NotesFAQContact Us
Search Tips
Peer reviewed Peer reviewed
Direct linkDirect link
ERIC Number: EJ769819
Record Type: Journal
Publication Date: 2006
Pages: 9
Abstractor: ERIC
Reference Count: N/A
ISSN: ISSN-1527-6619
A Unified Approach to Information Security Compliance
Adler, M. Peter
EDUCAUSE Review, v41 n5 p46-48, 50, 52, 54, 56, 58, 60 Sep-Oct 2006
The increased number of government-mandated and private contractual information security requirements in recent years has caused higher education security professionals to view information security as another aspect of regulatory or contractual compliance. The existence of fines, penalties, or loss (including bad publicity) has also increased the incentive to implement comprehensive information security practices. By adopting a unified approach to information security compliance, higher education institutions will be able to effectively manage the growing number of information security compliance programs. This approach begins by reviewing all of the information security requirements imposed by the emerging statutory, regulatory, and contractual legal standards. These standards are then compared with the more established national and international information security standards. After a thorough risk assessment and analysis, the legal standards and the information security standards are blended to create a complete information security compliance program. A unified approach to information security compliance thus enables colleges and universities not only to address identified risks but also to comply with the law. (Contains 1 table, 1 figure, and 6 notes.)
EDUCAUSE. 4772 Walnut Street Suite 206, Boulder, CO 80301-2538. Tel: 303-449-4430; Fax: 303-440-0461; e-mail:; Web site:
Publication Type: Guides - Non-Classroom; Journal Articles; Reports - Descriptive
Education Level: Higher Education
Audience: Support Staff
Language: English
Sponsor: N/A
Authoring Institution: N/A
Identifiers - Laws, Policies, & Programs: Family Educational Rights and Privacy Act 1974