Security breaches have become an everyday problem. Some security experts say "it is not if you will be breached, but when...." According to the Identity Theft Resource Center, for 2016 there have been 809 reported breaches exposing over 29 million records. A summary by business category is below.
To mitigate these breaches, federal, and state governments, have passed laws and which require action by institutions of Higher Education. Some of the laws include, but are not limited to, are listed here:
- Payment Card Industry Data Security Standards (PCI-DSS) §12.6 - Make all employees aware of the importance of cardholder information security.
- Educate employees (for example, through posters, letters, memos, meetings and promotions).
- Require employees to acknowledge in writing that they have read and understood the company’s security policy and procedures.
- Federal Information Security Management Act (FISMA) §3544.(b).(4).(A),(B) - Securing awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency, of information security risks associated with their activities; and their responsibilities in complying with agency policies and procedures designed to reduce these risks.
- Gramm-Leach Bliley Act (GLBA) §6801.(b).(1)-(3) - In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical and physical safeguards:
- To insure the security and confidentiality of customer records and information;
- To protect against any anticipated threats or hazards to the security or integrity of such records;
- To protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
- Health Insurance Portability & Accountability Act (HIPAA) §164.308.(a).(5).(i) - Implement a security awareness and training program for all members of its workforce (including management).
- Red Flags Rule §16 CFR 681.1(d)-(e). Employees should be trained about the various red flags to look out for, and/or any other relevant aspect of the organization’s Identity Theft Prevention Program
- Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
To meet our regulartory requirements, all employees must complete annual Cyber Security training. Each year you will receive a "Welcome" email that will contain the URL (vle.securingthehuman.org) for the training along with your user name and password. Because the training is hosted, it is not the same as your Roane State ID and password.
© Roane State Community College
Roane State Community College is a TBR and AA/EEO employer and does not discriminate against students, employees, or applicants for admission or employment on the basis of race, color, religion, creed, national origin, sex, sexual orientation, gender identity/expression, disability, age, status as a protected veteran, genetic information, or any other legally protected class with respect to all employment, programs and activities sponsored by Roane State. View full non-discrimination policy.
Report Fraud, Waste and Abuse
Digital Millennium Copyright Act of 1998