How Universities' Lax Security Policies Endanger Your Personal Information

Universities and colleges of higher education have legitimate need to have information about employees and students but they must also have Information Security. Information Security is a vital part of a university's structure. I considered a number of things about the four colleges I chose: Harvard University, University of Tennessee, SUNY Binghamton University, and Salt Lake Community College. The things I considered were the CIA triangle, organizations need to identify information assets that could be at risk and prioritize those risks, a limited discussion about this is included for each of the schools, how they choose to protect these assets, a discussion on whether these risks are appropriately prioritized is also included, and finally a set of risk control strategies.

After analyzing the schools I concluded that all the colleges need to beef up their security plans to include physical security. I also suggested moving the department of Information Security under Information Technology/Physical Security. Specific kudos went to the University of Tennessee and SUNY Binghamton had the weakest plan.

Background

Information Security is a vital part of any organization. Even the simplest of businesses need to assure integrity of their customer information and supplier information. Customer information can be anything from name to e-mail address to physical address to credit card information to social security number. There is at least one type of organization that needs to hold all of this information on their clients and more, the institution of higher education.