Design of FERPA Technical Safeguard Student`s
Designof FERPA Technical Safeguard
Designof FERPA Technical Safeguard
TheFERPA organization has learner’s files that need privacy andintegrity from the entire public. Since the registrar’s office isaccessed by lots of different kinds of people including two students,security remains a top notch requirement. It is within myjurisdiction to suggest that the security of FERPA emphasizes onpeople, data, hardware, and software. That will necessitate theorganization to plan a systematic methodology to ascertain theinstitution’s safety. The method should contain audit controls,physical access control, access controls and also, design accesssecurity of the database. This paper aims to develop and respond toconcerns on technical safeguard at the registrar’s office.
PhysicalAccess Controls and Recommendations
Accordingto Peltier (2013), physical access controls that can be put in placeencompass restricting individuals who get into the office of theregistrar and them that gain entree to the computer laboratories. Forexample, members of staff at the registrar’s office can make gooduse of facial recognition facilities or biometrics to obtain entry tothe office. That ensures that persons whose biometrics have beenperused and stored in the institution`s database access the service.Next, security cameras can be put in place to ensure no unauthorizedindividual finds their way into the office. Further, the organizationcan do the installation of keypads containing codes that only theauthorized individuals can know.
Recommendationof proper Audit Controls
Thereis a special need for the organization to implement audit control inwhich they will be capable of analyzing the earlier set securitymechanisms are met. Further, that can be used as a platform to decidewhat other areas need to put into place to warrant complete safety.Having an audit control in the registrar’s office will necessitateall workers in that position to set goals on the degree of securityenhancement they need to realize in the firm in a particular timeframe. They should, then, do an evaluation to ascertain whether thegoals were accomplished and if not, they put mechanisms in place toassure success. Others things that can be incorporated encompassintegrity and ethical values, assess the set methodology of work,evaluate workers performance and also, evaluate operating proceduresand policies (Siponen, Mahmood & Pahnila, 2014).
LogicalAccess Control Methods
FERPA organization need to implement various logical access controlmechanisms to minimize access capability to confidential data andinformation. That can sufficiently be achieved through implementingidentification, authorization, and authentication to users thataccess the records of students (Peltier, 2013). Through this, thesystems administrator will grant appropriate privileges to varioususers of the system.
Peltier (2016) asserted that authorization method helps incontrolling the access of objects by the subject, for instance, astudent cannot delete a particular file in the registrar’s officeafter logging into the system. Identification is a security measurein which you claim whom you are by either speaking to someone on thephone or providing an identity through usernames, account numbersamong others. Authentication is a method of proving the identity of asubject. That can be achieved by the use of unique logins, usually acombination of a username and password. That remains an essentialsecurity measure in this organization. Further, authentication in thegroup can be implemented through the use of strictly controlledpasswords, tokens in conjunction with a PIN, and biometricidentification.
DataMovement and Transmission Security
Withinthis particular organization, data can be transferred over theinternet, via email, or a private point-to-point connection. That isinformed by the availability of both wired and wireless networksacross the different departmental offices.
It is crucial to implement technical security measures to protectagainst unauthorized access to electronic protected student’srecords as they are transmitted over the communications network. Someof the techniques that can be used to provide transmission technicalsafeguards include the use of integrity controls and by encryption(Siponen, Mahmood & Pahnila, 2014). Integrity controls certifythat the information transmitted electronically is not incorrectlymodified without recognition until it is disposed of. An essentialmanner of ensuring the integrity is by the usage of networkcommunications protocols. The protocols ascertain that the data isreceived in the same manner it was sent.
Encryption is a key way of data protection. Encryption involvesthe conversion of the original message of standard text into anunreadable text that finally decrypted into plain comprehensive text.Since the organization uses the same and compatible technologybetween and receiver, encryption can, therefore, work efficiently(Siponen, Mahmood & Pahnila, 2014).
It is censoriously notable that technical safeguard technology andassociated processes and policies shield FERPA and regulate access toit. In addition to suitable and practical physical and administrativesafeguards, helps confirm that a protected entity will guarantee theintegrity, confidentiality, and availability of the FERPA student’srecords. Implementation of hardware, software, and proceduralmechanisms help in recording and examining activities of informationsystems that contain and utilize the electronically protectedstudents’ records.
Peltier,T. R. (2013). Informationsecurity fundamentals.CRC Press.
Peltier,T. R. (2016). InformationSecurity Policies, Procedures, and Standards: guidelines foreffective information security management.CRC Press.
Siponen,M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherenceto information security policies: An exploratory fieldstudy. Information& Management, 51(2),217-224.
No related posts.