1. Any custom controls that address privacy, notification or other unique requirements of the Ed Law 2-d Part 121 regulation were written and validated by the attorneys at our business partner, the Harris Beach PLLC law firm.
CDW
As a leading K-12 technology solutions provider, CDW Education understands the challenges – and opportunities – involved in building a flexible and supportive personalized learning environment for K-12 students. You can count on us to guide you through tight budgets, numerous choices and shortfalls of expertise so that you’re prepared to meet your IT needs, now and in the future. At CDW, we are proud to be more than just a supplier of technology products. We are a comprehensive technology partner, committed to providing innovative, scalable, and secure IT solutions that meet the complex needs of today’s digital environment. Here’s how we can help transform your IT and security infrastructure:
- CDW Amplified Cybersecurity Architecture and Design Services
- Network Security
- Asset Security
- Access Control and Physical Security Collaboration
- Smart Classroom
- CDW Amplified Workspace Services
- Optimize education environment communication, productivity, responsiveness and workflow efficiencies, and can remotely support and automate your communication platforms to ensure constant connectivity
- Google Workspace for Education
- Microsoft for Education
- Creation of customized learning solutions
- CDW Amplified Support Services
- Deliver custom warranty and maintenance services that augment your IT staff, so they can focus on maximizing business outcomes
- CDW Amplified Comprehensive Security Assessments
- CDW Amplified Penetration Testing, Application Testing, Purple and Red Team
- CDW Professional Implementation Services and Staff Augmentation Support
- CDW Amplified Data Security Solutions Professional Workshops and Training
- CDW Proof of Concepts (POC)
- Active demonstration of a product in live or sandbox environments, focused on determining whether an idea can be turned into a reality
- CDW Managed Security, Network, Backup Services, XDR, and EDR Services CDW Amplified Incident Response and Threat Remediation
- Cloud Security and Compliance
- Secure Data Backup and Recovery
CloudFirst
With over a decade of experience, CloudFirst specializes in fully managed IT and cybersecurity services tailored for K-12 school districts. We work closely with district IT teams to address unique challenges, leveraging Microsoft’s security framework—including Defender XDR, Sentinel, and SIEM—for advanced threat detection and response. Our 24/7 in-house security team ensures continuous protection, offering schools the best value with a multi-layered approach.
Our specialized cybersecurity services include:
- Remote Monitoring and Management (RMM): Endpoint discovery, asset management, patching, and automation.
- Cybersecurity & Compliance Assessments : Identifying vulnerabilities within school networks and systems, and bridging gaps with NIST/CIS standards.
- Penetration Testing: Conducting real-world tests to evaluate system resilience.
- Comprehensive Endpoint Detection and Response (EDR/MDR/XDR): Multi-layered endpoint security with 24/7 monitoring.
- Network Monitoring and Protection: Continuous oversight of firewalls, IAM, antivirus, and external threats for proactive detection and defence.
- Business Continuity and Disaster Recovery (BC/DR): Ensuring swift recovery of critical systems in case of disruptions.
- Enhanced Access Security (SSO & MFA): Providing secure access controls for students and staff
- Ongoing Security Awareness Training: Educating staff to build a cybersecurity-focused culture.
- IT Security Assurance and Compliance Reviews: Comprehensive assessments aligned with cybersecurity insurance requirements.
ComSource
ComSource in partnership with Anjolen recognizes few organizations have the necessary expertise to identify and address risk and cyber threats. We help our clients secure their organization’s network and data to mitigate the risk of a costly security incident. Our principals are subject matter experts who have held high-level security clearances and have worked in military, intelligence, law enforcement and commercial application environments. They understand the complexity of protecting your company against data theft, as well as the challenge of keeping current on regulatory concerns impacting organizations.
Core BTS
At Core BTS, we're dedicated to helping you build a stronger, more secure digital environment. Our comprehensive suite of cybersecurity services is designed to address your unique needs, from strategic planning and risk assessments to expert implementation and ongoing management. Our team of seasoned professionals leverages deep industry expertise and a vast network of partners to provide tailored solutions that protect your organization from emerging threats. Whether you need help identifying vulnerabilities, implementing advanced security technologies, or managing your day-to-day security operations, we're here to support you. With Core BTS as your partner, you can confidently navigate the complex cybersecurity landscape and focus on your core organizational objectives.
