Data breach prevention is a battle, rarely plain and never simple. For higher education institutions, the Sisyphean aspects of the task are more complex than for industry and business. Two-year colleges have payrolls and vendor contracts like those enterprises. They also have public record and student confidentiality requirements. Colleges must…

Where does privacy belong in the college/university ecosystem, and what should its relationship be with security and compliance? Are the three areas best kept separate and distinct? Should there be some overlap? Or would a single office, officer, and/or reporting line enable a big picture of the whole? This article examines several of the campus…

College campuses are hothouses of data, including course schedules, degree requirements, and grades. But much of the information remains spread out across software systems or locked on university servers. Start-up companies want to pry the information loose from campus servers in order to offer personalized services that could transform the…

Electronic transcripts are no longer a concept awaiting definition. They are here to stay. Although paper transcripts remain the standard--at least in terms of volume--an ever-increasing number and eventual majority of students and alumni will expect if not require electronic transcripts. College registrars and admissions officers' obligation to…

Issues of privacy, anonymity, and computer security emerging with advancing information technology are outlined, and implications for universities are discussed. Emphasis is on the Australian context and on Australian government and international initiatives concerning privacy. Sensitive information categories are identified, and measures…

Many of the information security appliances, devices, and techniques currently in use are designed to keep unwanted users and Internet traffic away from important information assets by denying unauthorized access to servers, databases, networks, storage media, and other underlying technology resources. These approaches employ firewalls, intrusion…

It is difficult to estimate the costs of not writing thorough IT policy. Misuse of IT resources, whether through ignorance or malice, costs money, as do court cases that can result from abuse. Furthermore, a poor university accreditation report caused in part by poor policy documents will likely have an adverse impact on student enrollment. There…

For years computer viruses have threatened productive use of personal computers, challenging users and support providers to prevent and recover from viral attacks. Now another type of computing malady has begun to enter popular consciousness: spyware. Typically, analyses of spyware focus on technical issues or provide pointers to resources for…

Good information security does not just happen--and often does not happen at all. Resources are always in short supply, and there are always other needs that seem more pressing. Why? Because information security is hard to define, the required tasks are unclear, and the work never seems to be finished. However, the loss to the organization can be…