Security Policies and Security Practices


The adoption of one or more information security policies is the first step that institutions of higher education take to express their commitment to the protection of institutional information resources and the information entrusted to them by constituencies and partners. The policy statement should clearly communicate the institution's beliefs, goals, and objectives for information security.

Consultant Services

  1. Describe the policy
  2. Communicate the reason or business justification for the policy, as well as the risks and negative impact of not implementing the policy
  3. Identify regulatory, technical, cultural, and organizational dependencies for implementation of the policy
  4. Identify milestones and possible roadblocks of implementation, compliance, and enforcement
  5. Identify impacted stakeholders