Every organization has a responsibility to protect valuable resources and keep employees safe, but colleges and universities have even more to protect – students. Yet it can be a tough balancing act to keep students safe while respecting their privacy.

Universities must protect student data, which means complying with various privacy and security regulations, like Gramm-Leach-Bliley for financial aid data, PCI for credit card payments, and even General Data Protection Regulation for students who come from the European Union. Universities also aim to protect students from visiting inappropriate sites or downloading malicious files.

For Indiana Wesleyan University, the gaps in its ad hoc approach to security became apparent about five years ago. That’s when the evangelical Christian university hired its first CISO.