Safeguarding Your Technology - Practical Guidelines for Electronic Education Information Security
Author : Nation Center for Education Statistics
Publication Date : 1998
Excerpts from the Introduction:
The guidelines are written to help educational administrators and staff at the building, campus, district, and state levels better understand why and how to effectively secure their organization's sensitive information, critical systems, and computer and networking equipment.
The intent of this document is to provide basic and timeless guidance to decision-makers by identifying factors that should be taken into consideration when (not if) they develop security strategies and policies to meet their organization's particular conditions and local circumstances. It is designed specifically to help educational staff as they endeavor to walk the fine line between keeping education data secure and yet at the same time available to authorized persons with legitimate purposes. Because the technical methods for securing digital data lie outside the training and expertise of most educational administrators, these guidelines (which are exactly that--well-researched recommendations rather than canned solutions) are written in non-technical language that is specifically tailored to educators.
Although a key recommendation of this document is that each education organization designate a technically competent staff person (or hire a consultant) to manage data security operations, administrators cannot be content to otherwise disregard security issues entirely. While operational authority
can and should be delegated to staff or contractors, the actual burden of responsibility
cannot be lifted from the shoulders of chief administrators. That is why top educational administrators need to develop a sufficient understanding of information security and its related issues: so that they can judge whether their subordinates are acting competently and thoroughly and can subsequently ascertain whether proposed policies and procedures will be adequate and effective. After all, each policy will still be implemented over the administrator's signature.
In a nutshell, this document is
* An outgrowth of another National Forum on Education Statistics' document, Protecting the Privacy of Student Records: Guidelines for Education Agencies
* Concerned primarily with information technology security as it relates to the privacy and confidentiality of education information
* Designed specifically for use by education administrators and staff at the building, campus, district, and state levels
* Organized so as to walk policy-makers through the steps of developing and implementing sound security policy
that is tailored to meet the needs of their individual organizations
* Focused on both technical and procedural requirements (i.e., both computer-related and staff-related issues)
* Presented as a set of recommended guidelines
This document is not
* An attempt to dictate policy (although it can and should serve as a guide to policy-makers as they consider their policy options and needs)
* Focused on a high-end discussion of security issues that requires readers to have advanced knowledge of technology issues
* Presented as a manual of technical solutions for securing systems
* A source for specific software
This document does not presume to dictate local policy because, among other reasons, the parties responsible for developing these guidelines have no authority to issue or enforce security policies to autonomous education institutions. Nor does the document endorse specific products or vendors of security devices. Given the rapid pace of change in this field, such endorsements might be rendered obsolete by emerging technologies even before they could be printed and distributed.
View/Download Safeguarding Your Technology