Universities and other educational institutions are subject to a variety of legal requirements including FERPA and HIPAA, among others. Read the article linked below, the SANS Institute security policies, and other Internet sources on university data breaches and on policies, including the samples of the ISO/IEC 27001 support site.
- Ramakrishna Ayyagari and Jonathan Tyks (2012), “Disaster at a University: A Case Study in Information Security,” Journal of Information Technology Education: Innovations in Practice (Volume 11). Retrieved from http://www.jite.org/documents/Vol11/JITEv11IIPp085-096Ayyagari1035.pdf
- SANS Institute, Information Security Policy Templates. Retrieved from http://www.sans.org/security-resources/policies
REQUIREMENTS –
Choose one of the policy and procedure areas identified as deficient in the case study and draft a security policy to mitigate the vulnerability. Also include provisions for user training, enforcement, and disciplinary activities. Make sure you cover:
- How do policies drive governance and compliance?
- How to best manage governance, risk and compliance for the Board?
0 comments