College information systems handle vast amounts of confidential student data every day. How long has it been since your organization thoroughly assessed and documented the effectiveness of your data security safeguards? If you don’t know, it’s been too long.

Conducting periodic security assessments is not only sound business practice, it is required in order to comply with federal higher education information security standards. According to Jeff Holden, Chief Information Security Officer for the California Community Colleges Information Security Center, every college has an obligation to protect its students’ information, as established under two federal laws:

  • Family Educational Rights and Privacy Act (FERPA) requires that institutions protect the privacy of personal data contained in a student’s educational record, wherever and however the information is stored.
  • The Gramm-Leach-Bliley Act (GLBA) goes beyond FERPA to require that institutions create a written information security plan detailing how student data are safeguarded.

Colleges have a lot at stake. “A data breach due to noncompliance with federal regulations can result in steep fines, lawsuits, reputational damage, even loss of federal funding,” Holden says.

Free Assessments Available to All CCCs

To help colleges with compliance, the CCC Information Security Center offers free, confidential security assessments to all California community colleges. Assessments are performed by Security Center staff at the college’s location.

An assessment typically takes three to five days. The process starts with a scan of the local network, including printers, uninterruptible power supplies – every device with a web interface. Next, the Security Center evaluates data from the scans and identifies any vulnerabilities. Then, it attempts to validate the vulnerabilities by compromising the college’s systems to mimic a breach. The final step is to review findings with the college’s team, recommend immediate actions, and provide guidance and tools for conducting periodic self-assessments. A final comprehensive report is then emailed to the college.

Extensive Array of Services

Security assessments are just one element of a strong overall information security posture. The CCC Information Security Center provides an extensive array of services and tools to help colleges maintain the integrity of information systems and more effectively enforce regulatory and district security policies.

The Security Center has been fully funded by a grant from the Chancellor’s Office in order to provide these services and tools free of charge to all 115 California community colleges. Available are templates for documenting policies and administrative regulations, access to cloud-based monitoring and analytical tools, security assessment training for all college staff, professional development, and more.

Visit CCCSecurityCenter.org to learn more and to request any of these services for your college or district.

Similar Posts

Data Integration in Support of AB 705

Via Multiple Measures Placement Service, more comprehensive data for students’ AB 705-compliant English and math course placement recommendations are  available for use. A collection of students’ verified high school transcript data now comes from multiple sources, including the California College Guidance Initiative, Cal-PASS Plus, California Department of Education, and self-reported transcript information via CCCApply.

Enabling Services and Systemwide Tech

The CCC Tech Center’s Enabling Services Team streamlines communication and guides colleges through systemwide technology solutions adoption by providing deployment, project management, and implementation services at no cost. Over the past 18 months, the CCC Technology Center’s Enabling Services team has been working with community colleges statewide on hundreds of successful implementation projects to strengthen and improve the system.

CVC-OEI Partners with Namecoach

The California Virtual Campus – Online Education Initiative (CVC-OEI) is partnering with NameCoach for software designed to enable respectful and inclusive campus interactions and prevent mispronunciation of students’ names. The NameCoach software embeds audio pronunciations and phonetic spellings of names, as well as other information important to students’ sense of self, into online systems that students, faculty, and staff can use.

Vision Resource Center Expanding Base

The Vision Resource Center has added new learning modules and expanded to more than 22,000 users. Its latest module release, Corequisite Support in California’s Community Colleges, focuses on improving developmental education to align with AB 705 and provides an overview of the law and the data that led to placement rules changes. The Vision Resource Center offers full integrations for colleges to support the goals and commitments in the Vision for Success.

CCCApply Application Streamlined

In June 2018, a CCCApply work group was launched, which is overseen by the Chancellor’s Office and supported by the CCCApply Advisory Committee, ideas42, and the Foundation for California Community Colleges. The CCCApply work group is adhering to a quarterly release schedule with user acceptance testing and the incorporation of continuous feedback from statewide stakeholders and advisory committees.The new CCCApply noncredit application is now in an extended college pilot with 8 districts.