Information Security in Educational Institutions - Analysis
VerifiedAdded on  2022/08/26
|19
|4773
|16
Report
AI Summary
This report provides a comprehensive overview of information security in educational institutions, addressing the critical need for robust data protection. It begins with an executive summary highlighting the importance of safeguarding information from unauthorized access and the challenges faced by educational institutions. The report delves into the CIA triad (confidentiality, integrity, and availability) as the foundation of information security, discussing the layers of access control and data protection. It emphasizes the role of training and periodic awareness programs for students, staff, and faculty to mitigate risks such as phishing scams and the misuse of unsecured networks. Furthermore, the report outlines essential information security standards and guidelines, including the importance of strong password policies, anti-virus measures, and remote access controls. The report underscores the need for institutions to adopt internationally recognized standards and stay vigilant against evolving cyber threats, offering practical recommendations for enhancing data security and preventing breaches.
Running head: INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Name of the Student
Name of the University
Author Note
INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Executive Summary
Information security is the method of shielding information or data from the illegal access
and use of a non-eligible person, which can further results in a data breach. In cases of
professional organizations, information security law is very effective for the protection of the
client data, records, and other information with which the organization is dealing with. In
educational institutions, the security system is not that strong. The reason for this can be that
students, staff, and other people do not face fatal consequences in cases of a data breach.
Thereby, they are quite lenient in cases of protection of personal data. This study aims to
ensure the execution of a proper information security system in an educational institution for
the protection of data.
Executive Summary
Information security is the method of shielding information or data from the illegal access
and use of a non-eligible person, which can further results in a data breach. In cases of
professional organizations, information security law is very effective for the protection of the
client data, records, and other information with which the organization is dealing with. In
educational institutions, the security system is not that strong. The reason for this can be that
students, staff, and other people do not face fatal consequences in cases of a data breach.
Thereby, they are quite lenient in cases of protection of personal data. This study aims to
ensure the execution of a proper information security system in an educational institution for
the protection of data.
2INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Table of Contents
Introduction................................................................................................................................3
Role of training and periodic awareness....................................................................................3
Information security standard and guidelines............................................................................3
Security standard........................................................................................................................3
Design anti-virus and remote access policy...............................................................................3
The acceptable user policy for students, staffs and others.........................................................3
Conclusion..................................................................................................................................3
Table of Contents
Introduction................................................................................................................................3
Role of training and periodic awareness....................................................................................3
Information security standard and guidelines............................................................................3
Security standard........................................................................................................................3
Design anti-virus and remote access policy...............................................................................3
The acceptable user policy for students, staffs and others.........................................................3
Conclusion..................................................................................................................................3
3INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Introduction:
Information security or infosec is the process of protecting information and mitigating
the risk of it getting disclosed improperly (Parsons et al. 2017). It is one of the parts of the
information risk management process. The issue concerning the risk of infosec security is
ranked as number one in the list published by Educause review (Bagheri and Movahed 2016).
It generally includes the process of avoiding or reducing the chances of unauthorized access.
Information can be of any form like physical. tangible, intangible, or electronic. Information
security thrives on protecting the confidentiality of any such data in an organization. The
process involves identifying the information and the linked assets, possible threats, liabilities,
calculating the risk related to the asset, making plans about how to address and mitigate the
risk, plan about undertaking appropriate security control measures and implementing them.
The information security policy should be flexible to make necessary changes whenever it is
necessary. The networks installed in the educational campus often face unique problems in
the cases of information security. The Information security system of an educational
institution gets attacked by different viruses like worms, ransomware, malware, adware, and
trojan. The burden to protect all that information is on the shoulders of the IT team.
Basic principles of information security:
A principle that is the foundation prerequisite of an information security system for
the secured flow of data and storage of information is the CIA triad (AlHogail 2015). The full
form of CIA stands for confidentiality, integrity, and availability, and these three are the main
ideas of information security (Qadir and Quadri 2016). The CIA triad mainly consists of four
information security layers. These layers denote the data communication and data flow
process of the system and are discussed below;
Introduction:
Information security or infosec is the process of protecting information and mitigating
the risk of it getting disclosed improperly (Parsons et al. 2017). It is one of the parts of the
information risk management process. The issue concerning the risk of infosec security is
ranked as number one in the list published by Educause review (Bagheri and Movahed 2016).
It generally includes the process of avoiding or reducing the chances of unauthorized access.
Information can be of any form like physical. tangible, intangible, or electronic. Information
security thrives on protecting the confidentiality of any such data in an organization. The
process involves identifying the information and the linked assets, possible threats, liabilities,
calculating the risk related to the asset, making plans about how to address and mitigate the
risk, plan about undertaking appropriate security control measures and implementing them.
The information security policy should be flexible to make necessary changes whenever it is
necessary. The networks installed in the educational campus often face unique problems in
the cases of information security. The Information security system of an educational
institution gets attacked by different viruses like worms, ransomware, malware, adware, and
trojan. The burden to protect all that information is on the shoulders of the IT team.
