Security Awareness Training
You have been in your role as the CIO for Premier University for almost one year. In that time, you have managed to hire a chief information security officer (CISO) to oversee Premier University’s information security program. The CISO is working to address the university’s GLBA data safeguarding requirements that you previously provided to the Premier University president.The CISO notes that guidance from the Department of Education Office of Federal Student Aid in 2016 recommends that higher education institutions use NIST SP 800-171 to protect the confidentiality of the student financial aid data that the institution uses and stores.You recently notified the university’s president that information security awareness and training is a gap in the institution’s written information security program. Even though a high percentage of higher education institutions require mandatory information security awareness training for faculty and staff, the university president remains unconvinced that Premier University should require information security training.
Using your knowledge of the circumstances of the data breach that the institution experienced over a year ago, guidance from the Department of Education Office of Federal Student Aid, as well as other sources you researched, write a persuasive memo to the Premier University president that argues that the institution should implement mandatory information security awareness training for all faculty and staff.For this part of the project:
Read the Department of Education Office of Federal Student Aid at https://ifap.ed.gov/dear-colleague-letters/07-01-2016-gen-16-12-subject-protecting-student-information.
Research the need for security awareness training for faculty and staff at public universities, such as the latest EDUCAUSE Information Security Almanac
Write a persuasive, professional memo that addresses the need for security awareness training.
In the memo, include any sources you consulted.