Problem
Almost six months have passed since you assumed the position of CIO at National University. You've succeeded in forming a small information security team during that time, and the team's ability to respond to incidents is one of its strengths. Sadly, the effects of the data breach that happened almost a year ago are still bothering you. The Department of Education has sent National University a letter requesting information about the details of the data breach and the institution's response. The Gramm-Leach-Bliley Act was also mentioned in the letter (GLBA). You are aware that compliance with GLBA requirements is necessary for the institution to guarantee the security and privacy of data pertaining to student financial aid.
The agreement National University and the federal government have in place for the administration of student financial aid includes that stipulation. You are also aware that in February 2020, the Office of Federal Student Aid at the Department of Education released an educational memo regarding these criteria.
You have been asked by the president of National University to describe the GLBA data safeguarding rules and why they should be implemented to preserve student financial assistance information. Your input on how easily National University can put the safeguarding measures into practice has also been requested by the president.
Check the "Enforcement of Cybersecurity Requirements under the Gramm-Leach-Bliley Act" memo and the links within the memo.
Provide a report on:
1) The university's GLBA data safeguarding requirements.
2) Why the data safeguards are important to implement to protect student financial aid data?
3) Your opinion on the ease with which National University can implement the safeguarding requirements to reduce risk; rate the ease of implementing each safeguard on a scale of easy, medium, or hard