Home Page

Table of ContentsChapter 1: IntroductionChapter 2: General Protocol and Policy StatementsChapter 3: Risk AssessmentChapter 4: Physical Security PoliciesChapter 5: Information Security Policies

Chapter 6: Software Security PoliciesChapter 7: User Access Security PoliciesChapter 8: Network and Internet Security PoliciesChapter 9: Administrative Policies and ProceduresChapter 10: Training ProtocolAppendices Index
 Appendix H  -- Bibliography & Resources for Internet Security Information
 
 

This site constitutes a dynamically changing security protocol. This is only the beginning of its possibilities. It is designed to assist Indiana School Boards, Administrators, and Teachers to implement safe data and information systems. As schools develop policies and encounter changing technological systems, there will be a need for amendments to this document. If school districts would like to share documents that could be used on this site as examples, we would welcome that. Suggestions, additions, comments, or questions about this protocol should be directed to the webmaster at <securityinfo@purdue.edu>.Thank you.



  1. American National Standards Institute (ANSI), 11 West 42nd Street, 13th Floor, New York NY 10036 USA; phone (212) 642-4900 or (212) 764-3274; fax (212) 398-0023, http://www.ansi.org

  2. Brown University, A Survey of Selected Computer Policies form Institutions of Higher Education http://www.brown.edu/Research/Unix_Admin/cuisp/

  3. California Department of Education, K-12 Network Technology Planning Guide, Chapter 9, Security and Authentication  http://www.cde.ca.gov/edtech/ntpg/ch09.html 

  4. Commonwealth of Kentucky, Department of Information Systems, Security Manual (Rev. December 1992)

  5. Computer Professionals for Social Responsibility (CPSR), P.O. Box 717, Palo Alto CA 94302 USA; (650) 322-3778; fax (650) 322-4748,  http://www.cpsr.org/ 

  6. Computer Security Institute (CSI), 600 Harrison St., San Francisco CA  94107 USA; (415) 905-2200; fax (415) 905-2218,   http://www.gocsi.com/ 

  7. Electronic Privacy Information Center (EPIC), 666 Pennsylvania Ave. SE, Suite 301, Washington DC 20003 USA; phone (202) 544-9240; fax (202) 547-5482,  http://www.epic.org/

  8. Raymond Elliott, et. al., Information Security in Higher Education,  Association for the Management of Information Technology in Higher Education (CAUSE), Professional Paper Series #5

  9. European Parliament Directive 95/46/EC on the Protection of Individuals with regard to the processing of personal data and on the free movement of such data, http://www.dataprotection.gov.uk/answer/content.htm

  10. Family Educational Rights And Privacy Act (FERPA), 20 U.S.C. 1230 et seq., and Federal Regs. at 34 CFR 99, http://web.indstate.edu/soe/iseas/ferpa.html

  11. Fla. State Technology Charter to Create and Implement safeguards to insure Information resource integrity, and accurate and timely delivery of information to qualified users.

  12. Full Disclosure –  http://www.fulldisclosure.org/

  13. Barbara Guttman and Robert Bagwill, National Institute of Standards and Technology, U.S. Department of Commerce, Internet Security Policy: A Technical Guide [1998? Draft] http://csrc.ncsl.nist.gov/isptg/

  14. Darcy Hopko (CERIAS) -- Confidentiality Reminders  -- parents' rights, when parent consent is required, legal definitions of "educational record," "personally identifiable information," and critical pointers

  15. Indiana Department Of Education, State Requirements and Recommendations for Public School Internet Acceptable Use Policies and Guidelines  (11/95) http://www.siec.k12.in.us/aup/require.html and http://www.siec.k12.in.us/aup/recomm.html   

  16. Information Infrastructure Task Force, Privacy and the National Information Infrastructure: Principles for Providing and Using Personal Information, Final Version (June 6, 1995), http://www.iitf.nist.gov/ipc/ipc/ipc-pubs/niiprivprin_final.html

  17. Information Systems Security; Auerbach Publications; CRC Press; 2000 Corporate Blvd. NW, Boca Raton, FL 33431 USA; phone (800) 272-7737,  http://www.crcpress.com/us/ 

  18. International Computer Security Association (ICSA), 12379-C Sunrise Valley Drive, Reston VA 20191-3422; phone (703) 453-0500; fax (703) 620-6540,   http://www.icsa.net 

  19. Iowa Access, Internet Security & Information: Exchange Issues and Concerns 
     http://www.iowaccess.org/main/projects/3/mod7.html

