Information Security Guide: Effective Practices and Solutions for Higher Education


This resource, most recently updated in 2014, provides practical approaches to preventing, detecting, and responding to information security problems in a wide range of higher education environments. This online guide is designed with colleges and universities in mind, balancing our need for security with the need for an open, collaborative networking environment.

Note: The latest version of the guide is aligned with ISO/IEC 27002:2013, an international standard which includes key objectives and implementation guidance to assist organizations with developing an effective information security program. We’ve included all 14 topics addressed in the standard. We’ve also added a foundational chapter on Risk Management, which takes a ‘neutral’ stance and mentions multiple methods and approaches. We recognize that not all institutions align their programs with ISO, so we have included mappings to other popular standards such as NIST, HIPAA, COBIT, PCI DSS 3.0, and the federal Cybersecurity Framework.

Download Resources