Basic principles of information security:
A principle that is the foundation prerequisite of an information security system for
the secured flow of data and storage of information is the CIA triad (AlHogail 2015). The full
form of CIA stands for confidentiality, integrity, and availability, and these three are the main
ideas of information security (Qadir and Quadri 2016). The CIA triad mainly consists of four
information security layers. These layers denote the data communication and data flow
process of the system and are discussed below;
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Application Access
The application access layer indicates that access to user applications must be limited on a
need-to-know basis.
Infrastructure Access
The infrastructure access cover describes the access to various mechanisms of the
information infrastructure that must be controlled on a need-to-know basis.
Physical Access:
The physical access sheet denotes the notion that physical access to systems, servers, data
centers, which usually store vital information, must be regulated on a need-to-know basis.
Data-in-Motion:
The data-in-motion coat indicates that access to data transfer must be limited while it is in
motion.
Confidentiality:
The principle of confidentiality denotes that every information must be protected
from the unauthorized access of the person who is not allowed to use it. This principle
commands that information must essentially be used by people who are authorized to do it or
has the privilege to access it. The challenge that comes with data is that it can easily lose its
confidential nature by unauthorized access. It happens, particularly with a weak information
security system. Therefore, all people associated with the data must be attentive about their
duty and responsibility to protect the confidentiality of the information shared with them in
the regular course (Aldossary and Allen 2016).
Integrity:
Every data must have a glass of integrity that protects the easy disclosure. For this
data, encryption is needed. Encryption is a commonly accepted technique for protecting data
Application Access
The application access layer indicates that access to user applications must be limited on a
need-to-know basis.
Infrastructure Access
The infrastructure access cover describes the access to various mechanisms of the
information infrastructure that must be controlled on a need-to-know basis.
Physical Access:
The physical access sheet denotes the notion that physical access to systems, servers, data
centers, which usually store vital information, must be regulated on a need-to-know basis.
Data-in-Motion:
The data-in-motion coat indicates that access to data transfer must be limited while it is in
motion.
Confidentiality:
The principle of confidentiality denotes that every information must be protected
from the unauthorized access of the person who is not allowed to use it. This principle
commands that information must essentially be used by people who are authorized to do it or
has the privilege to access it. The challenge that comes with data is that it can easily lose its
confidential nature by unauthorized access. It happens, particularly with a weak information
security system. Therefore, all people associated with the data must be attentive about their
duty and responsibility to protect the confidentiality of the information shared with them in
the regular course (Aldossary and Allen 2016).
Integrity:
Every data must have a glass of integrity that protects the easy disclosure. For this
data, encryption is needed. Encryption is a commonly accepted technique for protecting data
5INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
inflow, but now it is also used as a mode to conserve the integrity of the data in-store. The
process of encryption usually applies to decode the data that is there in a file into bits of
illegible character or impossible to be decoded except a decoding key. In the case of the
manual data encryption process, the user installs a software program to start data encryption.
In the case of transparent data encryption, the data automatically gets encrypted without the
user's help. In the symmetric encryption process, the key is the only means to decrypt data
and substitute characters. When proper data encryption is ensured, then a third party can't
access the data (Pachghare, 2015).
Availability:
The availability principle ensures the weight of safeguarding information in a position
where illegal users can't access it. (Mijnhardt, Baars and 2016).
The fundamentals of CIA principles remain the same, but the compliance methods for
the application of these guidelines keep on changing from time to time.
Role of training and periodic awareness
As per the Symantec Internet Security Threat Report published in 2016, data security
breach incidents in the educational sector ranked as the third most emerging risk issue (Teoh
and Mahmood 2017). The personal data of college students get compromised with the
unsecured use of networks in the libraries and cafeteria (Weiss et al. 2015). To mitigate this
type of probable risk, security awareness training (SAT) is of top importance for every
educational institution dealing with some data. In this program, all the students, teachers, and
staff of an institution, including management and other facilities, get a proper understanding
of the IT governance matters, and also they learn how to keep it in control in their daily
dealing (Farooq et al. 2015). This automatically reduces the risk of information getting
violated. It is important to understand different IT threats and respond accordingly.
inflow, but now it is also used as a mode to conserve the integrity of the data in-store. The
process of encryption usually applies to decode the data that is there in a file into bits of
illegible character or impossible to be decoded except a decoding key. In the case of the
manual data encryption process, the user installs a software program to start data encryption.
In the case of transparent data encryption, the data automatically gets encrypted without the
user's help. In the symmetric encryption process, the key is the only means to decrypt data
and substitute characters. When proper data encryption is ensured, then a third party can't
access the data (Pachghare, 2015).
Availability:
The availability principle ensures the weight of safeguarding information in a position
where illegal users can't access it. (Mijnhardt, Baars and 2016).
The fundamentals of CIA principles remain the same, but the compliance methods for
the application of these guidelines keep on changing from time to time.
Role of training and periodic awareness
As per the Symantec Internet Security Threat Report published in 2016, data security
breach incidents in the educational sector ranked as the third most emerging risk issue (Teoh
and Mahmood 2017). The personal data of college students get compromised with the
unsecured use of networks in the libraries and cafeteria (Weiss et al. 2015). To mitigate this
type of probable risk, security awareness training (SAT) is of top importance for every
educational institution dealing with some data. In this program, all the students, teachers, and
staff of an institution, including management and other facilities, get a proper understanding
of the IT governance matters, and also they learn how to keep it in control in their daily
dealing (Farooq et al. 2015). This automatically reduces the risk of information getting
violated. It is important to understand different IT threats and respond accordingly.
6INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Nowadays, many educational institutions invest huge money in cybersecurity education
programs to make the students knowledgeable about the use of computers in the campus area
and teach them about how to be aware of malfunctioning of their data or how to stop the
hacking of their data from their computer system. While awaking the students about possible
information security threats, the process of avoiding phishing scams should be given top
priority in the training checklist. Phishing cons attempt to ask about different pieces of
information like login details, bank account numbers, Social Security numbers, and other
personally identifiable information. In addition to this, it tries to generate a sense of panic in
the user by informing that there is some unauthorized activity in the user account which
needs immediate action. Students need to be aware of this kind of threat. To make them
understand this threat, the IT team can conduct an online phishing quiz to explain what a
student should look in both fake and legitimate emails (Perrault 2018). The It team can also
guide the student by recommending them to use proper password format while creating any
password. The training should also include information about those situations where a student
must not leave their computer unattended while working on it, as this can prevent the stealing
of important data. Another important fact that can be recommended in training is the
browsing of secured sites. The security of a site can be detected by looking at the padlock
icon and “https” in front of the website address. Using a proper firewall and proxy serves
while internet access is another thing that an academic user must know. The students must
also have proper training on the use of the unsecured network as that can be accessed by a
third party, and sensitive information can be collected by them (Frost and Hamlin 2017).
Educating students and other people can help in minimizing the chance to become a victim of
a cybercrime invasion that targets the information of the academic users.
Nowadays, many educational institutions invest huge money in cybersecurity education
programs to make the students knowledgeable about the use of computers in the campus area
and teach them about how to be aware of malfunctioning of their data or how to stop the
hacking of their data from their computer system. While awaking the students about possible
information security threats, the process of avoiding phishing scams should be given top
priority in the training checklist. Phishing cons attempt to ask about different pieces of
information like login details, bank account numbers, Social Security numbers, and other
personally identifiable information. In addition to this, it tries to generate a sense of panic in
the user by informing that there is some unauthorized activity in the user account which
needs immediate action. Students need to be aware of this kind of threat. To make them
understand this threat, the IT team can conduct an online phishing quiz to explain what a
student should look in both fake and legitimate emails (Perrault 2018). The It team can also
guide the student by recommending them to use proper password format while creating any
password. The training should also include information about those situations where a student
must not leave their computer unattended while working on it, as this can prevent the stealing
of important data. Another important fact that can be recommended in training is the
browsing of secured sites. The security of a site can be detected by looking at the padlock
icon and “https” in front of the website address. Using a proper firewall and proxy serves
while internet access is another thing that an academic user must know. The students must
also have proper training on the use of the unsecured network as that can be accessed by a
third party, and sensitive information can be collected by them (Frost and Hamlin 2017).
Educating students and other people can help in minimizing the chance to become a victim of
a cybercrime invasion that targets the information of the academic users.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Information security standard and guideline:
The term "standard" in information security thrives on distinguishing between written
policies, standards, and procedures. Every academic institution’s IT department should
follow a strict policy to reduce the risk of a security breach. A fundamental aspect of the
growth of the economy and society is data, and it is necessary to protect the same from
cybercriminals. For this purpose, it is necessary to create information security protection
guidelines to ensure the safety of the data. In gulf countries, there are some existing
information security standards and policies that every educational institution needs to follow.
For the security of the students, teachers, and other people, it is important to secure data
connecting them. The information technology department of an organization needs to ensure
internationally recognized information security standards while planning about structured
information security management. The information security standards provide information
about the goal of an institution in the field of protecting and securing data of their students.
Every institution needs to decide about data storage software while making guidelines for
information security. Such software act like a locker for all the files containing personal
information and other vital information that can be subject to breach. It will be important for
students, faculties, and others who have the authority to access those files to use their
credentials while using or working on any data. Every information security policy must
ensure the Data Protection policy of the governing country. As per one of the survey reports,
the majority of the college and offices in the UAE lack an adequate process of detecting and
monitoring data breaches (Kshetri 2016). Every information security protection team needs to
comply with the CIA triad while ensuring their security guidelines. Every data must be
treated as confidential, and it must have the integrity of not to be disclosed easily and, also,
every data must not be subject to unauthorized access outside its permissible location. It is the
Information security standard and guideline:
The term "standard" in information security thrives on distinguishing between written
policies, standards, and procedures. Every academic institution’s IT department should
follow a strict policy to reduce the risk of a security breach. A fundamental aspect of the
growth of the economy and society is data, and it is necessary to protect the same from
cybercriminals. For this purpose, it is necessary to create information security protection
guidelines to ensure the safety of the data. In gulf countries, there are some existing
information security standards and policies that every educational institution needs to follow.
For the security of the students, teachers, and other people, it is important to secure data
connecting them. The information technology department of an organization needs to ensure
internationally recognized information security standards while planning about structured
information security management. The information security standards provide information
about the goal of an institution in the field of protecting and securing data of their students.
