What To Do

How To Do It

General

Any security breach can be very costly. It may be subject to large fines and litigation, and affects campus reputation and trust.
Security flaws can be much more costly to fix in production than in the design or implementation phase.
Any security design modifications due to changing requirements can be very costly to change.
Security needs to be considered during every stage of the software development lifecycle. (NIST Secure SDLC: http://www.guerilla-ciso.com/wp-content/uploads/2007/06/sdlc.jpg and http://csrc.nist.gov/groups/SMA/sdlc/documents/SDLC_brochure_Aug04.pdf)
Education and training are vital to any project that uses data regulated by PCI, SB1386, HIPAA, or FERPA.
Are project stakeholders, end users, project leaders, programmers, system administrators, and database administrators educated on the security requirements, appropriate use, policies, procedures, regulations, and compliance issues?
Prior to the production release of a HIGH RISK application, additional personnel, such as any department security administrators, Help Desk, Computer Support Coordinators, or Deans, may need to be trained.