Universities and other educational institutions are subject to a variety of legal requirements including FERPA and HIPAA, among others. Read the article linked below, the SANS Institute security policies, and other Internet sources on university data breaches and on policies, including the samples available through the link provided above under Readings and Research of the ISO/IEC 27001 support site.
- Ramakrishna Ayyagari and Jonathan Tyks (2012), “Disaster at a University: A Case Study in Information Security,” Journal of Information Technology Education: Innovations in Practice (Volume 11). Retrieved from http://www.jite.org/documents/Vol11/JITEv11IIPp085-096Ayyagari1035.pdf
- SANS Institute, Information Security Policy Templates. Retrieved from http://www.sans.org/security-resources/policies
Task Description
Choose one of the policy and procedure areas identified as deficient in the case study and draft a security policy to mitigate the vulnerability. Also include provisions for user training, enforcement, and disciplinary activities.
Deliverable
Your Security Policy should be written following APA guidelines, using 12-point font, and including title, executive summary, and reference pages. Include an update table and a sign-off area. Submit your Security Policy to the Dropbox titled for this activity by the date specified by your instructor.