We have noted in multiple past issues of Case in Point that the compliance burden within higher education appears to be greater than at any time in history. We have linked more stories from the compliance realm than any other tracked category for the past couple of years.
Over the past month there have been several stories dealing with just how much this compliance burden costs higher education. A study from Vanderbilt University garnered substantial press this month when it calculated their cost of compliance at $146 million per year (or 11% of their entire budget). While we can debate how to calculate the costs associated with compliance there is little argument that this number is substantial. The cost increases even more when an institution has major non-compliance in some area; therefore, it is important for us to remain vigilant to the compliance landmines we may encounter in our respective areas.
Few things can grab the attention of the campus community like one of their own being sentenced to prison. Recently I had a conversation with peers from an institution that had experienced a substantial issue of non-compliance that ultimately resulted in a faculty member being sentenced to prison for several years (note: the institution wasn't penalized because they had best practices in place). In this case multiple individuals had attempted to dissuade the individual from making a non-compliant choice, but at the end of the day compliance often comes down to individual choices. We can write policies, implement controls, and conduct training but if someone is determined to ignore or circumvent these efforts they can sometimes find a way. In these cases compliance choices become very personal things with very personal consequences.
While we may even agree that some regulatory requirements are unnecessary or perhaps even ridiculous, whether we like it or not we are charged with attempting to do our best to abide by those requirements. So if you are ever tempted to circumvent policies or avoid some legal mandate remember the story told to me by a peer institution. Ensuring best practices are in place will protect the institution but ''getting around these systems'' can have some sobering personal consequences.
Beyond compliance there are many other risks we encounter within higher education. We again invite you to review the current events within our industry and consider how you can proactively manage these risks within your sphere of influence.
|Windows 10 upgrade scams are only warming up||08/03/2015 |
|DNS server attacks begin using BIND software flaw||08/03/2015 |
|Critical BIND denial-of-service flaw could disrupt large portions of the Internet||07/30/2015 |
|Researchers develop astonishing Web-based attack on a computer's DRAM||07/30/2015 |
|7 top tools for single sign-on||06/19/2015 |
|Review: Portnox, Extreme lead NAC pack||03/31/2015 |
|InfoWorld's 2015 Technology of the Year Award winners||01/26/2015 |
Last Updated: July 31, 2015