You may submit a case study using the submission form (a text version is also available). Instructions are included below. Please note that each submission will be reviewed by the Higher Education Information Security Council (formerly the Security Task Force) before it is posted in the appropriate location on this wiki.
Description of Case Studies
Case studies are descriptions of real-world, practical, proven solutions to information security challenges implemented by one or more institutions. The intent of these case studies is to provide ideas for approaches which may be adopted or adapted to other school's particular situations.
By filling in a relatively simple form, a case study is written up and submitted to the Higher Education Information Security Council (HEISC). Once it is received, it is typically reviewed by one or more of the HEISC working groups. This vetting process gives the institution submitting the case study an opportunity to answer questions or add content that enhances its value.
Submitting a case study not only documents a successful institutional approach to information security, as well as providing useful guidance to other institutions, it also gives the author(s) the opportunity to publish.
Instructions for submitting a case study using the Submission Form:
- Download the submission form (or text version)
- Fill in all of the required fields (Note: All fields are required except Notes and Alternate E-mail)
- Check the box beneath the Intellectual Property Agreement
- Print and/or save a copy for yourself (optional)
- Submit the completed form via e-mail to security-council@educause.edu.
- The case study submission will be reviewed by the appropriate HEISC working groups, as well as the Information Security Guide Editorial Board.
- If changes are needed, a working group member or EDUCAUSE staff liaison will contact you and provide further instructions.
- Once approved, the case study will be linked on the appropriate topic pages of this guide.
Case Study Submission Directory
Below is a complete list of case study submissions that are referenced throughout the site (look for this symbol: ). To contribute examples of practices that have been effective in your institution, please use the submission form (or text version).
Please note that we are currently in the process of converting all of the case study submissions from PDF forms to wiki pages. This will make all of the content contained in the case studies searchable on this wiki.
- Annual C3 Conference - An Educational Springboard (last updated September 2011)
- Application Security for Database Administrators (last updated February 2011)
- Application Security for Developers and Quality Assurance Personnel (last updated February 2011)
- Application Security for Management, Project Managers, and Architects (last updated February 2011)
- Collaborative Information Security Project - Vulnerability Assessments
- Developing a Certification Authority for PKI at Virginia Tech (last updated May 2011)
- Edge Access Control Lists at Cornell University
- Enhancing Application Security with a Web Application Firewall (last updated February 2011)
- Firewall Strategy at Brown University
- Five-Year Rotating Audit Focus Based on Risk Assessment at Georgia Tech
- Homegrown Wireless LAN Security
- Identity Assurance at Virginia Tech (last updated July 2012)
- Identity Finder at The University of Pennsylvania (last updated May 2010)
- Implementing Information Security Governance Using ISO 27000 at Georgia State University (last updated October 2008)
- Incident Response at University of Wisconsin-Madison
- Intrusion Detection at University of Notre Dame
- Lessons Learned from RIT's First Security Posture Assessment
- Monitoring and Network Forensics at the University of Chicago
- Network Registration System Scanner
- Responding to Large Scale Incidents at UFL
- Responding to Major Incidents at Indiana University
- Security Log Analysis for Windows NT/2000/XP/2003
- Self-Service/Automated Security Vulnerability Assessment Program
- Use of LANDesk for Patch and Configuration Management
- Using NAT for Perimeter Protection
- Washtenaw County Cyber Citizenship Coalition (WC4) (last updated June 2011)
- Who's Watching Charlottesville - Community Based Security Awareness (last updated September 2011)
- Whole Disk Encryption Evaluation and Deployment at Baylor University (last updated June 2008)
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).