The Higher Education Information Security Council (HEISC) supports higher education institutions as they improve information security governance, compliance, data protection, and privacy programs. HEISC accomplishes this work through volunteer groups supported by professional EDUCAUSE staff, as well as collaborations with other organizations that address information security and privacy in higher education. HEISC actively develops and promotes information security leadership, awareness, and understanding; effective practices and policies; and guidance for the protection of critical data, IT assets, and infrastructures.

New to Your Security Role?

If you are a new CISO or new to the higher education community, we recommend checking out the Toolkit for New CISOs, a resource developed by members of the Higher Education Information Security Council.

Information Security Guide: Effective Practices and Solutions for Higher Education

The Information Security Guide: Effective Practices and Solutions for Higher Education is a compendium of information providing guidance on effective approaches to the application of information security at institutions of higher education. It is a key publication of the Higher Education Information Security Council. The guide's content is actively maintained by a large group of volunteers who are information security practitioners at a variety of colleges and universities. The content itself is a rich combination of materials written for the guide, articles written for other publications, presentations from information security conferences, case studies, examples of processes, procedures, and forms used by various institutions, toolkits, hot topics, and references to a wide variety of other materials from EDUCAUSE and other sources. This infographic provides a quick overview of the guide.

Recent Spotlight

  • Cybersecurity Risk Management

    Cybersecurity Risk Management

    The NIST Cybersecurity Framework enables a way to effect consistent prioritization, execution, and measurement of activity to achieve cybersecurity risk-management goals, tailored to each institution. This new approach resembles continuous process control for cybersecurity.

Browse Cybersecurity