Crowdstrike
We stop breaches. All CrowdStrike customers, regardless of size, benefit from Threat Graph, from community immunity and from the expert knowledge that flows from these teams into our endpoint protection platform (EPP) product. This stands in stark contrast to many of our competitors that offer nothing more than glorified managed detection and response (MDR) services. Even exceptionally mature security programs at the world’s largest organizations rely on the unparalleled support, experience and guidance provided by our experts. We deliver this one-of-a-kind level of expertise to all customers through access to our threat intelligence team, through 24/7 proactive threat hunting from Falcon OverWatch, and through Falcon Complete, the only fully managed endpoint protection that includes surgical remediation backed by a “no fine print” warranty of up to $1 million USD. Falcon OverWatch and Falcon Complete were industry trail blazers, and while many copycats have appeared, our offerings continue to be uniquely effective and scalable. They are fully integrated with the Falcon platform, allowing our teams of expert practitioners to identify and respond to emerging threats globally for our entire customer base, using the same tools we build for our customers.
CTS
CTS has over a decade of experience delivering comprehensive IT and cybersecurity services that strengthen the data privacy and cybersecurity framework of districts. Our Cyber programs are designed to enable districts to meet the requirements of Ed Law 2-d, requiring minimal internal security expertise. Our Managed Cyber Protection program includes 24/7 Managed Detection and Response (MDR), advanced email phishing protection, security awareness training, and cloud backups for Microsoft 365 or Google Workspace. Additionally, through our Cyber Advisory Services, we support districts in meeting regulatory and cyber insurance standards with security policy development based on various cybersecurity frameworks, third-party vendor assessments, and regular posture evaluations. CTS is dedicated to creating secure, uninterrupted learning environments, enabling schools to focus on education while we protect their technology infrastructure.
Cybernut
“CyberNut specializes in providing fully automated and gamified cybersecurity awareness training specifically designed for K-12 education. Our platform helps districts enhance their data privacy and cybersecurity posture by training staff, teachers, and students to identify phishing attacks and other cyber threats. We offer personalized, micro-trainings that adapt to each user’s skill level, ensuring an engaging, low-touch solution that reduces human error—the primary cause of security incidents in schools. Our service aligns perfectly with your goal of improving cybersecurity by creating a safer digital environment for educational communities.”
Driven Technologies
Driven Tech is a specialized cybersecurity services and consulting organization dedicated to protecting schools and educational institutions from evolving cyber threats. Our comprehensive offerings include a range of services designed to ensure your network and data remain secure:
- Managed Detection and Response (MDR) services, powered by our 100% US-based Security Operations Center (SOC), which continuously monitors and defends your institution's network.
- Vulnerability Management services that help identify and address potential risks, ensuring proactive security measures.
- Firewall Management solutions, providing an extra layer of defense against cyber threats.
In addition to our core services, we offer professional consulting tailored to the unique needs of educational environments. Our expertise spans Palo Alto Networks products and other leading security technologies, delivering robust and scalable solutions that can grow with your institution’s needs.
Driven Tech is proud of its proven track record, reflected in an impressive Net Promoter Score (NPS) of 90.9 and recognition as one of Inc. 5000’s fastest-growing companies. We are also honored to be a Palo Alto Networks Diamond Innovator and included in CRN’s MSP 500 Elite 150.
We understand that educational institutions need reliable, cost-effective cybersecurity solutions that don't compromise on quality. Our mission is to help schools protect their students, staff, and sensitive data.
To learn more about how we can support your school’s cybersecurity needs, visit us at Driven.tech or contact Rich DeFeo, Sr. Account Manager, at 845-222-0169 or rdefeo@driven.tech.
DataSure24
DataSure24 provides advisory and managed cybersecurity services to K12. Our services include:
- Data security and privacy consulting
- Gap assessments against NIST CSF for EdLaw 2D
- Managed SIEM and EDR with 24/7 monitoring
- Security awareness training and testing
- Vulnerability scanning
- Penetration testing
- Incident response and forensics
ERMProtect
ERMProtect is a full-service cybersecurity firm with over 26 years of experience. We offer comprehensive services aligned with Orange-Ulster BOCES’s goal of enhancing data privacy and cybersecurity infrastructures. We offer tailored, scalable solutions designed to meet each client’s goals; our services include:
- Vulnerability Assessments: Payment Card Industry (PCI) Assessments, ISO 270001, CIS security model and other security standards.
