Kick off your book project in 2 hours, get started with GhostAI in 2 hours, or do both! Free live workshops, on Zoom. You’ll leave with a real book project and a clear plan to keep going. Saturday, June 27, 2026.

Leanpub Header

Skip to main content
Go to Leanpub.com

EMBARGO!

Journalists and bloggers: please do not publish anything about this until the embargo is lifted!

Please contact the author for more information about when this is.

Building IT Policy Programs for Higher Education

This book is 90% completeLast updated on 2026-04-27
Chris Schreiber

Most universities have IT policies. Few have a formal strategy behind them.

This guide draws on annual research across 400+ colleges and universities to show higher education leaders where the sector's policy gaps are, how the unique dynamics of academic culture shape security programs differently than corporate or government environments, and how to close those gaps systematically.

Minimum price

$19.00

$39.00

You pay

Author earns

$

Also available for 1 book credit with a Reader Membership

PDF
EPUB
WEB
217
Pages
About

About

About the Book

Higher education IT policy isn't a documentation problem. It's a governance problem.

The distance between what should be documented and what actually exists creates Governance Debt, and it compounds the same way deferred maintenance does. When it comes due during a ransomware attack, a compliance audit, or a federal grant review, it transforms from a documentation gap into a direct financial and legal liability.

The evidence base: We reviewed the policy libraries of 410 colleges and universities, including every R1 research university in the United States, and studied what they actually published, where the gaps were, and how institutions across the sector are addressing them. The results form the 2026 CampusCISO IT Policy Study. This study is incorporated into a series of resources, including this book and the CampusCISO IT Policy Framework (free Community Edition on Leanpub).

Three diagnostic patterns emerged from the 2026 study: an Authentication Floor that proves consensus is possible. A Ransomware Cliff where documented response procedures drop from 57% at large research institutions to 2% at baccalaureate institutions. And an Oral Tradition Liability where critical technical practices live in people's heads instead of written standards.

What you'll find inside:

  • The three diagnostic patterns and the prevalence data behind them
  • Why higher education security programs are fundamentally different from corporate and government approaches, and how to design for shared governance, academic freedom, and decentralized IT
  • A framework of 17 policies and 24 standards grounded in observed practice, built to work alongside NIST, ISO, and other guidance
  • Regulatory context for common higher education requirements, including FERPA, GLBA, HIPAA, CMMC, export controls, and state breach laws
  • A two-tier inspection methodology to measure your Governance Debt: a 20-hour Quick Inspection for fast triage, or the full Inspection that you can complete in 70-130 staff hours
  • A template for phased improvements with a stakeholder briefing template and guidance on prioritizing gaps
  • The CampusCISO IT Policy Self-Assessment as a formatted, printable PDF, included with your purchase

Who it's for: CIOs, CISOs, IT leadership, and governance committees at higher education institutions of any size.

More from CampusCISO: Other resources in the CampusCISO IT Policy family are available at campusciso.com/it-policy-guide.

Share this book

Categories

Computer SecurityBusiness and IT Alignment

Feedback

Contact the author

Installments completed

9 / 10

Author

About the Author

Chris Schreiber

Christian "Chris" Schreiber

Chris Schreiber is a cybersecurity strategist with nearly 30 years of experience helping colleges and universities build defensible information security programs. He is the founder of CampusCISO, a higher education advisory practice he has run as a solopreneur since 2021. Chris also created the Cyber Heat Map capability assessment model, which began as a simple spreadsheet before growing into an online assessment and planning tool.

He learned to navigate the friction of decentralized IT governance by living it. Before launching his own practice, Chris served as the Chief Information Security Officer (CISO) at the University of Chicago, the University of Arizona, and the University of Wisconsin-Whitewater. He also translated institutional needs into product realities inside vendor organizations, including FireEye/Mandiant (now parts of Trellix and Google Cloud) and SunGard Higher Education (now Ellucian). Today he continues to guide the sector through advisory engagements with higher education technology leaders.

