Home page logo

educause logo Educause Security Discussion mailing list archives

Re: laws/regulations to comply with
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Thu, 4 Dec 2008 09:13:23 -0700

Hi Jason,

 Legal compliance is contingent on context, but I think you've identified the most common ones. There are some sites 
that do a pretty good job of identifying some of the laws and the latest information on them. I found this site pretty 
helpful to get up to speed:

 FWIW as an example, our current policy mix sites 10 different sections of Arizona state law, 4 federal laws, 2 FCC 
rulings, and 1 industry mandate. The alphabet soup (e.g. HIPAA, GLBA, etc) of federal laws are a good starting point, 
but next I would suggest your state laws before reading USC for example. State laws typically cover requirements in 
greater depth than federal laws and I think are often more useful to cite. To find applicable state laws, call up your 
counterparts in other state institutions of higher ed, or just read through the laws. :)

Brian Basgen
Information Security
Pima Community College

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Youngquist, Jason
Sent: Thursday, December 04, 2008 8:34 AM
Subject: [SECURITY] laws/regulations to comply with

We are working on writing more formalized policies for the institution.
What I'm looking for is a comprehensive set of law/regulations that an
institution such as a college might need to comply with.  For example,
HIPPA, PCI, Red Flag, FERPA, GLBA, CALEA, state & federal laws, etc.
Is there any definitive list somewhere or does anyone have any
additional suggestions?

Jason Youngquist
Information Technology Security Engineer
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]