Capstone Papers- Designing FERPA Technical Safeguards
Imagine you are an Information Security consultant for a small college registrar’s office consisting of the registrar and two assistant registrars, two student workers, and one receptionist. The office is physically located near several other office spaces. The assistant registrars utilize mobile devices over a wireless network to access student records, with the electronic student records being stored on a server located in the building. Additionally, each registrar’s office has a desktop computer that utilizes a wired network to access the server and electronic student records. The receptionist station has a desktop computer that is used to schedule appointments, but cannot access student records. In 1974,
Congress enacted the Family Educational Rights and Privacy Act (FERPA) to help protect the integrity of student records. The college has hired you to ensure technical safeguards are appropriately designed to preserve the integrity of the student records maintained in the registrar’s office.
Analyze proper physical access control safeguards and provide sound recommendations to be employed in the registrar’s office.
Recommend the proper audit controls to be employed in the registrar’s office.
Suggest three logical access control methods to restrict unauthorized entities from accessing sensitive information, and explain why you suggested each method.
Analyze the means in which data moves within the organization and identify techniques that may be used to provide transmission security safeguards.