New to the guide?
- Read our Welcome to the Guide, which describes how the guide is organized and how to find information.
- Check out the latest toolkits and resources. Can't find what you need? Let us know!
- Find information on the latest Hot Topics in higher education.
Contribute content to the guide!
- Contribute a case study.
- Suggest new hot topics or resources you'd like to see developed.
- Contact us with questions or comments.
- CISO Job Description Template
- Data Classification Toolkit
- Data Incident Notification Toolkit
- Information Security Program Self-Assessment Tool
- Mentoring Toolkit
- National Cyber Security Awareness Month Resource Kit
- Toolkit for New CISOs
- Additional Toolkits
- Confidential Data Handling Blueprint
- Cybersecurity Awareness Resource Library
- Data Protection Contractual Language: Common Themes and Examples
- Developing Your Campus Information Security Website
- GRC FAQ
- Guidelines for Data De-Identification or Anonymization
- Guidelines for Information Media Sanitization
- Guidelines for Responding to Compulsory Legal Requests for Information
- Incident Checklist for Sensitive Data Exposures
- Information Security Governance
- Mobile Internet Device Security Guidelines
- Overview of Bro
- Risk Management Framework
- Security Awareness Quick Start Guide and Security Awareness Detailed Instruction Manual
- Speakers Bureau
- Top Information Security Concerns for Researchers
- Two-Factor Authentication
Hot Topics!
- Evolution and Ascent of the CISO
- The Chief Privacy Officer in Higher Education
- Top 3 Strategic InfoSec Issues (2015) and Infographic
- Password Managers
- Third-Party Security Awareness Training Tools
- 7 Things You Should Know About Cloud Security
- 7 Things You Should Know About DNSSEC
- 7 Things You Should Know About IPv6
- 7 Things You Should Know About Mobile Security
- EDUCAUSE Top 10 IT Issues
Identity Assurance at Virginia Tech
Identity Finder at The University of Pennsylvania
Other Higher Education Resources
- EDUCAUSE Cybersecurity Initiative Website
- EDUCAUSE Cybersecurity & HEISC News
- Internet2 Security Website
- Annual Security Professionals Conference
- EDUCAUSE Cybersecurity Resource Page
- EDUCAUSE Security Discussion Group Listserv
- Research and Education Networking Information Sharing and Analysis Center (REN-ISAC)
- Best Practices in Cybersecurity for NSF Large Facilities
Featured Government and Industry Resources
- Digital Services Playbook (U.S. Government)
- Ponemon Institute's Security Research Studies & White Papers
- Symantec's Compliance Matrix Poster
- Verizon's Data Breach Incidents Report (DBIR)
About the Guide
The Higher Education Information Security Council (HEISC) supports higher education institutions as they improve information security governance, compliance, data protection, and privacy programs. This guide, created by practitioners for practitioners, features toolkits, case studies, effective practices, and recommendations to help jump-start campus information security initiatives so you don’t have to reinvent the wheel!
Contribute
As a community-driven, community-serving project, it is important for this initiative to incorporate experiences and perspectives from many different institutions. To contribute examples of practices that have been effective in your institution, please consider submitting a case study or contact security-council@educause.edu.
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).