Designing FERPA Technical Safeguards
Designing FERPA Technical Safeguards
Designing FERPA Technical Safeguards
Imagine you are an Information Security consultant for a small college registrar’s office consisting of the registrar and two assistant registrars, two student workers, and one receptionist. The office is physically located near several ther office spaces. The assistant registrars utilize mobile devices over a wireless network to access student records, with the electronic student records being stored on a server located in the building. Additionally, each registrar’s office has a desktop computer that utilizes a wired network to access the server and electronic student records. The receptionist station has a desktop computer that is used to schedule appointments, but cannot access student records. In 1974, Congress enacted the Family Educational Rights and Privacy Act (FERPA) to help protect the integrity of student records. The college has hired you to ensure technical safeguards are appropriately designed to preserve the integrity of the student records maintained in the registrar’s office.
Write a three to five page paper in which you:
- Analyze proper physical access control safeguards and provide sound recommendations to be employed in the registrar’s office.
- Recommend the proper audit controls to be employed in the registrar’s office.
- Suggest three logical access control methods to restrict unauthorized entities from accessing sensitive information, and explain why you suggested each method.
- Analyze the means in which data moves within the organization and identify techniques that may be used to provide transmission security safeguards.
- Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
- Describe the role of information systems security (ISS) compliance and its relationship to U.S. compliance laws.
- Use technology and information resources to research issues in security strategy and policy formation.
- Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
Family Educational Rights and Privacy Act (FERPA) – These resources should help.
- U.S. Dept. of Education site
- A FERPA Primer from the National Association of Colleges and Employeers
- FERPA: Data & Transport Security Best Practices – United States Department of Education
- Data Security Checklist Paper – United States Department of Education
Remember that the paper must be 3-5 pages, not including the title and reference pages.
Paper should follow the following outline
Introduction
<The introduction should provide an outline of the problem statement. It does not have to be overly detailed, but is should state what the issue is and why it is a problem. You may re-state the first paragraph of the assignment, but in your own words. You will spend the rest of this paper analyzing the problem. BTW, you should remove everything between the < and > symbols, including the symbols. It is recommended that you write your portion after the > symbol and then delete the instructions after you are done writing. The next few sections deal with the types of controls. Make sure you correctly identify and categorize the controls. For example, don’t confuse a logical access control with a physical access control.>
Physical Access Controls
<Think about a typical registrar’s office and provide an overview of what you believe it might look like. Then recommend physical access controls that could be employed to ensure only those with access rights and need-to-know have access to the system hosting FERPA-related information. Take a look at some physical controls that may have been listed in the other regulations you read. Here’s a link to a security controls primer from Wikipedia. Note that technical controls would be the same as logical controls.>
Logical Access Controls
<You need to offer three logical access controls to restrict unauthorized users from gaining access to this information. For each of the three controls, you should describe the control, its function, and why you chose this control. If you don’t quite understand the concept of logical control after reading chapter 2 of the text, check out the Wikipedia definition (linked here). Consider using logical controls listed in the other regulations listed in chapter 2.>
Audit Controls
<You might notice this section is somewhat out of sync with the paper requirements. Audit controls appear as the second requirement on the assignment page, whereas it is listed here as third. You are free to re-align these sections with the assignment page, but there is a reason why they are listed here in this order. Physical and logical access controls are generally classified as preventive measures. These are measures designed to prohibit an unwanted action from occurring. Audit controls are classified as detective in nature. They do not prohibit, but they can be used to detect (after the fact) unwanted actions, as well as a method for establishing accountability of actions. Do not confuse security audit controls with the auditing of IT security. The first is a category of controls, while the latter is the process of reviewing all categories of security controls. This section should concern the former, while the entire course will cover the latter. In this section, you should provide suggestions for audit methods that track access to FERPA information.>
FERPA Data in Motion
<Think about how data moves from one place to another. You’ll need to consider two endpoints. The first is the input (wherever that is) from a data store, and the second is endpoint recipient of that data. Identify techniques that could be used to provide confidentiality and integrity of that data as it moves. We want to make sure no one can either intercept or change the data en route. Some of these may have been mentioned in chapter 2 of the text.>
How the System Would Work
<Remember that the business process forms the basis for determining how the system might work. The use of the new system must align to the business process. If you have not already described the business process, include it here in a few paragraphs. Then go into detail on how the system would work, ensuring it aligns with the described business process. Include the workflow diagram here.>
References
< Reference and list at least three good resources. You may use websites, but those sources should not be on par with Wikipedia. You should choose sources that focus on the concept of FERPA protections.>
"You need a similar assignment done from scratch? Our qualified writers will help you with a guaranteed AI-free & plagiarism-free A+ quality paper, Confidentiality, Timely delivery & Livechat/phone Support.
Discount Code: CIPD30
Click ORDER NOW..