- Security Audits against common Frameworks (NIST CSF, CIS, HIPPA, FISMA, FERPA)
- Penetration Testing: External, internal, web/mobile applications, wireless, segmentation tests
- Security Awareness Training: customized trainings, phishing tests, tabletop exercises
- Business Continuity and Backup Disaster Recovery Options (Including rapid recovery of hyper-critical systems)
- Data Flow Mapping
- IT Security Creation/Review/Revision of plan, standards, policies and procedures
- IT Security Assurance Reviews against Cybersecurity Insurance Company Requirements
- Co-Sourcing of cybersecurity services: CISO co-sourcing, Incident Response, Vendor security assessments
- Digital Forensics: Investigation of security incidents, data breaches, fraud or misconduct, as well as litigation support and crypto investigations
- Custom Scoped Cyber Projects
For more information on how ERMProtect can help strengthen your cybersecurity and data privacy posture, please visit our website (https://ermprotect.com), email us at info@ermprotect.com, or call us at +1 (305) 335-7610. Based on your specific requirements, we can recommend the most appropriate assessments, tests and security measures to ensure your organization is fully protected.
FoxPointe Solutions
FoxPointe has a long history of assisting school districts in assessing, identifying, mitigating, and monitoring information security risk with the goal of enhancing their overall data privacy and cybersecurity posture. Our service offering includes a catered approach to risk management with a custom risk assessment framework (guided by industry best practices set forth by the National Institute of Standards and Technology) to meet every district’s security compliance needs, size, available resources, and information system environment complexity. FoxPointe conducts annual information security risk assessments with a district, and limits ongoing time and effort applied by the district in the second assessment year by focusing on new and emerging risks, and by reviewing only those controls and risks identified as remediated by the district in the prior year. FoxPointe provides unique, prioritized, and actionable recommendations that meet the district’s size, available resources, and information system environment complexity to help them achieve their goals and move its information security and privacy programs forward. Additionally, FoxPointe provides technical vulnerability assessment services through vulnerability scanning and penetration testing. FoxPointe’s experts will help educate a district not only on what vulnerabilities may exist, but what impact is yielded from the potential exploitation of those vulnerabilities. FoxPointe provides comprehensive reporting that will simply describe results of the technical testing, while outlining the remediation tasks necessary to close any security gaps.
Global Solutions Group
Global Solutions Group offers the Orange-Ulster BOCES component districts 25 years of expertise providing comprehensive data privacy and cybersecurity services. We are a trusted partner to federal, state, and local agencies who place a premium on security and privacy, including the Department of Defense and the Department of Homeland Security. Our solutions are tailored to provide Orange-Ulster BOCES component districts with full spectrum cybersecurity protection and data privacy solutions. We ensure that all our clients’ networks secure, resilient, and compliant with industry best practices and relevant regulations, including the Family Educational Rights and Privacy Act (FERPA). Our comprehensive solutions include:
- Advanced Monitoring and Threat Detection
- Cybersecurity Policy and Procedures Development
- In-depth Vulnerability Assessments and Penetration Testing
- Comprehensive Training and Awareness Programs
- Robust Identity and Access Management (IAM)
- Business Continuity and Disaster Recovery Planning
- Rigorous Compliance and Governance Solutions
IKON Business Group
IKON Business Group is a full-service IT and cybersecurity provider specializing in the K-12 education sector for over a decade. With extensive experience, the company offers a comprehensive suite of services designed to enhance schools' cyber defenses and technology management:
Cyber Assessment Security Services:
- Cyber Security Assessment: In-depth evaluations to identify vulnerabilities.
- NIST Gap Analysis: Aligning with NIST standards to identify security gaps.
- Pen Testing: Conducting penetration testing to assess system weaknesses.
Cyber Security Remediation Services: Addressing identified issues to improve security posture.
- End Point Protection (EDR/MDR): Implementing endpoint detection and response for robust protection.
- Business Continuity/Disaster Recovery Solutions: Ensuring systems are resilient to disruptions.
- Single Sign-on/Multi-Factor Authentication (SSO/MFA): Strengthening access control.
- Security Awareness Training: Educating staff on best practices for cybersecurity.
And many more remediation services that can help improve your school security posture.
The EduTech team brings over 75 years of experience in managing technology and cybersecurity for school districts, ensuring services are tailored to the unique needs of educational institutions. For more details, visit IKON Business Group's EduTech Advisory Services.
