Security Management

Main Nav

Browse this Topic

Information Security Guide: Effective Practices and Solutions for Higher Education

The Information Security Guide: Effective Practices and Solutions for Higher Education is a compendium of information providing guidance on effective approaches to the application of information security at institutions of higher education. It is a key publication of the Higher Education Information Security Council. The guide's content is actively maintained by a large group of volunteers who are information security practitioners at a variety of colleges and universities. The content itself is a rich combination of materials written for the guide, articles written for other publications, presentations from information security conferences, case studies, examples of processes, procedures, and forms used by various institutions, toolkits, hot topics, and references to a wide variety of other materials from EDUCAUSE and other sources. This infographic provides a quick overview of the guide.

Featured Resources of the Information Security Guide include:

Confidential Data Handling Blueprint
Data Classification Toolkit
Data Incident Notification Toolkit
Data Protection Contractual Language: Common Themes and Examples
Guidelines for Data De-Identification or Anonymization
Guidelines for Information Media Sanitization
Electronic Records Management Toolkit
Guidelines for Responding to Compulsory Legal Requests for Information
Hot Topics (e.g., malware, mobile devices, and social networking)
Information Security Governance
National Cyber Security Awareness Month Resource Kit
PCI DSS (Payment Card Industry Data Security Standard) Resource Page
Risk Assessment Consultants List, Sample RFPs, and Tools List
Risk Management Framework
Security Awareness Quick Start Guide, Detailed Instruction Manual, and Speakers Bureau
Top Information Security Concerns for Campus Executives and Data Stewards
Top Information Security Concerns for HR Leaders & Process Participants - Protecting Your HR Assets
Additional Toolkits

Updated October 2012

Latest News

Five Pilot Projects Receive Grants to Promote Online Security and Privacy

InCommon will be heavily involved in a $1.8 million grant awarded to Internet2 to build a consistent and robust privacy infrastructure. Partners include Carnegie Mellon, Brown, University of Texas...

Virginia Tech First to Achieve Bronze and Silver Assurance

Virginia Tech has become the first identity provider to achieve Bronze and Silver certification as part of the InCommon Assurance Program.

Recommended IAM Sessions at EDUCAUSE 2012

The annual EDUCAUSE Conference in Denver will provide an opportunity to explore the range and depth of issues that campuses must consider as they build...

Recommended Security & Privacy Sessions at EDUCAUSE 2012

Find a variety of E12 security and privacy-related sessions in Denver or online.

Policy Matters NCSAM Article (Sep/Oct 2012)

NCSAM article in the latest EDUCAUSE Review offers resources and suggestions for campuses to support security awareness efforts in October.

The Future of Federated Identity: Or, Whither SAML?

Eve Maler, an expert on emerging identity and security at Forrester Research, discusses the past, present, and future of SAML in this webinar recording.

Library Items on this Topic

View All

EDUCAUSE Library Items for Security Management

Showing 1 - 10 of 46 Results

Sort by:

Relevancy | Title | Date

An Incremental Approach to Building an Information Security Program: April 1, 2013

Key Takeaways Constraints such as tight budgets, increased responsibilities, lack of resources or incentive, and disagreement on a common approach to information security pose ch…
Can Big Data Help Universities Tackle Security, BYOD?: July 31, 2012

Universities have some of the most complex IT infrastructures around, and BYOD is a reality they can't escape. Chief Security Officers at universities are increasingly turning to Big Data an…
Information Systems Risk Assessment: July 24, 2012

This Spotlight bulletin focuses on 2011 CDS survey results related to information systems (IS) risk assessments. Research findings and industry experience demonstrate that conducting a …
Software-as-a-Service Email Security: Risk vs. Trust: May 31, 2012

Many organizations would be interested in treating e-mail as a commodity —cutting costs and resource investments by outsourcing it to a software as a service (SaaS) provider. However, …
Alternative IT Sourcing: A Discussion of Privacy, Security, and Risk: July 21, 2011

In this interview, three higher education privacy, security, and risk professionals discuss the common challenges and opportunities inherent in alternative IT sourcing. The sourcing of I…
Guide to Enterprise Telework and Remote Access Security (SP 800-46 Revision 1): June 4, 2009

Many organizations’ employees and contractors use enterprise telework technologies to perform work from external locations. Most teleworkers use remote access technologies to interface with an…
7 Things You Should Know About Cloud Security: September 3, 2010

Cloud computing promises to provide considerable benefits for colleges and universities, including increased reliability and flexibility, with lower or more transparent costs. At the same time, c…
Ten Steps to Secure Your Copier or Multi-Function Device (MFD): June 3, 2010

These resources have been gathered to specifically address concerns related to the security of sensitive information that may be stored on the hard drives of copiers, printers, or multi-function …
Risk Management and Cyber Insurance: October 7, 2007

The Internet has radically changed the way business (work and personal) is carried out. However, vulnerabilities are pervasive resulting in exposure of organizations and firms to a wide array of …
Cyber-Insurance Revisited: January 5, 2005

Cyber-insurance is considered as appropriate means to absorb financial losses caused by computer security breaches. Since insurance markets at the same time create incentives to construct more se…