Big Man(date) on Campus: What GLBA Compliance Means for Higher Education

Are you at the top of your class when it comes to cybersecurity?

With the upcoming GLBA audits set to affect higher education institutions across the nation, many leaders and information security personnel in higher ed are beginning to worry. At GreyCastle Security, we have one word of advice for those that have begun to panic: don’t.

The Gramm-Leach-Bliley Act (GLBA) audits are nothing new. In fact, the chances are that your organization might already be prepared. If your institution has completed its annual risk assessment, identified a person within the organization to handle risk, and are working within a governance structure that includes representation from all aspects of the organization, you’re likely to be in good shape. Not sure if what you’re doing fits the bill? Here are the core requirements of GLBA:

  • Someone has been dedicated to coordinate and manage your information security program
  • Your program has been based on a risk assessment
  • Safeguards to address risks have been documented (or remediated)

After some delay, the federal Office of Management and Budget (OMB), working with the Department of Education’s office of Federal Student Aid (FSA), announced that a GLBA Safeguards Rule audit objective would be included in the federal single audit process that most colleges and universities have to follow. This means that audit requirements for higher education institutions might be delayed.

This is good news! It gives your institution time to perform a “dry run” to ensure that you are ready regardless of whether the objective emerges in the FY18 or FY19 federal single audit.

If you’d like a starting point to prepare for GLBA audits for your institution, we invite you to join us for our upcoming webinar, “Big Man(date) on Campus: What GLBA Means for Higher Education,” on Wednesday, September 12 at 2 pm ET. In this webinar, attendees will get an overview of what they need to be ready to pass a GLBA audit.

Attendees will learn:

  • The key components of a risk assessment specific to GLBA
  • What to consider when selecting an employee to coordinate an information security program
  • How to select vendors that can handle information securely and review them periodically (as outlined in the GLBA requirements)

Click here to register for the webinar today.


How can GreyCastle Security help?

If you need help staying on top of these regulations or performing a dry run for the audit, we have highly-certified cybersecurity experts with higher education experience that can help you on the path to compliance. Click here to contact us.


About The Author: Daniel Gibson

Daniel Gibson (CISM, CISSP, CISA, MBA, M.S. Cybersecurity) is a Security Strategist at GreyCastle Security. Daniel has served as the Director of Information Security for Ayco, a Goldman Sachs Company, and has worked in IT Advisory Services at Ernst & Young.

Additionally, he has held roles managing information technology and security initiatives in healthcare and finance.

Daniel has over 10 years of experience in risk management, vendor risk, ISO 27001, GLBA, and leading comprehensive enterprise security programs.