Family Educational Rights and Privacy Act (FERPA)

FERPA (Family Educational Rights & Privacy) is a federal educational requirement for educational institutions to provide and enforce privacy rights to students and their families. Although FERPA, also known as the Buckley Amendment, is loosely defined in terms of IS, there are several instances that clearly concern information technology and information security professionals. Title 34 part 99.3 explicitly defines the records protected by the Act as including computer media, and although the specifics surrounding who is allowed to access documents, what audit trails must be maintained, and how audits might be performed aren't easily defined, part 99.62 and others mandate that an educational institution "submit reports containing information necessary to resolve complaints under the Act".

NitroView ESM excels where compliance and audit requirements remain open-ended, due to the systems usability as an ad-hoc management system. All collected data — whether from server logs, WMI records, router logs, intrusion detection devices, or other sources — is easily correlated and visualized, allowing specific incidents to be investigated — both directly concerning a record (as defined by part 99.3), or indirectly related to that record. Queries and analytics are returned in real-time, enabling investigations to performed thoroughly and quickly — even when the information sought is a moving target.

Some specific areas of concern include:

FERPA Requirement      NitroSecurity Advantage     

Determine who logged into servers containing protected documents

NitroGuard DBM provides database and application transaction monitoring for direct indication of who access what data. Additionally, NitroView ESM is able to analyze security information across all systems (database, network, servers, firewalls), correlating user identity with other policy violations. Finally, NitroView LogCaster provides compliant storage including archiving, encrypting, and validating logs for evidentiary purposes.

Defend against unauthorized access to protected data, proactively

NitroGuard IPS provides intrusion prevention, actively monitoring the network for signs of an attack, and proactively blocking those attempts. NitroGuard DBM provides similar activity monitoring within the database itself.

Provide an audit trail for compliance

NitroView LogCaster provides compliant storage of all log files for audit purposes. Encryption and validation features ensure that logs have not been manipulated.

Easily correlate network and server data with security events and anomalies

NitroView ESM collects all data—from NitroGuard DBM, NitroGuard IPS, NitroView LogCaster, firewalls, servers, hosts, switches, routers, and other devices— and provides correlation of all data in real time.




These icons link to social bookmarking sites to help share this content.
  • share this page:
  • bodytext
  • del.icio.us
  • Reddit
  • Slashdot
  • Technorati
  • Propeller