For UNC Information Security Office
DESCRIPTION OF ORGANIZATION: The information security is responsible for ensuring that electronic information is safeguarded at the University. Areas of responsibility include compliance with state and federal laws as well as University policies. The compliance work in the office covers regulations such as HIPAA, DMCA, FERPA, NC Identity Theft Protection Act and the Payment Card Industry Data Security Standard.
In addition to drafting guidelines, the office also spends time on contract review and negotiation.
The office has a couple of staff members primarily working on legal and compliance issues and eight additional members working on technical projects.
DESCRIPTION OF STUDENT WORK/PROJECTS:
The student would assist in assuring the compliance with credit card security requirements and may assist with site visits or departmental interviews regarding credit card compliance.
Depending on the workload encountered by the office, another project may be related to copyright. In particular, drafting and rewriting documents to inform UNC-Chapel Hill affiliates about copyright infringement and illegal file-sharing. Online research about recent decisions involving the Higher Educations Opportunity Act and FERPA may be involved.
The student may also gain exposure to contract analysis for purchases involving software or hardware. Contracts would be analyzed for compliance with the University IT policies and applicable regulations to ensure safeguarding of sensitive information.
COURSE OR OTHER REQUIREMENTS/PREFERENCES FOR STUDENT:
This would be a great place for someone interested in the compliance at a large and complex enterprise. A student with some computer science experience would be excellent, but we can go over the necessary background. Some web editing knowledge would also be helpful, but again is not required.