Many education organizations have adopted for security the enterprise best practices for implementation on their campuses, while others focus on ISO Standard (or/and) the National Institution of Standards and Technology.

All these adoptions are dependent on IT personal and their experiences or knowledge of the standard. On top of this is the size of the education organizations. The larger the population in an education organization, the more the problem of information and security become very clear. Thus, they have been obliged to comply with information security issues and adopt the national or international standard. The case is quite different when the population size of the education organization is smaller. In such education organizations, they use social security numbers as student ID, and issue administrative rights to faculty and lab managers – or they are not aware of the Family Educational Rights and Privacy Act (FERPA) – and release some personal information.

The problem of education organization security is widely open and depends on the IT staff and their information security knowledge in addition to the education culture (education, scholarships and services) has very special characteristics other than an enterprise or comparative organization

This paper is part of a research to develop an “Education Organization Baseline Control Protection and Trusted Level Security.” The research has three parts: Adopting (standards), Testing and Modifying (if needed).

The baseline control criteria covers the following topics: management control, operational control, logic control, physical control and development and maintenance control. This paper is concerned with the first two controls.


Al-Hamdani, Wasim (2008). “Blackboard Cheating Prevention” (Unpublished article)

ANSI American National Standard Instute, (2008) Retrieved 2008, from http://webstore.ansi.org/packages/it_security.aspx

Calder, A. and Watkins, S. IT Governance: A Manager's Guide to Data Security and BS 7799/ISO 17799 . Kogan Page; (January 2005)

Chrissis, M. B.; Konrad, M., & Shrum, S. (2003). CMMI : Guidelines for Process Integration and Product Improvement. Addison-Wesley Professional.

Defence Signals Directorate (DSD) (2007). Retrieved 2007, from http://www.dsd.gov.au/library/infosec/

Federal Information Processing Standards Publications (2007) Retrieved 2008, from http://csrc.nist.gov/publications/PubsFIPS.html

Hacker News Posted by Freaky on 27 Jul 2006 - 08:09 6 comments . http://www.hackwire.com/comments.php?id=192&catid=3

Harris, S. (2005) CISSP All-in-One Exam Guide, Third Edition

McGraw-Hill Osborne Media; 3 edition

INCITS/ISO/IEC 17799-2005. (2005). Retrieved 2007, from Information technology -Security techniques - Code of practice for information: http://webstore.ansi.org/default.aspx

Information Technology Security Evaluation Criteria (ITSEC). (1991). Retrieved 2007 from http://www.ssi.gouv.fr/site_documents/ITSEC/ITSECuk.pdf

Information Security Guideline for NSW Government.Part 1,2 and 3. (1997) Retrieved 2005,from http://oict.nsw.gov.au/docs/

International Standard ISO/IEC 17799:2000 Code of Practicefor

Information Security Management. (2002). Retrieved 2007 from Frequently Asked Questions.


ISO 15408. Common Criteria for Information Technology Security Evaluation,V3.1 (2006) . Retrieved 2007, from http://www.iso15408.net/

Luker, M., & Petersen, R., (ed). (2003). Computer and Network Security in Higher education. Jossey-Bass. ISBN: 0-7879-6666-5\

National Institution of Standard and Technology ( 2007). Retrieved 2008, from http://csrc.nist.gov/publications

OECD Guidelines for the Security of Information Systems (2005). Retrieved 2007, from http://www.oecd.org/document/

Rainbow Series (1988). Retrieved 2008, from http://www.fas.org/irp/nsa/rainbow.htm

Request for Comments (2004). Retrieved (2008) from http://www.rfc-editor.org/rfc.html

Risk Management Guide for DoD Acquisition (2003) (Fifth Edition, Version 2.0) Retrieved 2008 from http://www.dau.mil/pubs/gdbks/risk_management.asp

Sicheres E-Government. Retrieved 2008, from http://www.bsi.bund.de/gshb/english/etc/menue.html

Standards Australia Online Catalogue. Retrieved 2008, from http://www.saiglobal.com/shop/Script/search.asp

System Security Engineering Capability Maturity Model (SSE-CMM). Retrieved 2008, from http://www.sse-cmm.org/index.html

The Internet Engineering Task Force (IETF). Retrieved 2006, from http://www.ietf.org/rfc/rfc2196.txt

The National strategy secure cyberspace. (2003). Retrieved from The white house: http://www.whitehouzse.gov/pcipb/

University of Iowa , Network Citizenship Policy (2004) . Retrieved 2008, from http://cio.uiowa.edu/policy/NetworkCitizenshipV2.shtml

University of California, Business and Finance Bulletin, Electronic Information Security. (2007). Retrieved 2008, from http://www.ucop.edu/ucophome/policies/bfb/is3.pdf

University of Utah. (2006). Retrieved 2008, from http://www.it.utah.edu/leadership/policies

University of Colorado at Boulder, IT Policies and Guidelines.(2007) Retrieved 2008 from: http://www.colorado.edu/its/policies/index.html

University of Purdue. (2006) from Department of Botany and plant pathology/ baseline security policy, Retrieved 2008, https://www.btny.purdue.edu/Pubs/DeptBaselineSecurityPolicy.pdf



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.