Every institution needs to decide about data storage software while making guidelines for
information security. Such software act like a locker for all the files containing personal
information and other vital information that can be subject to breach. It will be important for
students, faculties, and others who have the authority to access those files to use their
credentials while using or working on any data. Every information security policy must
ensure the Data Protection policy of the governing country. As per one of the survey reports,
the majority of the college and offices in the UAE lack an adequate process of detecting and
monitoring data breaches (Kshetri 2016). Every information security protection team needs to
comply with the CIA triad while ensuring their security guidelines. Every data must be
treated as confidential, and it must have the integrity of not to be disclosed easily and, also,
every data must not be subject to unauthorized access outside its permissible location. It is the
8INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
question of credibility of the information security software installed in a security system to
work on the CIA triad.
Fig: Three main components of information security standard
(Teoh and Mahmood 2017)
Suitable security standard:
It noted that cybersecurity problems in the UAE are rising, and every educational
institution and organization should better be prepared for protecting data from malicious
attacks. Recently, a British school in Dubai has reported about a cyber attack on its network.
It is one of the incidents of phishing attacks where hackers used certain software to detect the
weak password of a student and hacked the entire system. To ensure the non-happening of
this type of risk, it is necessary to make the student understand the usage of a password. It is a
very important security standard that must be ensured in every educational institution as well
as organization, bank, and other places. A strong password must be comprised of alphabets,
numbers, lower and upper case characters. It must not comprise any part of the student name,
date of birth, or any personal information. Password is the key to open the lock of every
question of credibility of the information security software installed in a security system to
work on the CIA triad.
Fig: Three main components of information security standard
(Teoh and Mahmood 2017)
Suitable security standard:
It noted that cybersecurity problems in the UAE are rising, and every educational
institution and organization should better be prepared for protecting data from malicious
attacks. Recently, a British school in Dubai has reported about a cyber attack on its network.
It is one of the incidents of phishing attacks where hackers used certain software to detect the
weak password of a student and hacked the entire system. To ensure the non-happening of
this type of risk, it is necessary to make the student understand the usage of a password. It is a
very important security standard that must be ensured in every educational institution as well
as organization, bank, and other places. A strong password must be comprised of alphabets,
numbers, lower and upper case characters. It must not comprise any part of the student name,
date of birth, or any personal information. Password is the key to open the lock of every
9INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
confidential data, so it is necessary to make it strong and change it randomly for its protection
(Jarecki et al. 2016). Also, a student or other people of the institution must not use the same
password for different devices. The information security team of an institution must take
steps to monitor the right use of a password and in this way, eliminates the risk factor related
to a data breach.
Design anti-virus and remote access policy:
Anti-virus policy:
Every user of computers in an institution must know and follow the anti-virus policy of
that particular institution.
ď‚· Definition: Anti-virus policies help in preventing damages of computer systems and
also ensure the protection of data, files, and hardware stored in it. Anti-virus policies
alert users about the upcoming threat and minimize the future risk that can arise while
accessing any dangerous or malicious data (Safa et al. 2015).
ď‚· Scope: An anti-virus policy must contain a scope of the policy by mentioning that the
policy applies to all the computers used by the employees, faculty, vendors,
contractors, partners, students, collaborators, and others interested in the business or
research of the organization or not. It must be mentioned if any other party has the
authority to use the computers of a respected institution (Garba, Armarego and
Murray 2015).
ď‚· Policy statement: Policy statement in an anti-virus policy must mention the
following;
1. Every anti-virus policy statement must contain the headline of the policy.
2. The reason for implementing the policy must be mentioned in the policy
statement.
confidential data, so it is necessary to make it strong and change it randomly for its protection
(Jarecki et al. 2016). Also, a student or other people of the institution must not use the same
password for different devices. The information security team of an institution must take
steps to monitor the right use of a password and in this way, eliminates the risk factor related
to a data breach.
Design anti-virus and remote access policy:
Anti-virus policy:
Every user of computers in an institution must know and follow the anti-virus policy of
that particular institution.
ď‚· Definition: Anti-virus policies help in preventing damages of computer systems and
also ensure the protection of data, files, and hardware stored in it. Anti-virus policies
alert users about the upcoming threat and minimize the future risk that can arise while
accessing any dangerous or malicious data (Safa et al. 2015).
ď‚· Scope: An anti-virus policy must contain a scope of the policy by mentioning that the
policy applies to all the computers used by the employees, faculty, vendors,
contractors, partners, students, collaborators, and others interested in the business or
research of the organization or not. It must be mentioned if any other party has the
authority to use the computers of a respected institution (Garba, Armarego and
Murray 2015).
ď‚· Policy statement: Policy statement in an anti-virus policy must mention the
following;
1. Every anti-virus policy statement must contain the headline of the policy.
2. The reason for implementing the policy must be mentioned in the policy
statement.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
3. It must also contain a precise definition of various devices that comes under
the purview of the information security protection for that institution and state
restricted devices particulars.
4. In addition to this, proper mention of the anti-virus software and limitation of
its usage within the organization by the users should be declared.
