|
First Steps for the CTO
Good luck! Dealing with Cyber Security is like tuning a car while it's still in motion! This website contains information and tools that will help you know what needs to be done and some tools to do the work – making it just a bit less likely that you’ll get run over!
If your district Superintendent or School Board chair has not already spoken with you about Cyber Security, take the initiative. Show them the Cyber Security: An Introduction slide show – either as a presentation or as a print-out. This slide show was created as a tool for a Superintendent or School Board member to use when talking with the public – but it can also provide a starting point for your efforts to convince them of the need for paying attention to this issue.
Next, give them a copy of the Eight Questions To Ask Your CTO – and be prepared to provide answers!
In fact, you might want to start by doing some of your own homework.
These provide a graphic and textual description of the overall security planning and implementation process. Getting a feel for the “big picture” is an important step in preparing yourself to give good advice to policy makers.
This series of questions will help you identify district strengths and challenges. It is a good first level self-assessment tool in the areas of Management, Technology, Environmental/Physical Conditions, and End User Relations. It provides a numerical score that can be easily communicated to policy makers and the public.
This is a more detailed and technical chart covering a long list of security-related areas of activity that you can use to not only get a solid sense of your district’s current status but also have a good idea of what are the realistic next steps that you might want to take to improve your overall situation. It covers the same general areas as the Checklist – Management, Technology, Environmental/Physical Conditions, and End User Relations – but goes into much greater detail and depth.
The District Security Rubric and Planning Grid is conceptually based on the CEO Forum’s School Technology and Readiness (STaR) Chart and its many state-specific progeny. Like all STaR Charts, the District Security Rubric and Planning Grid lists, in general terms, the factors that contribute to the school district’s goal—in this case, cyber security. By comparing the examples given for “basic”, “developing”, “adequate”, and “advanced”, the evaluator can quickly acquire a sense of how well a school district has prepared itself for potential threats to its information systems, data, people, and educational objectives.
A major goal of the Security Rubric and Planning Grid is to clarify the complex web of factors that can lead to a major security concern, incorporating the fact that security depends on good management of people and policies even more than on technology. For example, a security vulnerability may be caused not only by faulty equipment or a disgruntled former student but, in equal likelihood, by a failure in policy or an undocumented configuration of a vital network component.
|
