Educause Security Discussion mailing list archives
Re: Justification
From: Ken Shaurette <kmshaurette () MPCCORP COM>
Date: Wed, 20 Apr 2005 05:27:39 -0600
I believe the federal regulation you may be referring to is FERPA (Family Education Rights and Privacy Act). In many ways it is the K-12 equivalent of HIPAA for Security and Privacy. Ken Ken M. Shaurette, CISSP, CISA, CISM MPC Solutions (a division of MPC, LLC), www.mpcscorp.com (262) 523-3300 x60486 ------------------------------------------------------------ October is CyberSecurity Month - Awareness does not end when the day is done!! ------------------------------------------------------------ -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tim Howard Sent: Monday, April 18, 2005 11:25 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Justification Try using the Sarbanes-Oxley requirements for keeping C-levels out of trouble, most of the board members probably have a business background and may be able to relate. Also, there is a federal law regarding the privacy of education information (I cant remember off the top of my head), so your efforts are to keep the Superintendent of Schools out of trouble. As a K-12 parent and an InfoSec professional, I cringe at the thought of what is happening "in the wild" with information that is not being well-protected at schools. tim Raytheon Tim Howard Information Security Manager Information Technology & Scientific Services (ITSS) Raytheon Technical Services Company, LLC 301.883.4104 office 301.883.4136 fax 301.943.4732 cell timothy_g_howard () raytheon com "Alt, Brandon C." <altb@EDUCATIONCE NTRAL.ORG> To Sent by: The SECURITY () LISTSERV EDUCAUSE EDU EDUCAUSE Security cc Discussion Group Listserv Subject <SECURITY@LISTSER [SECURITY] Justification V.EDUCAUSE.EDU> 04/18/2005 02:48 PM Please respond to The EDUCAUSE Security Discussion Group Listserv <SECURITY@LISTSER V.EDUCAUSE.EDU> Sorry for the crossposting, but I think I can get some valuable input from both lists. I realize that I'm not in the higher education bracket, however, my district (K-12) is coming under budget wars and I'm trying to gather my information for the justification of our (small) security group. Currently we have about 165,000 users (teachers, staff, and students) and our security group consists of 2 techs and myself. We support 168 locations (schools and admin buildings). We have federal regulations (COPPA, HIPPA, FISMA, etc) that we must maintain compliance with. Anyone able to help me with providing a justification for our existence to a very non-technological school board? Any help will be GREATLY appreciated. Thanks to all. Brandon Alt Information Security Manager Technology Division Duval County Public Schools altb () educationcentral org (904) 348-7259 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.17 - Release Date: 4/19/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.17 - Release Date: 4/19/2005 Disclaimer: 20/4/2005 MPC Computers is providing the following information in compliance with federal regulations: MPC Computers, LLC 906 E. Karcher Road Nampa, Idaho 83687 1-888-224-4247 http://www.mpccorp.com To discontinue receiving e-mail communications from MPC in the future, please go to: http://www.mpccorp.com/email/manage.html and follow the instructions. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Justification Alt, Brandon C. (Apr 18)
- <Possible follow-ups>
- Re: Justification Tim Howard (Apr 18)
- Re: Justification Ken Shaurette (Apr 20)