5. An anti-virus policy statement must also mention things like, the name of the
network that is going to be used in the university area and restrictions of its
use, whether anti-virus software to detect threat of the network is installed in
such network or not, frequency of software update for the requirement of the
computer systems, if there is any automatic software is installed in the
network to detect virus corrupted devices, files and restrict the same.
6. A policy shall also properly mention the permission granting authority that is
going to restrict such access (Farooq 2015).
7. It must also mention whether there is going to be a different user name and
password for the visitor's access to the restricted network in the policy.
8. In some cases, policy statement also mentions about the remedies available in
case of violation of the policy like what actions can be taken and what are the
preventive measure that is available for unknowingly violating the policy.
Remote access policy:
Definition: Remote access policy provides frameworks and describes acceptable modes when
it is necessary to connect to the internal network remotely. It also provides ranges within
which range connecting devices to the institution’s internal network is accessible (Freeman et
al. 2019). It is permissible in such scenarios when a teacher or student is not physically
present on the campus, but they need to access the internal networks for their work (Peltier
2016).
3. It must also contain a precise definition of various devices that comes under
the purview of the information security protection for that institution and state
restricted devices particulars.
4. In addition to this, proper mention of the anti-virus software and limitation of
its usage within the organization by the users should be declared.
5. An anti-virus policy statement must also mention things like, the name of the
network that is going to be used in the university area and restrictions of its
use, whether anti-virus software to detect threat of the network is installed in
such network or not, frequency of software update for the requirement of the
computer systems, if there is any automatic software is installed in the
network to detect virus corrupted devices, files and restrict the same.
6. A policy shall also properly mention the permission granting authority that is
going to restrict such access (Farooq 2015).
7. It must also mention whether there is going to be a different user name and
password for the visitor's access to the restricted network in the policy.
8. In some cases, policy statement also mentions about the remedies available in
case of violation of the policy like what actions can be taken and what are the
preventive measure that is available for unknowingly violating the policy.
Remote access policy:
Definition: Remote access policy provides frameworks and describes acceptable modes when
it is necessary to connect to the internal network remotely. It also provides ranges within
which range connecting devices to the institution’s internal network is accessible (Freeman et
al. 2019). It is permissible in such scenarios when a teacher or student is not physically
present on the campus, but they need to access the internal networks for their work (Peltier
2016).
11INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
ď‚· Scope: In a remote access policy, the scope of the policy must mention about the
devices to which this particular policy is going to be applicable and also designations
of the specific person who will fall under the purview of the remote-access policy.
ď‚· Policy statement: A policy statement mentions permissible manners and behaviors in
cases of a remote access policy. The following things must be mentioned in cases of
remote access policy statement;
1. A remote access policy must mention the definition of accessible devices, the
purpose of the policy.
2. It must mention about all available methods to remotely connect with internal
resources like dial-in, Integrated Services Digital Networks or Frame Relay,
telnet, Cable modem.
3. The remote access policy statement must specify that users, while using
networks outside the institution area, must comply with other institutional
policies
4. The policy should mention some requisite guidelines about the usage of those
devices which are going to be used externally.
5. It must also mention about whether devices which going to be used from
outside by connecting through the internal networks, needs to go through a
prior quality check or not by the information security team of an institution to
minimize data violation risk.
6. Other important things like duration till when one user can be connected with
the remote networks must be mentioned.
7. A remote access policy statement must also mention the restrictions about
downloading and transferring confidential data on remote devices, dropbox
and google drive and in cases loss of remote devices connected with the
ď‚· Scope: In a remote access policy, the scope of the policy must mention about the
devices to which this particular policy is going to be applicable and also designations
of the specific person who will fall under the purview of the remote-access policy.
ď‚· Policy statement: A policy statement mentions permissible manners and behaviors in
cases of a remote access policy. The following things must be mentioned in cases of
remote access policy statement;
1. A remote access policy must mention the definition of accessible devices, the
purpose of the policy.
2. It must mention about all available methods to remotely connect with internal
resources like dial-in, Integrated Services Digital Networks or Frame Relay,
telnet, Cable modem.
3. The remote access policy statement must specify that users, while using
networks outside the institution area, must comply with other institutional
policies
4. The policy should mention some requisite guidelines about the usage of those
devices which are going to be used externally.
5. It must also mention about whether devices which going to be used from
outside by connecting through the internal networks, needs to go through a
prior quality check or not by the information security team of an institution to
minimize data violation risk.
6. Other important things like duration till when one user can be connected with
the remote networks must be mentioned.
7. A remote access policy statement must also mention the restrictions about
downloading and transferring confidential data on remote devices, dropbox
and google drive and in cases loss of remote devices connected with the
12INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
network whom should be informed, must have a clear view in the policy (Safa,
Von Solms and Futcher 2016).
The acceptable use policy for staff, student, and other people:
User policy is a document that guides the requisites for requesting and retaining an
account on computer devices, tools, or networks. It is very important for large universities to
have a strict protocol regarding the user policy in cases where they have different uses,
accessible information on their websites, or tools that are to be used for academic purposes by
the students, staff, and other persons. The scope of a user policy is to ensure proper access to
electronic devices by the members of the institution (Patterson and Patterson 2017). It is
important to discuss network protocol policy and email policy while discussing the user
policy of an institution.
