Managing Cybersecurity Assessments and Compliance

Institutions of higher education manage a high volume and variety of personal information, including education records, financial aid and account information, payment data, health information and government data. As a result of the breadth and nature of business operations at higher education institutions, as well as faculty, staff, students and alumni located in many states and countries, institutions are subject to a variety of legal and regulatory compliance requirements for data protection. It is critical for internal audit and compliance professionals to understand where high-risk data resides at the institution, how to address multiple compliance requirements, and ultimately, how to protect the institution’s data. This webinar will review cybersecurity related laws, regulations and requirements applicable to higher education institutions and discuss how these regulations may impact institutional data. We will share methodologies for determining where high-risk data lies within your institution and potential approaches to audit security and protection of this data.

Speakers: Brian J. Daniels, Virginia Tech; Meghan Farrell and Mike Cullen, Baker Tilly

Upon completion of this program participants should know the impact of cybersecurity and information privacy requirements, including:
1. Family Educational Rights and Privacy Act (FERPA)
2. Federal Information Security Management Act (FISMA)
3. Gramm-Leach-Bliley Act (GLBA)
4. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act 
5. Payment Card Industry (PCI) Data Security Standard (DSS)
6. Assess where the cybersecurity and information privacy requirements above overlap, and how this impacts your institution
7. Apply leading practice strategies for evaluating where high-risk data lies at your institution and how it is protected

Field of Study: Auditing
Category: Information Technology 
Program Level: Overview
Location: Virtual
Type of Delivery Method: Group-internet-based
Prerequisite: None
Advance Preparation: None required
CPE Credit: 1 Credit
Cost: Complimentary