Free tools help IT leaders check school network security

Free tools can help district leaders identify cyber security risks and procedures.

A free resource aims to help K-12 school district leaders make sure they are adequately prepared to address threats to critical district technology systems and infrastructure—and it’s just in time for October’s Cyber Security Awareness Month.

The updated resources from the Consortium for School Networking’s Cyber Security for the Digital District Leadership Initiative include the Self-Assessment Checklist, the Cyber Security Planning Protocol, and the Cyber Security Rubric and Security Planning Template. The rubric and planning template are available only to CoSN members.

“Technology is central to the learning process and to schools’ business operations. It is essential that districts manage the continuously evolving technology security risks faced by students, staff, and administrators to prevent accidental or deliberate intrusion,” said Keith Krueger, CEO of CoSN. “School districts must be diligent, informed, and consistent in ensuring their cyber security procedures and protocols are in place before crises strike. These tools are designed to help them do just that.”

The three tools, which are to be used in succession of each other, help district leaders analyze their school network security status by measuring four critical infrastructure components: “Management,” “Technology,” “Business Continuity,” and “Stakeholder/End User.”

The Self-Assessment Checklist is a multi-part, 100-point scale that evaluates school network security goals, plans, and overall implementation across these four components.

Management questions on the self-assessment include:

Does your district have clearly stated educational goals and values that guide security decisions and connect security practices to teaching & learning priorities?
Is there a Security Team authorized by the school board that meets on a scheduled basis to discuss security planning and oversight?

The technology checklist includes items such as:

Are all wireless access points fully encrypted (to WPA standards, or better)?
Are web filters in place to comply with legal requirements, with the ability for authorized overrides?
Is your VPN configured to provide secure access to all authorized remote users?

The Cyber Security Planning Protocol is organized into four phases. The first phase deals with setting security goals, with the outcome of creating a security project description including goals, processes, resources, and decision-making standards.

The second phase addresses risk analysis, and districts will complete this phase with a prioritized risk assessment report that contains a ranked list of vulnerabilities.

Risk reduction is the third phase, and this guide will help districts implement their security plans. Risk analysis and risk reduction processes must be regularly repeated to ensure effectiveness.

The fourth phase is crisis management, in which districts will create a crisis management plan to serve as a “blueprint for organizational continuity.”

The Cyber Security Rubric then charts the categorized scores on descriptive levels of “basic,” “developing,” “adequate,” and “advanced”–providing districts with detailed explanations of their respective school network security infrastructures.

The Security Planning Template enables district leaders to note current status of security measures, required immediate and near-future security actions, security budget capabilities, and security plans for upcoming school years.

The Security Rubric and Planning Template are conceptually based on the CEO Forum’s School Technology and Readiness (STaR) Chart and contribute to the school district’s goal of cyber security.

After the three tools have been used, district leaders can begin developing and implementing clearer, more comprehensive cyber security plans and protocols.