Network protocols policy:
Definition: Network protocols direct the protocol for transfer, format, and receive data using
servers and routers so that computer network devices can connect irrespective of the
differences in their fundamental infrastructures, standards, or designs.
Scope: A network protocol policy must mention about the application of the policy to all
Information technology systems that are connected to all the devices installed in an
institution.
Policy statement: A network policy statement must contain the following things;
1. A network policy must mention the nature of all the networks that are going to be
used for all the devices in an institution.
2. It must also contain clear information about the applicability of the protocol to the
persons involved with the institution.
network whom should be informed, must have a clear view in the policy (Safa,
Von Solms and Futcher 2016).
The acceptable use policy for staff, student, and other people:
User policy is a document that guides the requisites for requesting and retaining an
account on computer devices, tools, or networks. It is very important for large universities to
have a strict protocol regarding the user policy in cases where they have different uses,
accessible information on their websites, or tools that are to be used for academic purposes by
the students, staff, and other persons. The scope of a user policy is to ensure proper access to
electronic devices by the members of the institution (Patterson and Patterson 2017). It is
important to discuss network protocol policy and email policy while discussing the user
policy of an institution.
Network protocols policy:
Definition: Network protocols direct the protocol for transfer, format, and receive data using
servers and routers so that computer network devices can connect irrespective of the
differences in their fundamental infrastructures, standards, or designs.
Scope: A network protocol policy must mention about the application of the policy to all
Information technology systems that are connected to all the devices installed in an
institution.
Policy statement: A network policy statement must contain the following things;
1. A network policy must mention the nature of all the networks that are going to be
used for all the devices in an institution.
2. It must also contain clear information about the applicability of the protocol to the
persons involved with the institution.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
3. It must state about the suitable and prohibited use of data such as student directory
information and other personally identifiable information by the student, faculty,
and other people and also clarify acceptable limits about such data use.
4. It must also mention about the registration of devices with the institutions that are
going to be connected with the networks.
5. It must also mention about software checks, if any, is necessary before permitting
the use of such a device outside the area of institution that must also be mentioned
in the policy (Reidenberg et al. 2015).
6. Rights, responsibilities of the students, and other concerned people using or
working on such a device must be precisely mentioned in the protocol.
7. A precise guideline for data accessing and downloading must be mentioned in
network policy.
8. Restrictions on the usage of the external site or social media sites while connected
to that network and permissible authorities in case of necessary use of such
prohibited sites must be mentioned in a network protocol policy.
9. The policy should also be mentioned about the rights of random checking if any,
of devices by the institution authorities to ensure the safeguard of Information
Security. Proper information about the software update frequency and intellectual
property rights must be there (Sathyendra et al. 2017),
3. It must state about the suitable and prohibited use of data such as student directory
information and other personally identifiable information by the student, faculty,
and other people and also clarify acceptable limits about such data use.
4. It must also mention about the registration of devices with the institutions that are
going to be connected with the networks.
5. It must also mention about software checks, if any, is necessary before permitting
the use of such a device outside the area of institution that must also be mentioned
in the policy (Reidenberg et al. 2015).
6. Rights, responsibilities of the students, and other concerned people using or
working on such a device must be precisely mentioned in the protocol.
7. A precise guideline for data accessing and downloading must be mentioned in
network policy.
8. Restrictions on the usage of the external site or social media sites while connected
to that network and permissible authorities in case of necessary use of such
prohibited sites must be mentioned in a network protocol policy.
9. The policy should also be mentioned about the rights of random checking if any,
of devices by the institution authorities to ensure the safeguard of Information
Security. Proper information about the software update frequency and intellectual
property rights must be there (Sathyendra et al. 2017),
14INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Email policy:
Definition: An email policy is a document issued by the management that correctly
summarizes how employees can use electronic communication tools.
Scope: An email policy must mention about the appropriate use of any email sent from an
email address and its applicability to all employees and other concerned people.
Policy statement:
1. The sender of an email must obey the institution policies and data protection
standards.
2. All emails must be sent from the company email address to other addresses for
company business purposes only and not for personal or commercial reasons.
3. Email users are prohibited from sending emails to a third party and must not send
confidential information.
4. Guidelines should include whether there is a need for separate user ID and password
for third party visitors (Hussain et al. 2018).
Conclusion:
It can be concluded from the above discussion that, in cases of information security of
an organization, the employees and other persons associated with it are bound to obey the
policy as they usually face the consequences strictly. But in cases of an educational
institution, there is no such legal or general consequences exist. The student does not get
proper punishment in cases of unauthorized data usage. It is for the institution to come up
with new ideas in the subject of information security to make it stronger and decrease the
risk. For many institutions, securing the network is not just an option but a mandatory thing
to do. To safeguard the important institutional data and files, the information security team of
an institution must take reasonable methods with the goal of creating a stable and secure
Email policy:
Definition: An email policy is a document issued by the management that correctly
summarizes how employees can use electronic communication tools.
Scope: An email policy must mention about the appropriate use of any email sent from an
email address and its applicability to all employees and other concerned people.
Policy statement:
1. The sender of an email must obey the institution policies and data protection
standards.
