CyberSecurity - Linda Sharp
Download as PPT, PDF•1 like•900 views
1. The document discusses the importance of cyber security for K-12 schools and outlines reasons to pay attention to network security such as protecting data, preventing misuse of resources, and keeping kids safe. 2. It notes the evolution of cyber threats from hobbyists to professionals and increasing difficulty in detecting threats. Legal impacts of data privacy laws are also covered. 3. The document provides guidance on cyber security planning including establishing a leadership team, conducting risk assessments, developing security policies and procedures, and being prepared to respond to security incidents. Regular review and testing of security measures is emphasized.
![Linda Sharp CoSN Project Manager Cyber Security IT Crisis Preparedness [email_address] SchoolDude University 2009](https://image.slidesharecdn.com/cybersecurity-final-090413101240-phpapp01/85/CyberSecurity-Linda-Sharp-39-320.jpg)
CyberSecurity - Linda Sharp
- 1. Cyber Security Linda Sharp CoSN Cyber Security Project Director SchoolDude University 2009
- 2. Understanding the Issues Four Reasons to Pay Attention to K-12 Network Security 1. Protect data 2. Prevent misuse of resources 3. Prevent interruption of operations ( Protecting the Core Mission: Learning) 4. Keep kids safe SchoolDude University 2009
- 3. Reliance on Technology For instructional activities For business operations For student data and recordkeeping For assessment and accountability For internal and external communication Other areas of reliance in your schools? SchoolDude University 2009
- 4. The Evolution of Intent From Hobbyists to Professionals SchoolDude University 2009 THREAT SEVERITY 1990 1995 2000 2005 WHAT’S NEXT? 2007 Threats becoming increasingly difficult to detect and mitigate FINANCIAL: Theft & Damage FAME: Viruses and Malware TESTING THE WATERS: Basic Intrusions and Viruses
- 5. Financial Impact 2004 – Cyber Attack impact in business was $226 billion 2008 – One of top 4 US priority security issues. Cyber Crime has overtaken drugs for financial impact. SchoolDude University 2009
- 6. Legal Impact FERPA CIPA HIPAA COPA FRCP 34 SchoolDude University 2009
- 7. Legal Impact Data Personal, Private, Sensitive Information Information Sharing Internal External Backup/Restore Where and how SchoolDude University 2009
- 8. Legal Impact Acceptable Use Policies (AUP) Who should sign AUP? What should be included? Internet usage Data protection and privacy Rules/regulations Consequences SchoolDude University 2009
- 9. Safety vs. Security Safety: Individual behavior Security : An organizational responsibility SchoolDude University 2009
- 10. Five Guiding Questions What needs to be protected? SchoolDude University 2009
- 11. Five Guiding Questions What needs to be protected? What are our weaknesses? SchoolDude University 2009
- 12. Five Guiding Questions What needs to be protected? What are our weaknesses? What are we protecting against? SchoolDude University 2009
- 13. Five Guiding Questions What needs to be protected? What are our weaknesses? What are we protecting against? What happens if protection fails? SchoolDude University 2009
- 14. Five Guiding Questions What needs to be protected? What are our weaknesses? What are we protecting against? What happens if protection fails? What can we do to eliminate vulnerabilities and threats and reduce impacts? SchoolDude University 2009
- 15. Three Strategic Areas People Policy Technology SchoolDude University 2009
- 16. Three Action Themes Prevention Monitoring Maintenance SchoolDude University 2009
- 17. Questions to Ask Do we have a security plan? SchoolDude University 2009
- 18. Questions to Ask Do we have adequate security and privacy policies in place? District Security Rules Legal Review External Controls SchoolDude University 2009
- 19. Questions to Ask Are our network security procedures and tools up to date? Hardware Software Monitoring SchoolDude University 2009
- 20. Questions to Ask Is our network perimeter secured against intrusion? Design Laptops Wireless Security Passwords SchoolDude University 2009
- 21. Questions to Ask Is our network physically secure? Environmental Hazards Physical Security SchoolDude University 2009
- 22. Questions to Ask Have we made our users part of the solution? Awareness Training Communications SchoolDude University 2009
- 23. Questions to Ask Are we prepared to survive a security crisis? Backups Redundant Systems Communications Plan Preparedness SchoolDude University 2009
- 24. Security Planning Protocol SchoolDude University 2009 Outcome: Security Project Description goals processes resources decision-making standards Phase 1: Create Leadership Team & Set Security Goals Outcome: Prioritized Risk Assessment A ranked list of vulnerabilities to guide the Risk Reduction Phase Phase 2: Risk Analysis Outcome: Implemented Security Plan Risk Analysis and Risk Reduction processes must be regularly repeated to ensure effectiveness Phase 3: Risk Reduction Outcome: Crisis Management Plan A blueprint for organizational continuity Phase 4: Crisis Management
- 25. Leadership Team Create Leadership Team and Set Security Goals Purpose : Clarify IT’s role in district mission Scope : Set boundaries and budgets Values : Define internal expectations and external requirements for security SchoolDude University 2009
- 26. Leadership Team Leadership Team Personnel IT Leadership Administrators – district and building Legal counsel Human resources Public relations representative Teachers SchoolDude University 2009
- 27. District Security Checklist Self Assessment Checklist SchoolDude University 2009
- 28. Risk Analysis What’s at risk? Vulnerabilities and Threats Identify impacts to System People IT organizational issues Physical plant Stress Test SchoolDude University 2009
- 29. Security Planning Grid SchoolDude University 2009 Security Area Basic Developing Adequate Advanced Management Leadership: Little participation in IT security Aware but little support provided Supports and funds security Aligns security with organizational mission Technology Network design and IT operations : broadly vulnerable security roll out is incomplete mostly secure seamless security Environmental & Physical: Infrastructure: not secure partially secure mostly secure secure End Users Stakeholders: unaware of role in security Limited awareness and training Improved awareness, Mostly trained Proactive participants in security
- 30. Security Planning Grid Provides benchmarks for assessing key security preparedness factors Uses the same topic areas for consistency Helps prioritize security improvement action steps SchoolDude University 2009
- 31. Planning Security Grid Prioritize solutions Action plan Revise SOP SchoolDude University 2009
- 32. Plan, Test, Plan, Test….. Scenario: "Despite our best intentions..." Financial system backups stored within a vault below ground Vault walls are constructed of cinderblocks Fire destroys the building Very cool to the touch -- vault becomes sauna, backup tapes destroyed SchoolDude University 2009
- 33. Plan, Test, Plan, Test….. XXXXX School District Monday, February 11, 2008 Break-In at XXX. in XXX, CA "Smash and Grab" -- 1 computer stolen One data file including personally identifiable information on approximately 3,500 school district employees and on the employees of 12 other school districts SchoolDude University 2009
- 34. Plan, Test, Plan, Test….. Decision to notify and “how to respond?" Notification authority rests with the Superintendent Elected to follow aggressive path of notification and openness E-Mails, letters, contact person, Website (blog) SchoolDude University 2009
- 35. The worst case scenario . . . NO PLAN! SchoolDude University 2009
- 36. SchoolDude University 2009 Questions and Comments?
- 37. www.securedistrict.org SchoolDude University 2009 www.cosn.org
- 38. Thank you Sponsors SchoolDude University 2009
- 39. Linda Sharp CoSN Project Manager Cyber Security IT Crisis Preparedness [email_address] SchoolDude University 2009