New to the guide?
- Read our Welcome to the Guide, which describes how the guide is organized and how to find information.
- Check out the latest toolkits and resources. Can't find what you need? Let us know!
- Find information on the latest Hot Topics in higher education.
Contribute content to the guide!
- Contribute a case study.
- Suggest new hot topics or resources you'd like to see developed.
- Contact us with questions or comments.
- CISO Job Description Template
- Data Classification Toolkit
- Data Incident Notification Toolkit
- Information Security Program Self-Assessment Tool
- Mentoring Toolkit
- National Cyber Security Awareness Month Resource Kit
- Toolkit for New CISOs
- Additional Toolkits
- Confidential Data Handling Blueprint
- Cybersecurity Awareness Resource Library
- Data Protection Contractual Language: Common Themes and Examples
- Developing Your Campus Information Security Website
- Guidelines for Data De-Identification or Anonymization
- Guidelines for Information Media Sanitization
- Guidelines for Responding to Compulsory Legal Requests for Information
- Incident Checklist for Sensitive Data Exposures
- Information Security Governance
- Mobile Internet Device Security Guidelines
- Overview of Bro
- Risk Management Framework
- Security Awareness Quick Start Guide and Security Awareness Detailed Instruction Manual
- Speakers Bureau
- Top Information Security Concerns for Researchers
- Two-Factor Authentication
Hot Topics!
- Evolution and Ascent of the CISO
- Top 3 Strategic InfoSec Issues (2015)
- 7 Things You Should Know About Cloud Security
- 7 Things You Should Know About DNSSEC
- 7 Things You Should Know About IPv6
- 7 Things You Should Know About Mobile Security
- EDUCAUSE Top 10 IT Issues
- EDUCAUSE Review Online
Identity Assurance at Virginia Tech
Identity Finder at The University of Pennsylvania
Washtenaw County Cyber Citizenship Coalition (WC4)
Who's Watching Charlottesville - Community Based Security Awareness
Other Higher Education Resources
- EDUCAUSE Cybersecurity Initiative Website
- EDUCAUSE Cybersecurity & HEISC News
- Internet2 Security Website
- Annual Security Professionals Conference
- EDUCAUSE Cybersecurity Resource Page
- EDUCAUSE Security Discussion Group Listserv
- Research and Education Networking Information Sharing and Analysis Center (REN-ISAC)
- Best Practices in Cybersecurity for NSF Large Facilities
Featured Government and Industry Resources
- Digital Services Playbook (U.S. Government)
- Ponemon Institute's Security Research Studies & White Papers
- Symantec's Compliance Matrix Poster
- Verizon's Data Breach Incidents Report (DBIR)
About the Guide
This resource provides practical approaches to preventing, detecting, and responding to security problems in a wide range of higher education environments. This online service is designed with colleges and universities in mind, balancing our need for security with the need for an open, collaborative networking environment. Also, because one of the overarching concerns in college and university information technology (IT) departments is a lack of resources, an effort is made to provide low-cost solutions. The target audiences are those responsible for information security in colleges and universities and information technology staff who implement and manage security measures. Recognizing that many institutions have initiated or are in the process of developing IT security programs and policies, an effort is made throughout this resource to present practices that are useful at each stage of the developmental process.
Contribute
As a community-driven, community-serving project, it is important for this initiative to incorporate experiences and perspectives from many different institutions. To contribute examples of practices that have been effective in your institution, please consider submitting a case study or contact security-council@educause.edu. Community members are also encouraged to submit comments throughout this wiki.
Higher Education Information Security Council
EDUCAUSE and Internet2 established the Higher Education Information Security Council (formerly the Security Task Force) in July 2000. The council works to improve information security and privacy programs across the higher education sector through its community members and focused partnerships with government, industry, and other academic organizations. HEISC actively develops and promotes awareness and understanding, effective practices and policies, and solutions for the protection of critical IT assets and infrastructures. Visit the Higher Education Information Security Council website for additional resources or to learn more about the council's Leadership Team and Working Groups.
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).