Many education organizations have adopted for security the enterprise best practices for implementation on their campuses, while others focus on ISO Standard (or/and) the National Institution of Standards and Technology.
All these adoptions are dependent on IT personal and their experiences or knowledge of the standard. On top of this is the size of the education organizations. The larger the population in an education organization, the more the problem of information and security become very clear. Thus, they have been obliged to comply with information security issues and adopt the national or international standard. The case is quite different when the population size of the education organization is smaller. In such education organizations, they use social security numbers as student ID, and issue administrative rights to faculty and lab managers – or they are not aware of the Family Educational Rights and Privacy Act (FERPA) – and release some personal information.
The problem of education organization security is widely open and depends on the IT staff and their information security knowledge in addition to the education culture (education, scholarships and services) has very special characteristics other than an enterprise or comparative organization
This paper is part of a research to develop an “Education Organization Baseline Control Protection and Trusted Level Security.” The research has three parts: Adopting (standards), Testing and Modifying (if needed).
The baseline control criteria covers the following topics: management control, operational control, logic control, physical control and development and maintenance control. This paper is concerned with the first two controls.
Al-Hamdani, Wasim (2008). “Blackboard Cheating Prevention” (Unpublished article)
ANSI American National Standard Instute, (2008) Retrieved 2008, from http://webstore.ansi.org/packages/it_security.aspx
Calder, A. and Watkins, S. IT Governance: A Manager's Guide to Data Security and BS 7799/ISO 17799 . Kogan Page; (January 2005)
Chrissis, M. B.; Konrad, M., & Shrum, S. (2003). CMMI : Guidelines for Process Integration and Product Improvement. Addison-Wesley Professional.
Defence Signals Directorate (DSD) (2007). Retrieved 2007, from http://www.dsd.gov.au/library/infosec/
Federal Information Processing Standards Publications (2007) Retrieved 2008, from http://csrc.nist.gov/publications/PubsFIPS.html
Hacker News Posted by Freaky on 27 Jul 2006 - 08:09 6 comments . http://www.hackwire.com/comments.php?id=192&catid=3
Harris, S. (2005) CISSP All-in-One Exam Guide, Third Edition
McGraw-Hill Osborne Media; 3 edition
INCITS/ISO/IEC 17799-2005. (2005). Retrieved 2007, from Information technology -Security techniques - Code of practice for information: http://webstore.ansi.org/default.aspx
Information Technology Security Evaluation Criteria (ITSEC). (1991). Retrieved 2007 from http://www.ssi.gouv.fr/site_documents/ITSEC/ITSECuk.pdf
Information Security Guideline for NSW Government.Part 1,2 and 3. (1997) Retrieved 2005,from http://oict.nsw.gov.au/docs/
International Standard ISO/IEC 17799:2000 Code of Practicefor
Information Security Management. (2002). Retrieved 2007 from Frequently Asked Questions.
ISO 15408. Common Criteria for Information Technology Security Evaluation,V3.1 (2006) . Retrieved 2007, from http://www.iso15408.net/
Luker, M., & Petersen, R., (ed). (2003). Computer and Network Security in Higher education. Jossey-Bass. ISBN: 0-7879-6666-5\
National Institution of Standard and Technology ( 2007). Retrieved 2008, from http://csrc.nist.gov/publications
OECD Guidelines for the Security of Information Systems (2005). Retrieved 2007, from http://www.oecd.org/document/
Rainbow Series (1988). Retrieved 2008, from http://www.fas.org/irp/nsa/rainbow.htm
Request for Comments (2004). Retrieved (2008) from http://www.rfc-editor.org/rfc.html
Risk Management Guide for DoD Acquisition (2003) (Fifth Edition, Version 2.0) Retrieved 2008 from http://www.dau.mil/pubs/gdbks/risk_management.asp
Sicheres E-Government. Retrieved 2008, from http://www.bsi.bund.de/gshb/english/etc/menue.html
Standards Australia Online Catalogue. Retrieved 2008, from http://www.saiglobal.com/shop/Script/search.asp
System Security Engineering Capability Maturity Model (SSE-CMM). Retrieved 2008, from http://www.sse-cmm.org/index.html
The Internet Engineering Task Force (IETF). Retrieved 2006, from http://www.ietf.org/rfc/rfc2196.txt
The National strategy secure cyberspace. (2003). Retrieved from The white house: http://www.whitehouzse.gov/pcipb/
University of Iowa , Network Citizenship Policy (2004) . Retrieved 2008, from http://cio.uiowa.edu/policy/NetworkCitizenshipV2.shtml
University of California, Business and Finance Bulletin, Electronic Information Security. (2007). Retrieved 2008, from http://www.ucop.edu/ucophome/policies/bfb/is3.pdf
University of Utah. (2006). Retrieved 2008, from http://www.it.utah.edu/leadership/policies
University of Colorado at Boulder, IT Policies and Guidelines.(2007) Retrieved 2008 from: http://www.colorado.edu/its/policies/index.html
University of Purdue. (2006) from Department of Botany and plant pathology/ baseline security policy, Retrieved 2008, https://www.btny.purdue.edu/Pubs/DeptBaselineSecurityPolicy.pdf
Al-Hamdani, Wasim A.
"Education Organization Baseline Control Protection and Trusted Level Security,"
Journal of Digital Forensics, Security and Law: Vol. 2
, Article 2.
Available at: http://commons.erau.edu/jdfsl/vol2/iss4/2