Click for Text-Only version
Back to CUA Home
The Catholic University of America - Campus Legal Clearinghouse
 
 
Collage of Pictures

Affirmative Action

ADA Compliance

Copyright

Employment

Environment

FERPA

GLB/Security
Quick Clicks
FedLaw
Publications, Video, & Web Tutorials
Q & A
Resources, Forms, & Checklists 		 

Harassment

HIPAA

Immigration

Religious Issues

Research & Patents

Student Life Issues

IDEA Scholarships

Campus Security

Tax
CLIC Home        CUA Policies        Text-Only        FedLaw        DC Law        Compliance Calendar        Links

Resources for Information Assurance/Security

 

A Unified Approach to Information Security Compliance by Peter Adler, published in EDUCAUSE Review, Sept/Oct. 2006.

 

Website with all known published security breaches since 2000 (includes edu)

Searchable and useful for research purposes Created by Dave Shettler, Sr. Technical Services Engineer, College of Holy Cross

 

Meeting Credit Card Security Requirements (NACUBO, May 11, 2005)
NACUBO list of set of 12 compliance standards for “Payment Card Industry Data Security Standard”

 

UT Austin: Social Security Number Remediation Project

The goal of the SSN Remediation Project is to enhance the privacy of the university's students, faculty, staff and other constituents by modifying its business procedures and electronic systems.

 

 

University of Minnesota Privacy and Data Security web page

An excellent resource put together at the University of Minnesota to help the university community figure out in layman's terms what information is public and what is private at a public institution of higher education. This is a very well  laid out webpage with a creative use of color that could be used as a model for information delivery about any number of laws.

 

 Interagency Guidelines Establishing Information Security Standards: Small-Entity Compliance Guide: This guide is issued by the Federal Reserve as part of the Small Business Regulatory Enforcement Fairness Act of 1996, and is intended to help financial institutions comply with the GLB security guidelines. The guide is a concise summary of what actions must be undertaken per the GLB Security rules. (issued December 2005)

 

FTC Fair Information Practice Principles: Delineates five core principles:of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress

 

 

Washington and Lee Risk Assessment Procedure Tool for Gramm Leach Bliley An incredibly detailed risk assessment questionnaire prepared by Jennifer Kirkland of Washington and Lee.  NOTE THAT YOU NEED TO ENTER THE PASSWORD "DEMO" IN THE SPACE AFTER "SURVEY CODE" AT THE BOTTOM OF THE PREAMBLE PAGE IN ORDER TO ACCESS THE QUESTIONNAIRE.

 

University of Akron GLB Page

 

Chart of Frequently Considered Areas presented at Annual NACUA Conference: June 2003 A reference chart on whether or not certain types of data is in or out under Gramm Leach Bliley: Prepared for the Gramm Leach Bliley session at the Annual NACUA Conference.

 

 

WASHINGTON & LEE University Policy: Financial Information Security Program.

 

Sample Information Security Plan provided courtesy of Christopher Holmes, Assistant General Counsel, Baylor University

 

Sample GLB Contract Amendment provided courtesty of Christopher Holmes, Assistant General Counsel, Baylor University

 

University of Minnesota Information Security Program (Draft)

 

GLB "To Do" List  (from George Washington University)

Contributed by Meg Galletly, Attorney Fellow at GWU

 

CUA GLB Information Security Plan  

 

Memo from COHEAO on FTC Safeguarding Rule (dated April 23, 2003, this memo includes a summary of comments made by FTC representatives on the law and enforcement in the higher education setting)

 

System Administration, Networking and Security Institute (SANS)

Gramm Leach Bliley Act of 2001: What Information Security Professionals Need to Know

Creating an Information Systems Security Policy

The SANS Security Policy Project (contains a wealth of model security policies)

 

IT Security For Higher Education: A Legal Perspective: Prepared for the EDUCAUSE/Internet 2 Computer and Network Security Task Force by Dow, Lohnes and Albertson, PLLC, March 20, 2003.

Addresses Computer and Network Security in the context of FERPA, HIPAA, ECPA, The USA Patriot Act, SEVIS, the Teach Act, and the Gramm Leach Bliley Act.

 

Information Security Booklet: Published by the Federal Financial Institutions Examination Council

The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions.

 

Get Real: University Business Feb 2003 article on protection of digital identities: by Tom Warger

 

Cornell Information Technology Policies

 

FTC pages on GLB:

Financial Privacy

Financial Institutions and Customer Data: Complying with the Safeguards Rule

Privacy of Consumer Financial Information

 

Federal Reserve Bank GLB Sample Policy (see Appendix B and C)

 

International Association of Privacy Professionals

 

Compliance with GLB NACUBO Jan. 13, 2003 report

 

http://middleware.internet2.edu/

 

Information Security Risk Evaluation at the Cert Coordination Center at Carnegie Mellon

 

Henderson, Steve, and Yarbrough, Matthew, Frontiers of Law: The Internet and Cyberspace: Suing the Insecure?: A Duty of Care in Cyberspace, 32 N.M.L. Rew. 11 (2002)

 

Last Revised 05-Mar-08 11:21 AM.