2. All emails must be sent from the company email address to other addresses for
company business purposes only and not for personal or commercial reasons.
3. Email users are prohibited from sending emails to a third party and must not send
confidential information.
4. Guidelines should include whether there is a need for separate user ID and password
for third party visitors (Hussain et al. 2018).
Conclusion:
It can be concluded from the above discussion that, in cases of information security of
an organization, the employees and other persons associated with it are bound to obey the
policy as they usually face the consequences strictly. But in cases of an educational
institution, there is no such legal or general consequences exist. The student does not get
proper punishment in cases of unauthorized data usage. It is for the institution to come up
with new ideas in the subject of information security to make it stronger and decrease the
risk. For many institutions, securing the network is not just an option but a mandatory thing
to do. To safeguard the important institutional data and files, the information security team of
an institution must take reasonable methods with the goal of creating a stable and secure
15INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
environment. Securing educational networks is a very practical fact that every educational
institution must ensure to achieve. Schools and universities that are taking steps in securing
the same are in a better position in saving the personal data of their students and teachers.
environment. Securing educational networks is a very practical fact that every educational
institution must ensure to achieve. Schools and universities that are taking steps in securing
the same are in a better position in saving the personal data of their students and teachers.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Reference:
Aldossary, S. and Allen, W., 2016. Data security, privacy, availability and integrity in cloud
computing: issues and current solutions. International Journal of Advanced Computer
Science and Applications, 7(4), pp.485-498.
AlHogail, A., 2015. Design and validation of information security culture framework.
Computers in Human Behavior, 49, pp.567-575.
Bagheri, M. and Movahed, S.H., 2016. The effect of the Internet of Things (IoT) on
education business model. In 2016 12th International Conference on Signal-Image
Technology & Internet-Based Systems (SITIS) (pp. 435-441). IEEE.
Farooq, A., Kakakhel, S.R.U., Virtanen, S. and Isoaho, J., 2015, December. A taxonomy of
perceived information security and privacy threats among IT security students. In 2015 10th
International Conference for Internet Technology and Secured Transactions (ICITST) (pp.
280-286). IEEE.
Freeman, T., Fisher, M., Baum, F. and Friel, S., 2019. Healthy infrastructure: Australian
National Broadband Network policy implmentation and its importance to health equity.
Information, Communication & Society, 22(10), pp.1414-1431.
Frost, J. and Hamlin, A., 2017. INTERNET SECURITY AND PRIVACY THREATS, AS
PERCEIVED BY AMERICAN AND INTERNATIONAL BUSINESS STUDENTS. Global
Journal of Business Disciplines, 1(1), p.36.
Garba, A.B., Armarego, J. and Murray, D., 2015. A policy-based framework for managing
information security and privacy risks in BYOD environments. International Journal of
Emerging Trends & Technology in Computer Science, 4(2), pp.189-98.
Reference:
Aldossary, S. and Allen, W., 2016. Data security, privacy, availability and integrity in cloud
computing: issues and current solutions. International Journal of Advanced Computer
Science and Applications, 7(4), pp.485-498.
AlHogail, A., 2015. Design and validation of information security culture framework.
Computers in Human Behavior, 49, pp.567-575.
Bagheri, M. and Movahed, S.H., 2016. The effect of the Internet of Things (IoT) on
education business model. In 2016 12th International Conference on Signal-Image
Technology & Internet-Based Systems (SITIS) (pp. 435-441). IEEE.
Farooq, A., Kakakhel, S.R.U., Virtanen, S. and Isoaho, J., 2015, December. A taxonomy of
perceived information security and privacy threats among IT security students. In 2015 10th
International Conference for Internet Technology and Secured Transactions (ICITST) (pp.
280-286). IEEE.
Freeman, T., Fisher, M., Baum, F. and Friel, S., 2019. Healthy infrastructure: Australian
National Broadband Network policy implmentation and its importance to health equity.
Information, Communication & Society, 22(10), pp.1414-1431.
Frost, J. and Hamlin, A., 2017. INTERNET SECURITY AND PRIVACY THREATS, AS
PERCEIVED BY AMERICAN AND INTERNATIONAL BUSINESS STUDENTS. Global
Journal of Business Disciplines, 1(1), p.36.
Garba, A.B., Armarego, J. and Murray, D., 2015. A policy-based framework for managing
information security and privacy risks in BYOD environments. International Journal of
Emerging Trends & Technology in Computer Science, 4(2), pp.189-98.
17INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Hussain, T., Atta, K., Bawany, N.Z. and Qamar, T., 2018. Passwords and User Behavior.
JCP, 13(6), pp.692-704.
Jarecki, S., Krawczyk, H., Shirvanian, M. and Saxena, N., 2016, May. Device-enhanced
password protocols with optimal online-offline protection. In Proceedings of the 11th ACM
on Asia Conference on Computer and Communications Security (pp. 177-188). ACM.
Kshetri, N., 2016. Cybersecurity in Gulf Cooperation Council Economies. In The Quest to
Cyber Superiority (pp. 183-194). Springer, Cham.
Mijnhardt, F., Baars, T. and Spruit, M., 2016. Organizational characteristics influencing SME
information security maturity. Journal of Computer Information Systems, 56(2), pp.106-115.
