By RJ Gazarek
In the 1970s the US Government introduced the Family Education Rights and Privacy Act (FERPA). In short, the act provides guidelines and regulations for when and how an academic institute can share student/parent records with those record owners and 3rd parties. Much like other regulations (such as HIPAA and PCI), technology continues to have a massive effect on how organizations should be implementing these guidelines and protections. As such, those other regulatory requirements have evolved and adapted overtime to include considerations for the exposure of data to the public internet. Unfortunately, FERPA still is not in a place that specifically outlines what you must do to protect something, such as, access to student records and data.
Luckily, there exists two different frameworks that academic institutions can look towards when it comes to protecting the network, accounts, and the access therein: The ISO 27001 and the CIS Critical Security Controls.
Security and data breach prevention is not a complicated subject. It’s quite simple: know, monitor, and control your privileged accounts and the access they provide; keep your systems locked down, patched and up to date; and remove the human element out of the equation whenever possible. Starting with those three things will increase your protection from security breaches.
For academic institutions, from K-12 to universities, we recommend starting with the CIS Critical Security Controls.
We love these because you can see that most of them talk about one of those 3 simple aspects. This chart shows which of the 20 controls we can help your organization meet today.
When you’re ready – see how Thycotic has helped academic organizations, such as yours, stay in line with FERPA and provide protection of their student, parent, and employee data.