Source
Administrator Magazine
Scholastic Administrator is a must-read resource for 240,000 of today's results-driven school leaders. Every issue features leadership for education executives, insight and analysis into what's next in education, and reporting on cutting-edge technologies in real life applications.

Safe & Secure?

Take these steps to gauge how fortified your networks really are.

December 2004/January 2005

When it comes to defending computer networks, most strategies focus on protecting an individual's safety. By now, staff and students know better than to give out personal information to anyone they've met online. They know not to open e-mail from anyone whose name isn't recognizable, and how to filter spam. District policies should already cover these issues.

But an aspect often overlooked in network fortification is the concept of security, maintain Steven E. Miller and Chris Seiberling, directors of the Consortium for School Networking's (CoSN) Cyber Security project. Safety, they say, is an individual responsibility, while security is an organizational one. Their goal is to help school technology leaders analyze a network's security status, learn how to reduce risks, and develop and put an action plan into effect.

Here they list a few of the most important steps for keeping networks secure.

Hatch Contingency Plans

Find out if you're prepared to survive a security crisis: What would happen if the system were compromised? Would the payroll still get out? Identity theft is becoming a major international problem. What would happen if someone stole Social Security numbers or student medical records? How would you alert those who were victimized?

An attack by a hacker could cripple a school's attendance system or result in the loss of key personnel data. Student grades might get changed, making it impossible to issue report cards or provide college recommendations.

It is even possible for electronic intruders to secretly take control of a server and use it as a base for launching attacks on other sites, even if the hackers do nothing else to yours. In any case, it would cost a bundle in terms of staff time, public support, and the community's perception of your competency and legitimacy.

To start the security-planning process, get a clear picture of your current status. Set priorities for immediate and long-term action. Determine approximate costs, and perform a cost-benefit analysis.

Prevention is almost always cheaper than repair. Unfortunately, the money you save is an avoided cost and is impossible to quantify. Cost depends on what needs to be done and on the level of security that's needed.

Build a Security Team

One of the most common problems is an unclear division of responsibility. Create a list of tasks and identify an owner for each. Select someone to oversee these duties and make sure they all get done.

Be absolutely unmistakable about key roles if something goes wrong. The most important part of crisis management is engaging in full and repeated communication with all stakeholders.

Check the Tech

Even the smallest tech staff can manage many basic needs to make the system more secure. Consider hiring an outside expert to do a security audit. Ask a group of students to identify weaknesses. Another team could balance the first group by figuring out ways to stop any intruders.

Your self-analysis and the audit will likely reveal problems that are more complicated than your staff can handle. If so, make sure your tech department talks with its peers in other districts: Do they have similar problems? What have they done? Ask for proposals from several vendors. And join the Cyber Security for the Digital District's online K12 forum to see if anyone has commented on a similar situation or to ask other forum members for advice. Complete the 15-minute Self-Analysis Checklist on CoSN's Cyber Security for the Digital District web site (http:// securedistrict.cosn.org). Then discuss your security plan with your tech department. Go over your procedures and make sure the tools are up-to-date. No security system has a chance at success if the people who use it consider it an obstacle to getting their own work done.

Make sure the tech people talk with staff and teachers to help them get their jobs done in a way that still keeps the system secure. For more information, check out The Eight Questions a Superintendent Should Ask the CTO on the CoSN Cyber Security web site.

Districts also suffer from holes in perimeter defenses. Switches and firewalls must meet today's attacks. Check that your e-mail provider, web-hosting vendor, and Internet-access company develop their own security measures to stop problems before they can reach through your electronic doorway.

Other potential problems involve wireless access, mobile laptops, and dial-in accounts. Do not leave wireless access points open or in default mode. Before laptops are permitted on the network, automatically scan them or at least reboot. Validate and control any dial-in connections.

Look into duplication and redundancy systems as well. Districts must have on- and offsite backups and duplicate pieces or connections for key items.

Promote Stronger Policies

Devise clear, documented rules about access to equipment and data, as well as the proper tools to enforce those policies. In fact, your professional development should include information about keeping the system secure.

Too often, certain policies and procedures overlook or create

vulnerabilities. Review your process for patching or upgrading old software, updating virus definitions, and maintaining equipment.

Think Big Picture

Base important decisions on how they affect teaching and learning, not technical issues. Technologyand the IT staffhelps implement policies, not change the way you work.

Convene a cybersecurity team that stays focused. And send a strong message to all stakeholders that security is an important issue that affects everyone's well-being.

  • Scholastic Store
  • The Scholastic Store  
    Cyberia

    Cyberia

    by Chris Lynch



    Scholastic Summer Challenge Book Pick.


    The premise: It's the future. Zane lives in a completely wired world, with completely wired parents. Technology has progressed so that every pet has a microchip in it that allows the pet to talk. Zane's happy about that. Until one day a strictly contraband wild animal -- a mole -- comes into his life. He smuggles it into his apartment -- and learns that the pets aren't actually saying what the chip is translating. In fact, they aren't happy that all animals have been domesticated. So they enlist Zane to help them fight back and ensure their freedom.

    $16.99
    books;hardcover books;hardcovers | Ages 9-12
    Add To Cart
    Cyberia
    Ages 9-12 $16.99
    Add To Cart
  • Teacher Store
  • The Teacher Store  
    Scholastic Keys 2007

    Scholastic Keys 2007

    Unlock the kid power of Microsoft® Office!
    Scholastic Keys™2007 is a Microsoft Office 2007 version. This program provides elementary students with a kid-friendly interface for Microsoft® Word, Excel, and PowerPoint®. This software helps teachers incorporate technology and enhance lesson plans in reading, writing, and math, while maximizing your school's investment in Microsoft Office. Complete with a variety of helpful templates, drawing tools, and hundreds of color

    $175.00
    Instructional Program | Grades K-5
    Add To Cart
    Educators Only
    Scholastic Keys 2007
    Grades K-5 $175.00
    Add To Cart
Help | Privacy Policy
EMAIL THIS

* YOUR NAME

* YOUR EMAIL ADDRESS

* RECIPIENT'S EMAIL ADDRESS(ES)

(Separate multiple email addresses with commas)

Check this box to send yourself a copy of the email.

INCLUDE A PERSONAL MESSAGE (Optional)


Scholastic respects your privacy. We do not retain or distribute lists of email addresses.