Introduction
FERPA require the integrity and confidentiality of education records to be maintained at all costs. Thus, all information relating directly to college and university students must be safeguarded against access by unauthorized entities and individuals. However, FERPA gives an institution the legal right to access the records containing information of its students (United States, n.d). Therefore, administrators and faculty members with educations interests may access the confidential information relating to the students, but in some cases, the consent of students is sought before such access is legally permitted. Students are given legal rights to make corrections of their education records including deleting any misleading or inaccurate information.
Analysis and recommendation of physical access control safeguards to be employed in the registrar’s office
Efficient information access control safeguards are needed in the registrar’s office to ensure that the provisions of FERPA are observed in the college. Control safeguard measures should ensure that the wireless network used by the assistant registrar is not misused to carelessly disseminate personal information relating to students (Daggett & Huefner, 2001). Most importantly, the registrar’s office is situated near some other offices which increase the possibility of physically accessing the system in which students’ records are maintained through the manipulation of the server. Therefore, the access to confidential students’ records should be controlled by ensuring restriction to access to this information through authentications such as passwords that should be issued to those with legal rights to access these records.
Recommendation of proper audit controls to be employed in the registrar’s office
Efficient audit control is required in the registrars’ office for the purpose of monitoring how the education information is accessed and shared by the college staff. Assistant registrars and the registrars use a different network. The networks used by both the registrar and assistant registrars should be monitored to ensure that students’ information protected by FERPA is not accessed or shared with unauthorized entities.
Suggestion of three logical access control methods to restrict access to sensitive information by unauthorized entities
Some logical control access measures would be useful to restrict the access to confidential students’ records by unauthorized entities. The fact that students’ electronic records are stored in a server subjects them to various internal threats (Young, 2015). One of the logical control measures that can be used to ensure the confidentiality and integrity of students’ records is the installation of software that requires authentication of users who access the electronic records on the server. This will help in making follow ups that will enable the administration to control how such information is accessed since only the authorized persons will be issued with passwords to allow them to access these records. The individuals allowed to access the students’ records should be trained on how to protect their network against social engineering and cyber threats (McBain, 2008). The administration should also consider the establishment of ACLs (Access Control Lists) to ensure that only individuals with permission to access the confidential students’ information get access to the electronic records. This strategy is useful to restrict access to students’ records.
Means by which data moves within the organization and recommendation on techniques that can be used to provide transmission security safeguards
Data is disseminated through networks in the organization. Direct access and transfer of data are another means by which data move within the organization. Active monitoring of the different networks used in the organization will allow the security administrators to safeguard the transmission of the information to unauthorized entities (McBain, 2008). Another technique is the establishment of the security policy to restrict access to the data warehouses through the integration of standardized information systems for use by authorized individuals only.
References
Daggett, L., & Huefner, D. (2001). Recognizing schools' legitimate educational interests: Rethinking FERPA's approach to the confidentiality of student discipline and classroom records. Am. UL Rev., 51(1), 1-48
McBain, L. (2008). Balancing student privacy, campus security, and public safety: Issues for campus leaders. American Association of State Colleges and Universities.
United States of America Department of Education. U.S. Department of Education Safeguarding Student Privacy. Retrieved January 13, 2017, from Safeguarding_ student_ privacy. Pdf
Young, E. (2015). Educational privacy in the online classroom: FERPA, MOOCs, and the big data conundrum. Harv. J. Law & Tec, 28, 549-593.
