Thus, educational institutions must address the complex set of information security challenges that arise when access to the corporate network is provided to non-employees. Moreover,
one set of employees (faculty) represent a particularly interesting user group because of their high degree of
autonomy and independence (Hawkey et al., 2008; Schaffhauser, 2010). Third, educational institutionsmust
comply with a number of different regulatory requirements. All are subject to the privacy-related issues
delineated in the Family Educational Rights and Privacy Act (FERPA).