Information security should remain one of the main priorities for academic institutions since their databases contain personal information not only about students but also about staff members. The role of information security policies has grown even larger with the transition of most academic institutions into the digital setting, where they are exposed to cyberattacks (Pangrazio & Selwyn, 2019). Therefore, evaluating and analyzing their key properties will help to identify the means to improve them.
For this assignment, the information security policies of Harvard University and Yale University have been chosen. Having a long and impressive history in the realm of American education, both universities have developed a clear and accurate information security policy. However, due to the continuous technological updates and the introduction of innovative tools for data management, the security systems had to be updated. As a result, the current policies of Harvard and Yale strive to address the issue of cybersecurity among other concerns.
Presently, both the policy of Yale and that one of Harvard contain the appropriate policy statements. Specifically, Yale singles out four policy artifact types on which its policy is based, whereas Harvard defines key terms and sets its goals (Yale University, 2021; Harvard University, 2021). The rationale repeats itself across both policies, with Yale and Harvard prioritizing the security of its students’ personal data. The policies affect students, the universities’ staff, and education authorities since its breach will entail a threat to students’ privacy and imply repercussions for the staff and the corresponding bodies. Both policies provide definitions of the key terms, outlining the roles and responsibilities of the staff in safeguarding students’ personal data. Furthermore, both policies address the issue of compliance, pointing out that the standards in question are to be followed by the universities’ personnel at all times. The text of the policies includes links to relevant documents, such as requirements (Harvard University, 2021) and supporting procedures (Yale University, 2021).
Both policies represent a comprehensive overview of key issues and the concerns associated with personal data management. However, the Yale guidelines appear to be more coherent and better organized. Namely, the policy covers not only the issue of data breach prevention and the mitigation of possible negative outcomes but also the nuances of managing students’ personal data. Specifically, the functioning of the campus IDs and the specifics of the access procedures are outlined quite precisely.
However, from a user perspective, the policy created by Harvard University appears to be much easier to understand. Namely, the arrangement of data by applying color coding and providing a clear taxonomy of the data security systems represents a more user-friendly framework. Furthermore, key data safety standards are represented straightforwardly, which removes the possibility of any misconceptions. Additionally, the guide includes links to crucial information that students may find interesting from an academic perspective, such as research data security standards.
In the Harvard policy, the responsibilities that students must meet are quite basic and easy to follow. Specifically, the user requirements prohibit sharing passwords or any other sensitive personal data, encourage students to create strong passwords, and explain how devices can be protected. The specified requirements appear to be reasonable and effective for maintaining the security and safety of students, particularly, in regard to managing their personal data.
In turn, the Yale policy requires users to review the Minimum Security Standards (MSS) and offers a tool for calculating the extent of adherence to the MMS in question. The specified framework is much more nuanced and allowing for greater security. However, it is also much more convoluted and difficult to follow than the Harvard one. Therefore, the policy could use an update by reducing the level of its complexity.
References
Harvard University. (2021). Information security policy. Harvard University.
Pangrazio, L., & Selwyn, N. (2019). ‘Personal data literacies’: A critical literacies approach to enhancing understandings of personal digital data. New Media & Society, 21(2), 419-437.
Yale University. (2021). Yale’s information security policy base.