Inspira Enterprise
Inspira, a globally recognized leader in Cybersecurity has been delivering services and outcome-based results protecting education institutions, public and private sector organizations for over 15 years.
Inspira's proven track record is a direct result of our commitment to maintaining a collaborative, flexible approach to bringing the best of breed solutions to private enterprises, government entities of all sizes, and public/private schools ranging from k-12 through Higher Education institutions.
As a trusted cybersecurity partner of Orange-Ulster BOCES, Inspira is committed to fortifying and enhancing your Cyber-resiliency through our proven collaborative, results-oriented approach to cost effective, scalable solutions.
Our services, specifically oriented for the challenges of schools and public sector ecosystems include, but are not limited to:
- 24x7x356 Security Operations Center (SOC), Managed -Detection and Response (MDR)
- Endpoint and Network Protection
- Vulnerability Assessments and Penetration Testing
- Identity Access Management and Security Awareness Training
- Cloud, SaaS, and file protection
- Security Audits, Policy Management, Assurance Reviews
- Compliance and Regulatory Validation
Our team of certified cybersecurity, infrastructure, cloud, and AI experts are available to Orange-Ulster BOCES component districts 24 hours a day, 7 days a week through our fusion centers.
NawrockiSmith
"Nawrocki Smith offers comprehensive cybersecurity and data privacy audit and consulting services tailored to enhance the cybersecurity posture of School Districts. Our services align with the OU BOCES’ goal of helping component districts comply with Education Law Part 2-D and strengthen their data privacy and cybersecurity controls through the following key offerings:
- School District Industry Experience: We have over 35 years of extensive experience working with school districts throughout New York State. We work closely with key stakeholders throughout the District, striving to meet compliance needs, reduce business risk exposures, and contribute to meeting District goals. We have conducted numerous internal and cybersecurity audits and deeply understand the school district environment, departmental seasonality aspects, resource and internal control, organizational missions, and governance and budgeting processes. This experience allows us to provide tailored services aligned with school district complexities.
- Compliance Assessments: We assess the District’s compliance with Education Law Part 2-D and the National Institute of Standards and Technology (NIST) Cybersecurity Framework version 2.0, ensuring alignment with state and national cybersecurity standards.
- Security Control Evaluation: We identify security control concerns that could impact the confidentiality, integrity, and availability of information assets due to weaknesses in internal controls.
- Vulnerability and Response Program Evaluation: We evaluate the effectiveness of vulnerability assessments, response strategies, and recovery programs to ensure the District is prepared to handle potential cybersecurity threats.
- Business Continuity and Data Protection: We evaluate the District’s disaster recovery and business continuity plans, assess their effectiveness in minimizing the impact of data disasters and cyber incidents, and determine whether response actions are timely and efficient.
- Follow-up Cybersecurity Assessments and Tabletop Exercises: We conduct ongoing remediation services and participate in tabletop exercises to guide and review the progress of corrective actions identified in the initial NIST Gap Analysis. Our approach includes a continuous review of risks, updates to the original gap analysis, and monitoring so that School Districts stay on track in addressing cybersecurity vulnerabilities.
Following our assessments, we provide a detailed report of results, outlining our findings and tailored recommendations to address identified gaps and enhance the District’s overall cybersecurity defenses.
Our comprehensive approach provides School Districts with the insights needed to bolster their cybersecurity defenses and safeguard critical information assets. We offer flexible fee structures tailored to the Districts’ budgets and timeframes so that our services are accessible and aligned with their needs."
NuHarbor Security
NuHarbor Security is a trusted managed security service provider, protecting around one-third of the U.S. population through partnerships with state and local governments. With a comprehensive portfolio that includes 24x7 security operations, penetration testing, compliance, and advisory services, NuHarbor helps organizations strengthen their data privacy and cybersecurity posture. Led by industry experts, including former CISOs, NuHarbor blends expert analysis with cutting-edge technology to deliver customized solutions for every stage of cybersecurity maturity. Committed to client success, they focus on both immediate security needs and long-term resilience, ensuring that districts can confidently protect their systems and data.
