Security Assessments and Federal Regulations - Digital Futures

College information systems handle vast amounts of confidential student data every day. How long has it been since your organization thoroughly assessed and documented the effectiveness of your data security safeguards? If you don’t know, it’s been too long.

Conducting periodic security assessments is not only sound business practice, it is required in order to comply with federal higher education information security standards. According to Jeff Holden, Chief Information Security Officer for the California Community Colleges Information Security Center, every college has an obligation to protect its students’ information, as established under two federal laws:

Family Educational Rights and Privacy Act (FERPA) requires that institutions protect the privacy of personal data contained in a student’s educational record, wherever and however the information is stored.
The Gramm-Leach-Bliley Act (GLBA) goes beyond FERPA to require that institutions create a written information security plan detailing how student data are safeguarded.

Colleges have a lot at stake. “A data breach due to noncompliance with federal regulations can result in steep fines, lawsuits, reputational damage, even loss of federal funding,” Holden says.

Free Assessments Available to All CCCs

To help colleges with compliance, the CCC Information Security Center offers free, confidential security assessments to all California community colleges. Assessments are performed by Security Center staff at the college’s location.

An assessment typically takes three to five days. The process starts with a scan of the local network, including printers, uninterruptible power supplies – every device with a web interface. Next, the Security Center evaluates data from the scans and identifies any vulnerabilities. Then, it attempts to validate the vulnerabilities by compromising the college’s systems to mimic a breach. The final step is to review findings with the college’s team, recommend immediate actions, and provide guidance and tools for conducting periodic self-assessments. A final comprehensive report is then emailed to the college.

Extensive Array of Services

Security assessments are just one element of a strong overall information security posture. The CCC Information Security Center provides an extensive array of services and tools to help colleges maintain the integrity of information systems and more effectively enforce regulatory and district security policies.

The Security Center has been fully funded by a grant from the Chancellor’s Office in order to provide these services and tools free of charge to all 115 California community colleges. Available are templates for documenting policies and administrative regulations, access to cloud-based monitoring and analytical tools, security assessment training for all college staff, professional development, and more.

Visit CCCSecurityCenter.org to learn more and to request any of these services for your college or district.

Enabling Services and Systemwide Tech

The CCC Tech Center’s Enabling Services Team streamlines communication and guides colleges through systemwide technology solutions adoption by providing deployment, project management, and implementation services at no cost. Over the past 18 months, the CCC Technology Center’s Enabling Services team has been working with community colleges statewide on hundreds of successful implementation projects to strengthen and improve the system.

Data Integration in Support of AB 705

Via Multiple Measures Placement Service, more comprehensive data for students’ AB 705-compliant English and math course placement recommendations are available for use. A collection of students’ verified high school transcript data now comes from multiple sources, including the California College Guidance Initiative, Cal-PASS Plus, California Department of Education, and self-reported transcript information via CCCApply.

CVC-OEI Partners with Namecoach

The California Virtual Campus – Online Education Initiative (CVC-OEI) is partnering with NameCoach for software designed to enable respectful and inclusive campus interactions and prevent mispronunciation of students’ names. The NameCoach software embeds audio pronunciations and phonetic spellings of names, as well as other information important to students’ sense of self, into online systems that students, faculty, and staff can use.

Second Annual Digital Learning Day

Nearly 800 faculty attended CVC-OEI/@ONE’s second annual CCC Digital Learning Day, a 49 percent attendance increase from 2018. The free, online conference showcased teaching and learning innovations in California and beyond that foster digital literacy across the curriculum.

MyPath Launches at Four Campuses

Peralta Community College District is the first multi-college district to go live with CCC MyPath across all its campuses, providing a more consistent and informative student onboarding process. Each college designed an individual MyPath homepage specific to its campus needs, and students helped ensure the page designs are student-friendly. All campuses received individual attention from the Technology Center’s Enabling Services team, which simplified the process.

Accessibility Center Help Desk

The CCC Accessibility Center Help Desk offers all faculty, staff, and administrators the opportunity to ask questions and review answers online regarding web and IT accessibility. It also offers accessibility evaluations for up to five web pages or website templates.

Free Assessments Available to All CCCs

Extensive Array of Services

Similar Posts

What is Digital Futures?