These guidelines are written to help educational administrators and staff at the building, campus, district, and state levels better understand why and how to effectively secure their organization's sensitive information, critical systems, and computer equipment.

This document is:

• Concerned primarily with information technology security as it relates to the privacy and confidentiality of education information

• Organized so as to walk policy-makers through the steps of developing and implementing sound security policy that is tailored to meet the needs of their individual organizations

• Focused on both technical and procedural requirements (i.e., both computer-related and staff-related issues)

• Presented as a set of recommended guidelines

• Also available electronically at the National Center for Education Statistics' website at http://nces.ed.gov

Formatting Conventions

While all of the information in this guide is important to an educational administrator who is developing and implementing security policy in his or her organization, some points stand out in particular. To better emphasize these points, a few symbols are used throughout the document.

Look for These Symbols A castle denotes something that is or should be done. A bomb denotes something that is not or should not be done. Lightning bolts denote an important point, so read closely!

Notice, for example, that the "lightning bolts" in the left margin below alert readers that they are permitted to modify, customize, and reproduce any part of this document. Also included, where appropriate, are superscript numbers to denote resource citations as listed in Appendix F. Lastly, terms that are defined in the glossary are in bold the first time they appear in each chapter.