Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Filter by type
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
The EDUCAUSE/Internet2 Higher Education Information Security Council (HEISC) works to improve information security, data protection, and privacy programs across the higher education sector through its volunteers and focused partnerships with government, industry and other academic organizations.
New to Your Security Role?
If you are a new CISO or new to the higher education community, we recommend checking out the Toolkit for New CISOs, a resource developed by members of the Higher Education Information Security Council.
Information Security Guide: Effective Practices and Solutions for Higher Education
The Information Security Guide: Effective Practices and Solutions for Higher Education is now available in wiki format. This resource provides practical approaches to preventing, detecting, and responding to security problems in a wide range of higher education environments. This online service is designed with colleges and universities in mind, balancing our need for security with the need for an open, collaborative networking environment. Also, because one of the overarching concerns in college and university information technology (IT) departments is a lack of resources, an effort is made to provide low-cost solutions. The target audiences are those responsible for information security in colleges and universities and information technology staff who implement and manage security measures. Recognizing that many institutions have initiated or are in the process of developing IT security programs and policies, an effort is made throughout this resource to present practices that are useful at each stage of the developmental process.
As a community-driven, community-serving project, it is important for this initiative to incorporate experiences and perspectives from many different institutions. To contribute case studies that have been effective in your institution, please contact firstname.lastname@example.org.
Library Items on this Topic
EDUCAUSE Library Items for Cybersecurity
- Learning While Doing: Two Institutions’ Practical IT Risk Management Experiences
July 29, 2013
IT risk management identifies, assesses, and responds to IT risks. Effective IT risk management examines issues such as institutional use of data , IT security measures to prevent or…
- Enterprise Content-Aware DLP Solution Comparison and Select Vendor Profiles
May 14, 2013
This Gartner report covers content-aware data-loss prevention, which has grown up and is on the verge of becoming a standard part of security architecture. A small set of vendors dominate a major…
- Protecting the Security of Research Data
November 8, 2011
The effective protection and management of research data has become a hot topic in U.S. higher education. Funding agencies increasingly require data management plans as part of grant submittals…
- Does Higher Education Need a New Ethical Framework for the Internet?
March 22, 2011
This ECAR research bulletin is designed to help decision makers in higher education assess the applicability of four significant historical codes of ethics as they evaluate their current polic…
- Privacy and Confidentiality: Holding IT Service Providers Accountable
November 3, 2009
This ECAR research bulletin addresses the data privacy issues that must be covered by contractual language when entering into an agreement for externally provided IT services or for external con…
- Collective Wisdom on E-Mail Outsourcing
November 17, 2009
This ECAR research bulletin covers experiences and lessons learned from 10 IT leaders who have transitioned their institutions to an outsourced e-mail solution. It provides data from the 2009 EC…
- Information Confidentiality
March 11, 2009
Protecting information confidentiality is a critical security objective for all colleges and universities. Institutions must deploy confidentiality controls in addition to security controls, and…
- Information Security Governance: Standardizing the Practice of Information Security
August 19, 2008
This ECAR research bulletin discusses the trend to use a variety of risk assessment frameworks and standards to create an information security program that is sufficiently comprehensive for colle…
- Regulatory Compliance Training: Public Jobs, Private Data
April 15, 2008
This research bulletin details the procedures and processes undertaken by the University of Minnesota to ensure that all employees, from student workers and custodial staff through senior researc…
- IT Security Officer Survey
April 9, 2008
This April 2008 survey is a critical component of the EDUCAUSE Center on Applied Research (ECAR) study of information security officers in higher education. It seeks to understand the important c…