Security Directory

C

Cognia, Inc.

cognia.org

0

The website currently exhibits significant security and compliance gaps that could expose the business to data breaches, regulatory penalties, and reputational damage. There are no critical vulnerabilities, but multiple high-severity issues exist, particularly around missing security headers, GDPR compliance, and foundational information security controls aligned with NIS2 requirements. Key deficiencies include missing privacy and cookie policies, lack of incident response and security governance documentation, and imminent SSL certificate expiration. While the network security posture and DNS health are generally strong, weaknesses in SSL/TLS configuration and email authentication present risks. The low scores in security headers, GDPR, and NIS2 modules highlight urgent areas needing attention to protect customer data and maintain regulatory compliance. Overall, the business risks non-compliance fines and increased exposure to cyberattacks without swift remediation. Addressing these gaps will improve trust with customers and partners while reducing operational risks.

C

Connections Education LLC

connexus.com

0

The website demonstrates significant security gaps, particularly in foundational security headers, GDPR compliance, and adherence to NIS2 cybersecurity requirements. While there are no critical vulnerabilities, the presence of multiple high-severity issues exposes the business to risks including data breaches, regulatory penalties, and reputational damage. Missing key HTTP security headers such as Strict-Transport-Security and Content-Security-Policy increase susceptibility to man-in-the-middle attacks and cross-site scripting. GDPR non-compliance, including absent cookie policies and consent mechanisms, risks legal consequences and loss of customer trust. The lack of documented security policies, incident response, and vulnerability disclosure processes indicates immature cybersecurity governance. Positively, email security, SSL/TLS, DNS, and network security posture are strong, providing a solid foundation for further improvements. Prioritizing remediation will protect sensitive data, ensure regulatory compliance, and reduce operational risks. Immediate attention to security headers and GDPR controls is recommended to mitigate exposure and legal liabilities.

M

Mondly by Pearson

mondly.com

0

The website demonstrates a moderately strong network and SSL/TLS security posture but exhibits significant gaps in privacy compliance and security governance. Critical issues were avoided, but the presence of multiple high-severity findings—particularly missing privacy policies, lack of security framework documentation, and DNS misconfigurations—pose substantial risks to regulatory compliance and operational security. GDPR non-compliance related to the absence of privacy and cookie policies, as well as missing consent mechanisms, exposes the business to legal penalties and reputational damage. Similarly, deficiencies in incident response, vulnerability disclosure, and business continuity planning highlight unpreparedness for cyber incidents, which can lead to prolonged outages and data breaches. The missing Content-Security-Policy header and weak HTTP security headers increase susceptibility to client-side attacks. DNS misconfigurations, such as an unregistered MX record, threaten email reliability and business communications. Immediate remediation in these areas will significantly reduce risk exposure and improve trust with users and regulators.

P

Pearson IT Certification

pearsonitcertification.com

0

The website exhibits significant security and compliance gaps, particularly in its security headers, GDPR compliance, and adherence to NIS2 directives. While there are no critical vulnerabilities, the presence of multiple high and medium severity issues indicates substantial risk exposure, including potential data leaks, regulatory non-compliance, and inadequate incident response readiness. The lack of essential HTTP security headers such as Strict-Transport-Security and Content-Security-Policy increases susceptibility to man-in-the-middle and cross-site scripting attacks. Absence of privacy and cookie policies, as well as missing consent mechanisms, exposes the business to GDPR enforcement actions and reputational damage. Furthermore, the website lacks a formal information security framework and incident response procedures, undermining its ability to manage and recover from cyber incidents effectively. On a positive note, email security, network security, and DNS health scores are relatively strong, indicating some foundational controls are in place. Immediate remediation will help mitigate regulatory risks, enhance customer trust, and reduce potential financial and operational impacts from security events.

V

Vodafone Stiftung Deutschland gGmbH

vodafone-stiftung.de

0

The website exhibits a generally strong technical security posture in areas such as email security, SSL/TLS configuration, and network security. However, there are significant compliance and governance gaps, particularly related to GDPR and the NIS2 directive, exposing the business to legal and regulatory risks in the EU. Critical issues include missing privacy measures for EU users and the absence of a structured information security framework, incident response, and business continuity planning. Medium-level technical issues like missing security headers, mixed content, and lack of DNSSEC further weaken the security posture. The lack of cookie policy and consent mechanisms also jeopardizes user trust and compliance. Overall, while foundational security controls are present, urgent attention is needed on data privacy, regulatory compliance, and formalizing security policies to mitigate risk and avoid potential fines or reputational damage. Addressing these gaps will enhance legal compliance, customer confidence, and resilience against cyber threats.

I

International University of Monaco

monaco-executive-education.com

0

The website exhibits a mixed security posture with strong network security and SSL/TLS configurations but significant gaps in compliance and core security policies. Critical and high-severity issues primarily surround email authentication, regulatory compliance (GDPR and NIS2), and absence of formal security documentation and procedures. The lack of email authentication poses immediate risks of phishing and email spoofing, undermining brand trust and deliverability. GDPR compliance deficiencies, including missing cookie policies and consent banners, expose the business to potential legal penalties and reputational damage. The absence of an information security framework, incident response plan, and vulnerability disclosure process under NIS2 indicates a maturity gap in organizational security governance. While technical controls like DNS and SSL are generally solid, missing headers and policy configurations reduce defense-in-depth effectiveness. Addressing these vulnerabilities is critical to safeguarding customer data, ensuring regulatory compliance, and maintaining operational resilience. Immediate action will mitigate risks, enhance customer trust, and support long-term business continuity.