Resources for Information Assurance/Security
Forms; Toolkits and Checklists
EDUCAUSE Informaton Security Program Assessment Tool, April 2013. Developed by the EDUCAUSE Higher Education Information Security Council. The tool is an extensive list of questions and will require the participation of Chief Information or Chief Information Security officers or their designees.
Security and Privacy Issues, Dec. 1, 2010. Powerpoint by the Deputy Chief Information Officer, Federal Student Aid, U.S. Department of Education. Contains a University PII Checklist starting at slide 9 and continuing through slide 18.
CUA Red Flag Action Report Form
This document can be used to note actions taken in response to a red flag (suspicious pattern or practice that indicates the possible existence of identity theft). The form includes who was notified, offices consulted, dates action taken and results.
Electronic Records Management Toolkit
The EDUCAUSE Security Task Force offers this Electronic Records Management Toolkit in order to provide a practical set of resources that will assist members of the higher education community in addressing related issues of electronic records management, e-discovery, and data retention on their own campuses. The Toolkit includes information on Records Retention and Disposition, Records Retention Template, Records Retention Inventory Worksheet, E-Discovery Guideline and Toolkit.
A Unified Approach to Information Security Compliance by Peter Adler, published in EDUCAUSE Review, Sept/Oct. 2006.
Interagency Guidelines Establishing Information Security Standards: Small-Entity Compliance Guide: This guide is issued by the Federal Reserve as part of the Small Business Regulatory Enforcement Fairness Act of 1996, and is intended to help financial institutions comply with the GLB security guidelines. The guide is a concise summary of what actions must be undertaken per the GLB Security rules. (issued December 2005)
University of Minnesota Privacy and Data Security web page
An excellent resource put together at the University of Minnesota to help the university community figure out in layman's terms what information is public and what is private at a public institution of higher education. This is a very well laid out webpage with a creative use of color that could be used as a model for information delivery about any number of laws.
FTC Fair Information Practice Principles: Delineates five core principles:of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress
Financial Privacy (FTC)
updated mlo 7/6/10