Pachghare, V.K., 2015. Cryptography and information security. PHI Learning Pvt. Ltd.
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A. and Zwaans, T., 2017.
The human aspects of information security questionnaire (HAIS-Q): two further validation
studies. Computers & Security, 66, pp.40-51.
Patterson, R.W. and Patterson, R.M., 2017. Computers and productivity: Evidence from
laptop use in the college classroom. Economics of Education Review, 57, pp.66-79.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Perrault, E.K., 2018. Using an Interactive Online Quiz to Recalibrate College Students’
Attitudes and Behavioral Intentions About Phishing. Journal of Educational Computing
Research, 55(8), pp.1154-1167.
Qadir, S. and Quadri, S.M.K., 2016. Information availability: An insight into the most
important attribute of information security. Journal of Information Security, 7(03), p.185.
Hussain, T., Atta, K., Bawany, N.Z. and Qamar, T., 2018. Passwords and User Behavior.
JCP, 13(6), pp.692-704.
Jarecki, S., Krawczyk, H., Shirvanian, M. and Saxena, N., 2016, May. Device-enhanced
password protocols with optimal online-offline protection. In Proceedings of the 11th ACM
on Asia Conference on Computer and Communications Security (pp. 177-188). ACM.
Kshetri, N., 2016. Cybersecurity in Gulf Cooperation Council Economies. In The Quest to
Cyber Superiority (pp. 183-194). Springer, Cham.
Mijnhardt, F., Baars, T. and Spruit, M., 2016. Organizational characteristics influencing SME
information security maturity. Journal of Computer Information Systems, 56(2), pp.106-115.
Pachghare, V.K., 2015. Cryptography and information security. PHI Learning Pvt. Ltd.
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A. and Zwaans, T., 2017.
The human aspects of information security questionnaire (HAIS-Q): two further validation
studies. Computers & Security, 66, pp.40-51.
Patterson, R.W. and Patterson, R.M., 2017. Computers and productivity: Evidence from
laptop use in the college classroom. Economics of Education Review, 57, pp.66-79.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Perrault, E.K., 2018. Using an Interactive Online Quiz to Recalibrate College Students’
Attitudes and Behavioral Intentions About Phishing. Journal of Educational Computing
Research, 55(8), pp.1154-1167.
Qadir, S. and Quadri, S.M.K., 2016. Information availability: An insight into the most
important attribute of information security. Journal of Information Security, 7(03), p.185.
18INFORMATION SECURITY IN EDUCATIONAL INSTITUTION
Reidenberg, J.R., Breaux, T., Cranor, L.F., French, B., Grannis, A., Graves, J.T., Liu, F.,
McDonald, A., Norton, T.B. and Ramanath, R., 2015. Disagreeable privacy policies:
Mismatches between meaning and users' understanding. Berkeley Tech. LJ, 30, p.39.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
Safa, N.S., Von Solms, R. and Futcher, L., 2016. Human aspects of information security in
organisations. Computer Fraud & Security, 2016(2), pp.15-18.
Sathyendra, K.M., Wilson, S., Schaub, F., Zimmeck, S. and Sadeh, N., 2017, September.
Identifying the provision of choices in privacy policy text. In Proceedings of the 2017
Conference on Empirical Methods in Natural Language Processing (pp. 2774-2779).
Teoh, C.S. and Mahmood, A.K., 2017, July. National cyber security strategies for digital
economy. In 2017 International Conference on Research and Innovation in Information
Systems (ICRIIS) (pp. 1-6). IEEE.
Weiss, R.S., Boesen, S., Sullivan, J.F., Locasto, M.E., Mache, J. and Nilsen, E., 2015,
February. Teaching cybersecurity analysis skills in the cloud. In Proceedings of the 46th
ACM Technical Symposium on Computer Science Education (pp. 332-337). ACM.
Reidenberg, J.R., Breaux, T., Cranor, L.F., French, B., Grannis, A., Graves, J.T., Liu, F.,
McDonald, A., Norton, T.B. and Ramanath, R., 2015. Disagreeable privacy policies:
Mismatches between meaning and users' understanding. Berkeley Tech. LJ, 30, p.39.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
Safa, N.S., Von Solms, R. and Futcher, L., 2016. Human aspects of information security in
organisations. Computer Fraud & Security, 2016(2), pp.15-18.
Sathyendra, K.M., Wilson, S., Schaub, F., Zimmeck, S. and Sadeh, N., 2017, September.
Identifying the provision of choices in privacy policy text. In Proceedings of the 2017
Conference on Empirical Methods in Natural Language Processing (pp. 2774-2779).
Teoh, C.S. and Mahmood, A.K., 2017, July. National cyber security strategies for digital
economy. In 2017 International Conference on Research and Innovation in Information
Systems (ICRIIS) (pp. 1-6). IEEE.
Weiss, R.S., Boesen, S., Sullivan, J.F., Locasto, M.E., Mache, J. and Nilsen, E., 2015,
February. Teaching cybersecurity analysis skills in the cloud. In Proceedings of the 46th
ACM Technical Symposium on Computer Science Education (pp. 332-337). ACM.
1 out of 19
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.