Get Help Now



Big Man(date) on Campus: What GLBA Compliance Means for Higher Education

Posted May 23, 2018

Are you at the top of your class when it comes to cybersecurity?

With the upcoming GLBA audits set to affect higher education institutions across the nation, many leaders and information security personnel in higher ed are beginning to worry. At GreyCastle Security, we have one word of advice for those that have begun to panic: don’t.

The Gramm-Leach-Bliley Act (GLBA) audits are nothing new. In fact, the chances are that your organization might already be prepared. If your institution has completed its annual risk assessment, identified a person within the organization to handle risk, and are working within a governance structure that includes representation from all aspects of the organization, you’re likely to be in good shape. Not sure if what you’re doing fits the bill? Here are the core requirements of GLBA:

  • Someone has been dedicated to coordinate and manage your information security program
  • Your program has been based on a risk assessment
  • Safeguards to address risks have been documented (or remediated)

After some delay, the federal Office of Management and Budget (OMB), working with the Department of Education’s office of Federal Student Aid (FSA), announced that a GLBA Safeguards Rule audit objective would be included in the federal single audit process that most colleges and universities have to follow. This means that audit requirements for higher education institutions might be delayed.

This is good news! It gives your institution time to perform a “dry run” to ensure that you are ready regardless of whether the objective emerges in the FY18 or FY19 federal single audit.

How can GreyCastle Security help?

If you need help staying on top of these regulations or performing a dry run for the audit, we have highly-certified cybersecurity experts with higher education experience that can help you on the path to compliance. Click here to contact us.


About The Author: Daniel Gibson

Daniel Gibson (CISM, CISSP, CISA, MBA, M.S. Cybersecurity) is a Security Strategist at GreyCastle Security. Daniel has served as the Director of Information Security for Ayco, a Goldman Sachs Company, and has worked in IT Advisory Services at Ernst & Young.

Additionally, he has held roles managing information technology and security initiatives in healthcare and finance.

Daniel has over 10 years of experience in risk management, vendor risk, ISO 27001, GLBA, and leading comprehensive enterprise security programs.


Let’s Discuss Your Cybersecurity Needs

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from - Youtube
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound
Contact Us