Chapter 2: Knowing What You Need
Security and ethical standards
Everyone in the education community is required to secure the data that are maintained on our computer systems. The level of security might be different for a school district (where information is stored about students who are not adults) than a college or university. The Family Education Rights and Privacy Act (FERPA) is very clear about the regulations that must be considered.
Security is defined as protection from threats to the equipment, functioning, and contents of your technology. Controlling access to and ensuring the security of the information within your computer system and through your network connections are critical if you are planning to keep confidential or sensitive data, such as the information that is kept in student and staff records. You should give some thought to the potential internal and external threats to the functioning and contents of your technology solution, such as:
Ethical standards are also important, since you are likely to develop a technology solution that is used by many people, including staff, students and others within the community. You should give some thought to what types of limits you may need on access to your different technology components, as well as any guidelines and disciplinary procedures that may be needed to ensure appropriate use, particularly if you are worried about the availability of objectionable materials. These should be included in an Acceptable Use Policy statement to be developed later.
For the Needs Statement, it is sufficient to state: "The technology solution should contain features that allow for the control of access by users of the technology to certain programs and particular information. The control of access must comply with local, state, and federal requirements regarding confidential data. In addition, technology guidelines should reflect established ethics for appropriate usage."
Selecting appropriate locations for the equipment and choosing physical security measures are also critical to the security of your technology solution. Threats to the equipment may include:
Ensuring the security of information and equipment should always be specified in your list of needs, as you may be putting your entire system (both information and equipment) at risk. This is not a risk worth taking.