Top-notch security a must to remain in compliance, gain grants

By Laura Devaney
September 28th, 2010

Investing in procedures, training, and equipment that can make networks more secure is well worth the expense for higher-education institutions, and not only for the savings to bank accounts—and reputations—that can result from avoiding costly security breaches.

“In a time of increased national security concerns, pressure is mounting for colleges to gain better control of their computer networks—or risk losing federal grant money for research,” Michael A. McRobbie, vice president of information technology for the Indiana University system, recently told an audience at the annual meeting of the higher-ed technology advocacy group EDUCAUSE.

James Webb, chief information officer at West Texas A&M University, agrees. For example, he says, “if your institution deals with credit cards—and almost all of us do—the Payment Card Industry now requires quarterly scans by a PCI-approved scanning vendor. We [also] have Texas Administrative Code 202 at the state level, which requires institutions of higher education to adhere to well-defined information security standards. TAC 202 also requires vulnerability testing to be conducted on an annual basis.”

Recent additions to TAC 202 now require an independent review of an institution’s information security program.

“The penalty for not keeping up with such requirements could include financial penalties or loss of funding,” he says.


About the Author:

Laura Devaney

Laura Devaney is the Director of News for eSchool Media. She is a graduate of the University of Maryland's Philip Merrill College of Journalism. When she isn't wrangling her two children, Laura enjoys running, photography, home improvement, and rooting for the Terps. Find Laura on Twitter: @eSN_Laura