New to the guide?
- Welcome to the Guide! Learn how to find the info you need quickly
- Check out the latest toolkits and resources
- Browse the hot topics
- Dive into one of the 17 chapters
- Learn how to advance your infosec career
- Another Fall Semester, Another School of Phish
- The General Data Protection Regulation (GDPR) Explained
- Information Security: Risky Business (2017 Top InfoSec Issues)
- EDUCAUSE 2017 Top 10 IT Issues
- EDUCAUSE Information Security Almanac 2017
- Security Matters blog column in EDUCAUSE Review
- Evolution and Ascent of the CISO
- The Chief Privacy Officer in Higher Education
- The IT Workforce in Higher Education, 2016
- Higher Education Information Security Awareness Programs (ECAR Research Bulletin)
- The Successful Security Awareness Professional: Foundational Skills & Continuing Education Strategies (ECAR Research Bulletin)
- DNSSEC Technology Spotlight
- OpenPGP Technology Spotlight
- PKI Technology Spotlight
- CISO Job Description Template
- Cyber Liability Insurance FAQ
- Data Classification Toolkit
- Data Incident Notification Toolkit
- DIY Video and Poster Security Awareness Contest
- Information Security Program Self-Assessment Tool Updated!
- Mentoring Toolkit
- National Cyber Security Awareness Month Resource Kit
- Toolkit for New CISOs
- 2017 Campus Security Awareness Campaign New!
- Confidential Data Handling Blueprint
- Cybersecurity Awareness Resource Library
- Data Protection Contractual Language: Common Themes and Examples
- Developing Your Campus Information Security Website
- eduroam
- GRC FAQ
- Higher Education Cloud Vendor Assessment Tool (HECVAT) Updated!
- Incident Checklist for Sensitive Data Exposures
- Information Security Governance
- Overview of Bro
- Password Managers
- Risk Management Framework
- Security Awareness Quick Start Guide & Security Awareness Detailed Instruction Manual
- Speakers Bureau
- Splunk
- Third-Party Security Awareness Training Tools
- Tor
- Training and Certifications for Security and Privacy Professionals
Hot Topics!
Other Higher Education Resources
- EDUCAUSE Cybersecurity Program website
- Higher Education Information Security Council (HEISC)
- Internet2 Security Groups
- Annual Security Professionals Conference
- EDUCAUSE Cybersecurity Resource Page
- EDUCAUSE Security Discussion Group List
- Research and Education Networking Information Sharing and Analysis Center (REN-ISAC)
- NSF Cyberinfrastructure Security Resources
- UCISA Information Security Toolkit and Information Security Management Toolkit
Featured Government and Industry Resources
- Digital Services Playbook (U.S. Government)
- Ponemon Library
- Symantec's Compliance Matrix Poster
- Verizon's Data Breach Incidents Report (DBIR)
About the Guide
The Higher Education Information Security Council (HEISC) supports higher education institutions as they improve information security governance, compliance, data protection, and privacy programs. This guide, created by practitioners for practitioners, features toolkits, case studies, effective practices, and recommendations to help jump-start campus information security programs and initiatives. Don't reinvent the wheel – get all of the resources you need here.
Contribute
As a community-driven, community-serving project, it is important for this guide to incorporate experiences and perspectives from many different institutions. To contribute examples of practices that have been effective in your institution, please consider submitting a case study or contact security-council@educause.edu.
Questions or comments? 
Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).