Security Assessments and Federal Regulations

Security Assessments Help Colleges Comply with Federal Regulations

Computer monitor showing HTML code

College information systems handle vast amounts of confidential student data every day. How long has it been since your organization thoroughly assessed and documented the effectiveness of your data security safeguards? If you don’t know, it’s been too long.

Conducting periodic security assessments is not only sound business practice, it is required in order to comply with federal higher education information security standards. According to Jeff Holden, Chief Information Security Officer for the California Community Colleges Information Security Center, every college has an obligation to protect its students’ information, as established under two federal laws:

  • Family Educational Rights and Privacy Act (FERPA) requires that institutions protect the privacy of personal data contained in a student’s educational record, wherever and however the information is stored.
  • The Gramm-Leach-Bliley Act (GLBA) goes beyond FERPA to require that institutions create a written information security plan detailing how student data are safeguarded.

Colleges have a lot at stake. “A data breach due to noncompliance with federal regulations can result in steep fines, lawsuits, reputational damage, even loss of federal funding,” Holden says.

Free Assessments Available to All CCCs

To help colleges with compliance, the CCC Information Security Center offers free, confidential security assessments to all California community colleges. Assessments are performed by Security Center staff at the college’s location.

An assessment typically takes three to five days. The process starts with a scan of the local network, including printers, uninterruptible power supplies - every device with a web interface. Next, the Security Center evaluates data from the scans and identifies any vulnerabilities. Then, it attempts to validate the vulnerabilities by compromising the college’s systems to mimic a breach. The final step is to review findings with the college’s team, recommend immediate actions, and provide guidance and tools for conducting periodic self-assessments. A final comprehensive report is then emailed to the college.

Extensive Array of Services

Security assessments are just one element of a strong overall information security posture. The CCC Information Security Center provides an extensive array of services and tools to help colleges maintain the integrity of information systems and more effectively enforce regulatory and district security policies.

The Security Center has been fully funded by a grant from the Chancellor’s Office in order to provide these services and tools free of charge to all 115 California community colleges. Available are templates for documenting policies and administrative regulations, access to cloud-based monitoring and analytical tools, security assessment training for all college staff, professional development, and more.

Visit CCCSecurityCenter.org to learn more and to request any of these services for your college or district.