List of services:
- Incident Response Planning
- Policy Review
- Security Program Reviews
- Security Risk Assessments
- Security Strategy
- Virtual CISO
- Crowdstrike MDR
- Curated Threat Intelligence
- Microsoft Sentinel MXDR
- Recorded Future Managed Services
- SOC as a Service
- Splunk Managed Services
- Vulnerability Management powered by Tenable
- Zscaler Support Services Assessment and Compliance: (CMMC Compliance, HIPAA Security Standards, ISO 27001, MARS-E Security Standards, New York Cybersecurity (23 NYCRR 500), NIST 800-53, Payment Card Industry (PCI))
- Application Penetration Testing
- Infrastructure Penetration Testing
- Vulnerability Scanning
- Wireless Penetration Testing
- Social Engineering Testing
QnA Tech
We protect learning environments. At Secureworks, our focus is on empowering K-12 organizations to securely navigate today’s complex digital world. Schools of all sizes benefit from the intelligence and power of Taegis XDR, which combines advanced threat detection with the expertise of our global security analysts. Unlike basic managed detection and response (MDR) solutions, Secureworks delivers a proactive defense strategy that transforms security operations from reactive to resilient.
Our MXDR service is purpose-built to tackle the unique challenges K-12 institutions face, providing comprehensive visibility across endpoints, networks, and cloud environments. With automated detection and hands-on support from our 24/7 Security Operations Center (SOC), we monitor, analyze, and stop threats before they can disrupt learning. Through custom playbooks, actionable threat intelligence, and precision-guided response, we give even resource-limited IT teams the confidence to stay ahead of cyberattacks.
Secureworks integrates seamlessly with your existing systems, offering tools to simplify compliance, enhance reporting, and scale defenses against evolving threats like ransomware and phishing. More than a vendor, we’re a trusted partner, proactively defending students, staff, and sensitive data. Our goal is simple: to ensure your institution can focus on what matters most—educating future generations—while we handle the rest. With Secureworks, you’re not just stopping threats; you’re securing your school’s future.
R20 Consulting
R20 Consulting is excited to take the next big step in the evolution of the company. As a component of my overall growth strategy for my business, I'm now one of the founders of a firm named CISOciety LLC (“CISOciety”). CISOciety is a collective of vCISOs who specialize in privacy and security consulting services with broad experiences across multiple market segments and with organizations of various sizes. The Collective has been expressly built to efficiently respond to growth or contraction of cybersecurity engagements and services as needed by our k-12 clients. A key growth component of this Collective is the introduction of service partners who can extend our service offerings to better match demands and needs from school districts.
As such, and through the RFP award from the OU BOCES, the following Service Opportunities are now available for your consideration:
- OS: Operational Services (essentially 24x7 monitoring and response services)
- Cybersecurity Program Creation / Management and Governance
- Remote Monitoring and Management
- Endpoint Protection and Response (EDR) / Managed Detection and Response (MDR) / Extended Detection and Response (XDR) / Network Detection and Response (NRD)
- Network Protection
- Secure Access Management / Identity and Access Management (IAM)
- Business Continuity and Backup Disaster Recovery (BC/DR) Options (including rapid recovery of hyper-critical systems)
- Software as a Service (SaaS) Application Protection & Recovery for Cloud Assets
- File Protection and Recovery (for basic file recovery needs)
- RA: Risk Assessment and POAM’s o Cybersecurity Program Creation / Management and Governance
- Vulnerability Assessment (Current status against best practices)
- Penetration Testing (Internal and External)
- Supply Chain / Vendor Assessments o Security Awareness Training, including Tabletop Exercises
- CP: Contingency Planning Practices o Cybersecurity Program Creation / Management and Governance o Contingency Planning Documents – Business Operations (BIA, BCP, IRP, DRP)
- Industry Specific (i.e. Instructional Continuity Plan)
- Security Awareness Training, including Tabletop Exercises
- A&C: Audit and Compliance
- Cybersecurity Program Creation / Management and Governance
- Security Audits against Common Frameworks (National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), Center for Internet Security (CIS), Health Insurance Portability and Accountability Act (HIPAA), etc.\
- Software to track compliance against Common Frameworks and related support
Confidential to R20 Consulting / CISOciety LLC
- IT Security Policy Creation/Review/Revision
- IT Security Assurance Reviews against Cybersecurity Insurance Company Requirements
- Security Awareness Training, including Tabletop Exercises
Thank you for your consideration.
SCI - Strong Crypto Innovations
"Strong Crypto Innovations (SCI) exclusively performs cyber security testing for critical technology systems. We are a research and development-driven organization that prioritizes investments in people, processes, and technology. Our expert team consists of continuous learners who are constantly training to stay at the cutting edge of cybersecurity. We employ refined and proven methodologies that leverage automation, using both cloud-based and on-premises infrastructure to deliver exceptional results. Our professional services are provided under an ISO 9001:2015 quality management system and led by two GIAC Security Experts (GSE) — out of the less than 500 GSEs in the world.