In his writing, Chris translates complex technical concepts into plain-spoken strategies. He writes about cybersecurity governance, IT policy, and pragmatic approaches to cyber resilience that help teams prioritize the improvements that matter most. A regular speaker at higher education conferences, Chris holds a Master's Certificate in Project Management from the University of Wisconsin-Madison and a B.S. in Business Administration from Central Michigan University.

Contents

Table of Contents

Executive Summary

Part I: Foundations

Chapter 1: The As-Built Standard

  1. Design Drawings vs. As-Built Reality
  2. The Stakes: What Happens When Governance Debt Comes Due
  3. The Promise: What a Well-Built Program Makes Possible
  4. The Blueprint Is Not Your Building
  5. Chapter 1 Key Takeaways

Chapter 2: The 2026 Policy Landscape

  1. A Yearly Snapshot of the Sector
  2. About the Data
  3. Three Patterns That Define the Landscape
  4. Additional Gaps Across the Sector
  5. Interpreting the Data
  6. What the Data Leaves Out
  7. Chapter 2 Key Takeaways

Chapter 3: The Site Conditions

  1. The Warning
  2. The Soil: Shared Governance
  3. The Light: Academic Freedom
  4. The Access: Open Campus
  5. Shadow IT: The Unofficial Infrastructure
  6. Chapter 3 Key Takeaways

Chapter 4: Framework Alignment

  1. The Defensibility Imperative
  2. Four Common Frameworks
  3. Right-Sizing for Your Team
  4. The Layered Approach
  5. The Metaframework Approach
  6. Chapter 4 Key Takeaways

Part II: The Framework

Chapter 5: The Blueprints

  1. The Load-Bearing Walls
  2. The Governance Hierarchy
  3. Chapter 5 Key Takeaways

Chapter 6: The Policy Inventory

  1. The 17 Policies

Chapter 7: The Standards Inventory

  1. The 24 Standards

Part III: Applying the Framework

Chapter 8: Structural Loads

  1. The Weight Your Building Must Support
  2. A. The Foundation: Universal Loads
  3. B. Environmental Loads
  4. C. Mission-Specific Loads
  5. Calculating Your Institution’s Regulatory Load
  6. Chapter 8 Key Takeaways

Chapter 9: Designing for Research

  1. The Research Distinction
  2. Principal Investigators Are Entrepreneurs
  3. Research Computing: A Different Architecture
  4. How Research Governance Works
  5. How Research Data Flows
  6. Chapter 9 Key Takeaways

Chapter 10: Designing for the Highest Tiers

  1. The Too-Many-Programs Trap
  2. Risk-Tiered Data Classification
  3. Minimize the Scope of Your Most Restrictive Tier
  4. Mapping Regulations to the Framework
  5. Supporting New Compliance Requirements
  6. What Makes the Layering Work
  7. From Structure to Execution
  8. Chapter 10 Key Takeaways

Part IV: Building Your Program

Chapter 11: Conducting the Inspection

  1. Documentation Meets Reality
  2. If You Only Have 20 Hours
  3. The Inspection Process
  4. Step 1: Gather Your Documentation
  5. Step 2: Create Your Inventory
  6. Step 3: Assess Against the Framework
  7. Step 4: Prioritize the Gaps
  8. Step 5: Document Your Findings
  9. Your Inspection Is Complete
  10. Additional Support For Your Assessments
  11. Chapter 11 Key Takeaways

Chapter 12: The Improvement Roadmap

  1. From Inspection to Roadmap
  2. Why Annual Review Is the Standard
  3. The Prioritization Hierarchy
  4. Phase 1: Shore Up the Foundation
  5. Phase 2: Address the Structural Loads
  6. Phase 3: Future-Proof the Structure
  7. Building This Year’s Roadmap
  8. The Culture Work
  9. The Project Toolkit
  10. Chapter 12 Key Takeaways

Conclusion: The Path Forward

  1. Document Information

Glossary of Terms

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

Download Sample PDFDownload Sample EPUBRead Sample OnlineRead online

Also by the Author

Also by the Author

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub