Higher Ed Archive

Data Security Checklist

April 28, 2017 | PTAC, U.S. Department of Education

Data Security Checklist

This checklist is designed to assist stakeholder organizations with developing and maintaining a successful data security program by listing essential components that should be considered when building such a program, with focus on solutions and procedures relevant for supporting data security operations of educational agencies.

More
Model Terms of Service: Protecting Student Privacy While Using Online Educational Services

April 28, 2017 | PTAC, U.S. Department of Education

Model Terms of Service: Protecting Student Privacy While Using Online Educational Services

The Privacy Technical Assistance Center, working with the Department of Education’s Family Policy Compliance office, has developed a new checklist document that provides a framework for evaluating online educational tools’ Terms of Service Agreements. This document is intended to assist users in understanding how a given online service or app will collect, use and/or transmit […]

More
Best Practices for Data Destruction

April 28, 2017 | PTAC, U.S. Department of Education

Best Practices for Data Destruction

The Data Destruction document is a best practices guide on properly destroying sensitive student data after it is no longer needed. It details the life cycle of data and discusses various legal requirements relating to the destruction of data under FERPA, and examines a variety of methods for properly destroying data. The guide also discusses […]

More
FERPA 101 for Colleges & Universities

April 27, 2017 | PTAC, U.S. Department of Education

FERPA 101 for Colleges & Universities

This 40-minute course provides an overview of the fundamentals of FERPA for postsecondary school officials. At the end of the course material, you’ll take a quiz that presents hypothetical situations for you to analyze. Respond correctly to move through the quiz and earn a Certificate of Completion. Note: You must create an account to access […]

More
Phishing Simulation Programs

April 27, 2017 | EDUCAUSE

Phishing Simulation Programs

A phishing simulation program (also commonly referred to as “self-phishing” or phishing assessment program) is a customizable awareness program used by information security professionals in higher education and private industry. This highly effective training program—which is typically incorporated into an existing campus information security awareness program—allows organizations to simulate phishing e-mails, help identify which end […]

More
Information Security Program Assessment Tool

April 27, 2017 | EDUCAUSE

Information Security Program Assessment Tool

This self-assessment tool was created to evaluate the maturity of higher education information security programs using as a framework the International Organization for Standardization (ISO) 27002:2013 “Information Technology Security Techniques. Code of Practice for Information Security Management.” This tool was intended for use by an institution as a whole, although a unit within an institution […]

More
Guidelines for Data De-Identification or Anonymization

April 27, 2017 | EDUCAUSE

Guidelines for Data De-Identification or Anonymization

This document outlines high-level definitions, key challenges and risks, recommendations, critical first steps, and resources for the implementation and use of de-identified or anonymized data. It does not contain specific technical methods for the de-identification of particular data sets. The document is written specifically with institutions of higher education in mind; however, these high-level issues […]

More
Electronic Records Management Toolkit

April 27, 2017 | EDUCAUSE

Electronic Records Management Toolkit

A practical set of resources that will assist members of the higher education community in addressing related issues of electronic records management (ERM), e-discovery, and data retention on their own campuses.

More