  20. Iowa Department of Education, Project EASIER, http://www.state.ia.us/educate/programs/easier/

  21. William W. Lowrance, HHS Consultant, Privacy and Health Research, http://aspe.os.dhhs.gov/admnsimp/PHR.htm#Contents

  22. Kevin C. McDowell, Indiana Department of Education,  Divulging School Records: Confidentiality Concerns

  23. Milken Exchange on Education Technology, Indiana Profile (1998) 
     <no longer available online> 

  24. Milken Exchange on Education Technology, Learning Technology Policy Counts: State-by-State Survey Results (1999) 
    http://www.mff.org/publications/publications.taf?page=292

  25. Stephanie Miller (CERIAS), Security Policy Pointers,  Overall Security Architecture (dataflow chart ), What can go wrong during the data flow process (Understanding threats)

  26. Stephanie Miller (CERIAS), Masters Thesis, Using the Techniques of a Security Assessment to Guide Technology Development in Education (December, 1999).

  27. Mississippi Department of Information Technology Services, Network Security, Suite 508, 301 North Lamar Street Jackson, Mississippi, 39201-1495; Voice - (601) 359-1395 FAX - (601) 354-6016,  http://www.its.state.ms.us/et/security/secpaper.htm 

  28. Missouri Research Education Network (MOREnet), MOREnet Security Services Policies, version 1.2 (1998) http://www.more.net/security/secpol.html

  29. National Center for Education Statistics, Education Data Confidentiality: Two Studies, NCES 94-635 (1994), http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=97527 

  30. National Cooperative Education Statistics System & National Center for Education Statistics, Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security, http://nces.ed.gov/pubs98/safetech/

  31. National School Boards Association, ITTE (Education Technology Programs Department), Legal Issues & Education Technology: A School Leader's Guide (April, 1999) http://www.nsba.org/itte/legalpub.html

  32. National School Boards Association, ITTE (Education Technology Programs Department), Leadership & Technology: What School Board Members Need to Know  (October, 1995) http://www.nsba.org/itte/leadtech.html

  33. National School Boards Association, ITTE (Education Technology Programs Department),  Plans & Policies for Technology in Education: A Compendium (March, 1995) http://www.nsba.org/itte/planpol.html

  34. State Government News; Council of State Governments, 2760 Research Park Drive, P.O. Box 11910, Lexington, KY  40578-1910 USA; phone (606) 231-1925, fax (606)244-8001, http://www.statesnews.org/

  35. State of Arkansas, Department of Information Systems, Security Document version 4.0 http://www.dis.state.ar.us/sp/arch/SPA/SecurityPolicy.html

  36. State of Massachusetts, Network Security
    http://www.its.state.ms.us/et/security/secpaper.htm

  37. State of Oregon, Guideline For Developing An Agency Information systems security Policy 

  38. State of Nevada, Department of Information Technology, Policies, Standards and Procedures  http://doitweb.state.nv.us/

  39. State of Texas, Department of Information Resources, Information Resources Security and Risk Management Policy, Standards, and Guidelines (1995), http://www.state.tx.us/ftp/pub/irpolicy.txt

  40. U.S. Dept. of Education, National Center for Education Statistics, Protecting the Privacy of Students Records, NCES 97-527, by Oona Cheung, Barbara Clements, and Ellen Pechman, Washington, D.C: January, 1997, http://nces.ed.gov/pubs97/p97527/

  41. U.S. Dept. of Education, National Center for Education Statistics, Protecting the Privacy of Students Records, NCES 97-859R, by Policy Studies Associates, Inc. Under contract to the Council of Chief State School Officers, Washington, D.C.: Revised, March, 1997, http://privateschool.about.com/education/privateschool/gi/dynamic/offsite.htm?site=http://nces.ed.gov/

  42. Nancy Willard, Legal and Ethical Issues Related to the Use of the Internet in K-12 Schools  http://netizen.uoregon.edu/documents/leicontent.html

  43. Charles Cresson Wood, Information Security Policies Made Easy, Version 7 (Sausalito, Ca. October, 1999).

  44. Noraleen A. Young, Indiana Department of Education & Clay Community School Corporation, Care of Public School Records: A Record Creator's Guide (September 1995).


Go to the Top of the Page


Draft 5/21/00  v5

Updated 3/15/01.

Copyright © 1999 - 2000 Purdue Research Foundation, Inc.  All Rights Reserved.