SCI specializes in comprehensive vulnerability assessment and penetration testing tailored for educational institutions. We simulate sophisticated attack scenarios to assess and enhance security across educational networks, public-facing systems, wireless networks, administrative platforms, cloud services, hardware, and physical security. We identify, quantify, and prioritize security weaknesses, working together with the BOCES and the District’s staff, to optimize remediation efforts. Our tailored approach ensures that educational institutions are protected against emerging threats and are prepared for the complexities of cybersecurity in the education sector. We provide expert assistance to enhance resilience, safeguard student data and maintain the integrity of academic operations."
Sedara
As a trusted New York State-based cybersecurity provider, we deliver NIST CSF 2.0-aligned solutions designed to strengthen your district’s data privacy and security posture. Through your existing contract, we offer a range of services tailored to meet the unique challenges of K-12 environments. These can be implemented as part of our comprehensive Cybersecurity Development Program or accessed individually based on your needs:
- Managed Detection and Response (MDR/XDR)
- Virtual Chief Information Security Officer (vCISO)
- Network and Endpoint Detection and Response (NDR/EDR)
- Threat Intelligence Services
- Vulnerability Assessments and Penetration Testing
- Incident Response Tabletop Exercises
- Asset Discovery Services 24x7x365 Security Operations Center (SOC)
- With a proven track record of empowering school districts statewide, we provide proactive protection that secures sensitive data and ensures compliance with evolving standards.
Partner with us to confidently safeguard your district’s critical assets. Contact us today to schedule a consultation and take the next step toward enhanced cybersecurity.
Shorebreak Security
ShoreBreak offers cutting-edge cybersecurity solutions designed to protect organizations from emerging threats. With advanced threat intelligence and proactive defense strategies, we ensure that our clients can operate confidently in a digital landscape, safeguarding their data and reputation.
ShoreBreak takes a holistic approach in our security services, providing end to end security solutions that go beyond cybersecurity. Our breadth of services include cybersecurity penetration testing and monitoring, physical security testing, deep web threat analysis, executive threat detection, and geo-fence threat detection. We connect all the vulnerabilities between your systems, locations, and people for a complete view of your security posture.
Our vulnerability management platform, LifeGuard obliterates data silos, and gives you a true view of your security posture. LifeGuard manages the entire lifecycle of vulnerabilities from detection to remediation, so you never have to guess if a finding has been fixed.
ShoreBreak services for BOCES include:
- External Penetration Testing
- Internal Penetration Testing
- Physical Penetration Testing
- Wi-Fi Penetration Testing
- Web Application Penetration Testing
- Social Engineering Campaigns
- Vulnerability Scanning and Assessment
- Deep Web Threat Analysis and Detection
- Continuous Penetration Testing and Monitoring
Tyler Technologies
Tyler Technologies is the largest software/services company in the USA that solely focuses on K-12/Public Sector. Tyler’s Cybersecurity division, however, operates independently and our success is driven by the partnerships we form with each individual client, allowing us to best meet your specific and unique needs. Your dedicated US Based, Tyler employed, certified team would be able to assist with everything from:
- Managed Detection and Response ((MDR)
- Log monitoring for your entire network
- Proactive Threat Hunting
- Live certified analysts actively protecting your entire network 24x7x365
- Security Operations Center (SOC) and SIEM as a service
- Outbound notifications
- Device isolation capabilities
- End Point Detection (EDR)
- Vulnerability Scanning (1 time or weekly, Internal and/orExternal)
- Penetration Tests (External, Internal, Web, Wireless)
- Gap Analysis (NIST 2.0, PCI, HIPAA, etc.)
- Assessments (Risk, Azure, MS365, Firewall, etc.)
- Audits, Training, Phishing, Tabletop Exercises, Policy/Plan Creations/Review (Acceptable Use, Incident Response Plan, Strategic Action Plan (roadmap), etc.)
Tyler’s easy to use real-time portal provides transparency and customer support access and your dedicated Tyler Cybersecurity Representative, Robb Ann Hurst, robbann.hurst@tylertech.com, 800-772-2260 x5379, M: 217-853-0907 is always available to help as well.