This is a topic that this blog has covered before: security in academia. Specifically, in our last post about Data Security in Higher Education, we referenced an SC Magazine article with several recommendations for data security in higher education. Those included:

• A centralized IT policy
• Understanding the culture & its risks
• Restricting access
• Identifying flaws in the system
• Automating security processes
• Adding real-time detection

CSO Online has published another article along these lines entitled “Six Essential Steps to Secure Academia“. This article was written in conjunction with Stan Gatewood, CISO for the University System of Georgia’s Board of Regents, who says the largest challenge to computer networks in the academic world is identity management - properly identifying and classifying individuals. Mobile security is also a growing issue in the academic world, and Gatewood outlines his six-point plan for security that Georgia runs by:

• Risk Management - create a formal plan, annually, starting with an inventory of machines & systems, considering risk levels to each, and countermeasures.
• Policy and Compliance Management - formalized, including ramifications for non-compliance
• Strategic Planning & Leadership - with leaders and goals
• Community Awareness Training & Education - of contractors, staff, students & faculty
• Proper Incident Response & Reporting - a standardized response plan for different risk levels
• Contingency Planning

Read the full article here. The article continues after these steps with some feedback from several security officers in the academic world.

Image: hmm360 @morguefile