Creating an Information Security Program: Policy, Process, and Cultural Change

Complying with state and federal regulations regarding personal information and data breaches is both a challenge and a concern for many universities. This session will review how two different institutions used the introduction of Massachusetts privacy law 201 CMR 17.00 as a marshaling event for comprehensive institutional improvement, rallying executive leadership, and undergoing a top-to-bottom assessment of sensitive business practices and policies. This session will review the different polices that were crafted, the audit methodologies used, the business practices that changed, the technologies that were employed, and the cultural change that occurred as a result of new legislation.