TBG Security: Information Security Consulting

Solutions For Small Business

Solutions For Developers

Solutions for the Financial Sector

Solutions for Education

Solutions for Healthcare

Solutions for Retail

Solutions for Education

Solutions for Education

Due to the nature and complexity of operations and the academic culture of open access, educational institutions, and in particular, large research-oriented universities, face unique exposures related to the internet and information security and privacy. An overriding challenge that educational institutions face when dealing with privacy and security risks continues to be the fundamental conflict between a culture that values an unfettered exchange of ideas, and the security and privacy of sensitive or private information.

Nowhere is the paradox of openness and expectation of privacy more evident than in social networking sites, which are used extensively by student. Sites like Facebook and MySpace allow students to share personal information in a more publicly accessible way than ever before. Many universities have incorporated the use of social networking websites into their student code of conduct, with some even monitoring students’ postings. Institutions walk a fine line when they begin monitoring online behavior, since doing so may create a duty of care to protect students from dangerous or criminal behavior. Recent controversy surrounding JuicyCampus.com, a website that allows anonymous gossip specific to a particular college campus, has led to a consumer fraud investigation by the New Jersey attorney general after a student claimed that she was terrorized after explicit postings that included her address. In a step that some believe may begin to infringe on first amendment rights, the New Jersey Attorney General issued a letter to all New Jersey universities asking them to “incorporate…cyber-harassment…into your school’s code of conduct, with consequences for those who engage in these activities.”

Much like outsourcing, the modernization of operations and implementation of the latest technologies can result in tremendous cost savings if performed effectively. The downside, however, can be system integration problems, employee training hurdles, and unknown bugs or system glitches that can facilitate a breach of confidential information. Educational institutions are often faced with the task of securing networks with limited resources, leading to the widespread use of free or open source security software that may be less effective than a customized solution.

Nearly all universities have custody of student health information in the context of on campus health clinics, which means they must ensure compliance with Health Information Portability and Accessibility Act (HIPAA) privacy and security rules. Universities with associated hospitals, those that host clinical trials, and even those that conduct any human subject research, may have additional exposure and resultant liability.

The protection and disclosure of confidential consumer information - both personally identifiable information (PII) and protected health information (PHI) - is currently governed by a patchwork of state and federal laws that target different exposures and different entities. Some of these statutes include Family Educational Rights Privacy Act (FERPA), HIPAA, Gramm Leach Bliley Act (GLBA), Fair Credit Reporting Act, Sarbanes-Oxley (SOX), Federal Privacy Act, and others. The regulations most applicable to the education industry include:

  • Family Educational Rights Privacy Act (FERPA)
  • Fair and Accurate Credit Transactions Act (FACTA)
  • Health Information Portability and Accessibility Act (HIPAA)

Notification Framework


FERPA, FACTA, and HIPAA do not contain any specific provisions mandating consumer notification in the event of a data breach, but educational institutions are subject to the framework of 44+ state breach notification statutes. While some states allow exceptions for breaches involving encrypted data, most require swift public disclosure of any potential breach of personally identifiable information.

How TBG Security Can Help

In the education industry, security solutions require more than just technology. Good security requires an understanding of the firm’s business processes, business requirements, appetite for risk, and risk-management alternatives. This broad perspective is at the heart of TBG Security’s solutions. TBG Security takes a holistic approach to addressing security challenges - rather than a piecemeal product-by-product approach. This broader view enables more robust and more resilient security systems for the financial services industry. And that’s what really matters. The bottom line for any enterprise is to strengthen security to build a trusted enterprise. TBG Security’s holistic approach helps companies reach this goal.

TBG Security provides end-to-end information security solutions. We have a proven track record of helping our customers gain efficiencies through technology support and implementation. Our experienced network of security experts has subject- matter expertise in a broad array of disciplines. TBG Security acts as a trusted advisor to its clients around the world. We are on hand to guide our clients through their compliance program, to provide often vital advocacy to the compliance organizations and , and to supply any necessary remediation services. Our Industry expertise is reflected in these key benefits:

  • The Shortest Path To Compliance.
    • Unlike companies that simply know network security, we understand the requirements for a broad range of compliance regulations. We’ve seen the issues before and have implemented solutions across a broad spectrum of industries and customer profiles. Few other vendor can apply this unique knowledge and expertise to achieve faster, higher integrity project completion.
  • Flexible Solutions.
    • We pride ourselves on our customer driven approach to solving your organizations security challenges. TBG does not partner with any security vendors leaving us with a unique ability in the industry to present truly objective solutions. Our managed solutions are presented as a cost effective method to reduce overall operational costs, and are provided only as a small piece of the security puzzle. Technology is only part of a comprehensive security program. TBG understands, and everyday helps to educate its customers on the role that people and process play in solving the security puzzle.
  • Commitment To Excellence.
    • Although many vendors offer services to companies seeking compliance and auditing solutions, few providers match TBG’s expertise, intelligence-gathering capabilities, commitment to open standards, or role as trusted advisor. TBG leverages regulatory knowledge, training, and experience; best-of-breed solutions; a global network of proven technology; and its history of stability and trust to deliver solutions that are not only effective, but also make the best use of existing in-house personnel, technology, and processes.