Case Study 2: Security Policy Review - Technology Use 389540

Posted on December 27, 2025

Case Study 2 Security Policyreview The Technology Use Policy For Stra

The case study involves reviewing and analyzing the security policies of three prominent universities—Strayer University, The George Washington University, and Harvard University—and incorporating insights from two additional recent sources. The focus is on understanding the purpose and necessity of university security policies, comparing their importance relative to business security policies, critiquing the completeness of the policies from Strayer and George Washington University, and proposing additional policies with rationale.

Paper For Above instruction

Introduction

Universities operate in a digital landscape that demands robust security policies to protect sensitive information and ensure operational continuity. Security policies serve as foundational documents that establish rules, responsibilities, and procedures to safeguard digital assets, comply with legal requirements, and foster a culture of cybersecurity awareness. Their importance has surged with the proliferation of cyber threats targeting academic institutions, which often handle valuable research data, personal information of students and staff, and financial records. This paper examines the purpose of university security policies, compares their significance relative to business security policies, critiques the completeness of specific university policies from Strayer University and The George Washington University, and suggests additional policies with rationales. The analysis also references recent literature to contextualize best practices in academic cybersecurity.

Purpose and Necessity of University Security Policies

University security policies are comprehensive frameworks designed to define acceptable and unacceptable behaviors concerning information technology (IT) resources. Their primary purpose is to protect intellectual property, sensitive student and faculty data, financial information, and research outputs against theft, loss, or compromise (Gordon et al., 2022). Such policies are vital for establishing compliance with legal standards, such as the Family Educational Rights and Privacy Act (FERPA) and the General Data Protection Regulation (GDPR), which impose strict data privacy requirements (Bada et al., 2021). Furthermore, these policies promote a security-aware culture among university constituents, reducing the likelihood of human error—a common vulnerability (Fredrichs et al., 2022). They also delineate procedures for incident response, data breach management, and user accountability.

Comparison of University and Business Security Policies

While both university and business security policies aim to protect digital resources, their importance varies based on institutional goals and data sensitivity. A university’s security policy is arguably more critical because academic institutions manage a vast array of sensitive data—ranging from personal student records to proprietary research—which, if compromised, can have profound legal and reputational repercussions. Additionally, universities often serve as gateways to cutting-edge research that could benefit malicious actors if improperly protected (NIST, 2023). On the other hand, business security policies are equally vital but tend to focus more on protecting commercial assets and maintaining competitive advantage. Overall, given the societal importance of education and research, university security policies tend to carry a higher stake, emphasizing the need for comprehensive frameworks.

Critique of Strayer University Security Policy

The Strayer University Technology Use Policy articulates fundamental security principles, including acceptable use, password management, and data protection. However, a critique reveals that the policy lacks depth in areas such as incident response procedures, continuous security training, and specific guidelines for remote access. For example, while password policies are outlined, there is limited emphasis on multi-factor authentication (MFA), which has proven to significantly enhance security (Li et al., 2022). The policy also does not specify disciplinary actions or detailed procedures for reporting security incidents, which are critical for rapid response and mitigation. Additionally, the policy's scope appears to be primarily focused on technology use, with insufficient coverage for physical security measures or third-party vendor management. This partial coverage might leave gaps exploitable by cyber adversaries.

Critique of The George Washington University Security Policy

The George Washington University’s security policy exhibits a commendable breadth, covering areas like data classification, access controls, and risk management. However, its critique uncovers areas needing enhancement. The policy could improve in explicitly outlining the roles and responsibilities of system administrators and end users, fostering clearer accountability. Moreover, although incident response is mentioned, specific procedures, escalation protocols, and communication strategies are lacking detailed articulation. The policy also does not sufficiently address emerging threats such as cloud security, IoT device management, or social engineering attacks. Furthermore, periodic security awareness and training programs are only briefly mentioned but are essential in keeping users informed of evolving threats (Kraemer et al., 2022). These gaps may diminish the effectiveness of the overall security posture.

Suggestions for Additional Policies or Procedures

Strayer University

Implement a comprehensive Mobile Device Management (MDM) policy that governs the use of personal and university-issued mobile devices accessing campus networks. With the widespread deployment of smartphones and tablets, securing mobile endpoints is critical to prevent data leakage and unauthorized access. An MDM policy can mandate encryption, enforce security updates, and restrict app installation — reducing vulnerability surfaces (Chen & Zhao, 2022).
The George Washington University

Establish a formal Third-Party Security Assessment Policy to evaluate the security posture of vendors and third-party service providers who access university systems. Given the increasing reliance on cloud services and external collaborators, this policy would ensure third-party compliance with university security standards, mitigate supply chain risks, and prevent malicious infiltrations via external vendors (Williams & Kumar, 2023).

These additions are vital for adapting to evolving technological landscapes and enhancing overall security resilience in higher education settings.

Conclusion

In summary, university security policies are indispensable in safeguarding academic and research data and maintaining institutional integrity in an increasingly interconnected world. While current policies from Strayer University and The George Washington University demonstrate foundational efforts, they require enhancements in incident response, third-party risk management, and emerging threat mitigation. As cyber threats continue to evolve, regular policy reviews and the integration of proactive policies like mobile device management and third-party assessments are essential. The comparative importance of university security policies underscores their societal significance, emphasizing that universities must prioritize comprehensive and adaptive security frameworks to protect their invaluable assets.

References

Bada, A., Sasse, M. A., & Nurse, J. R. (2021). Cybersecurity awareness campaigns for university students. Journal of Educational Computing Research, 59(2), 218-236.
Chen, H., & Zhao, Y. (2022). The role of mobile device management in university cybersecurity. Cybersecurity Journal, 8(4), 184-198.
Fredrichs, J., Lentz, M., & Kaiser, P. (2022). Human factors in cybersecurity: Training and awareness in higher education. International Journal of Information Security, 21(3), 345-362.
Gordon, L. A., Loeb, M. P., & Zhou, L. (2022). Information security risk management in higher education institutions. Computers & Security, 107, 102420.
Kraemer, U., McNeil, C., & Kuhlmey, M. (2022). Evaluating cybersecurity awareness programs in universities. Security Journal, 35(1), 18-34.
Li, X., Wang, Y., & Sun, Y. (2022). Multi-factor authentication strategies to enhance university network security. IEEE Transactions on Education, 65(4), 281-289.
NIST. (2023). Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology.
Williams, P., & Kumar, S. (2023). Managing supply chain cybersecurity risks in higher education institutions. Journal of Supply Chain Management, 59(1), 44-59.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.