NCDPI Information Technology k-12 Cybersecurity Study

Slides:

Advertisements

Similar presentations

IDEA® English Language Proficiency Tests (IPT)

Advertisements

North Carolina Office of the State Auditor Honesty Integrity Professionalism.

1 NORTH CAROLINA COUNCIL OF INTERNAL AUDITING October 31, 2007.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

Department of Environmental Quality Environmental Management System Overview.

Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.

David A. Brown Chief Information Security Officer State of Ohio

Idaho High School Wireless Project Joyce Popp Chief Information Officer.

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

IS-0700.A: National Incident Management System, An Introduction

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Procurement Transformation State of North Carolina

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

Institute for Criminal Justice Studies School Safety Teams School Safety Teams ©This TCLEOSE approved Crime Prevention Curriculum is the property of CSCS-ICJS.

PUBLIC HEALTH DIVISION Office of the State Public Health Director Modernization of Oregon’s Public Health System July 2015.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

UNC Deans Council The North Carolina K-12 Digital Learning Transition Glenn Kleiman Friday Institute for Educational Innovation NC State University College.

Friday Institute Leadership Team Glenn Kleiman, Executive Director Jeni Corn, Director of Evaluation Programs Phil Emer, Director of Technology Planning.

MINE SAFETY MANAGEMENT PLAN. DIRECTORATE GENERAL OF MINES SAFETY DGMS n It is recommended that mines be required to put in place Mine Safety Management.

Consortium for Educational Research and Evaluation– North Carolina Building LEA and Regional Professional Development Capacity First Annual Evaluation.

California Department of Public Health / 1 CALIFORNIA DEPARTMENT OF PUBLIC HEALTH Standards and Guidelines for Healthcare Surge during Emergencies How.

Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Digital Teaching and Learning Regional Meetings November, 2014 Verna Lalbeharie.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

Primary Steps for Achieving ISO Certification.

Related to the framework of the State and Federal Accountability Measures Customer Statisfaction with the ACSI.

The Every Student Succeeds Act (ESSA) Partnering for Educator Impact April 19, 2016 Donna Brown Director, Division of Federal Program Monitoring & Support.

Cybersecurity: Risk Management

Law Firm Data Security: What In-house Counsel Need to Know

BruinTech Vendor Meet & Greet December 3, 2015

Overview of SB 191 Ensuring Quality Instruction through Educator Effectiveness Colorado Department of Education Updated: June 2012.

New A.M. Best Cyber Questionnaire

Cybersecurity - What’s Next? June 2017

Disaster and Emergency Planning

MGMT 452 Corporate Social Responsibility

CMS Policy & Procedures

Shared Technical Architecture’s Role within the ECIO Organization

Michigan Department of Education

Implementation of the Sustainable Development Goals (SDG) in the Republic of Uzbekistan Geneva, April 12, 2017.

DETAILED Global CYBERSECURITY SURVEY Summary RESULTS

The University of Texas System Assessment of

I have many checklists: how do I get started with cyber security?

Accountability and Internal Controls – Best Practices

AAHRPP Accreditation Welcome to the University of Georgia’s presentation for accreditation of the human research protection program (HRPP). This presentation.

2018 OSEP Project Directors’ Conference

Student Records Registration

UNLV Data Governance Executive Sponsors Meeting

NCDPI’s School Connectivity and E-Rate Services for Charter Schools and LEAs

North Carolina EMS Workshop

Cybersecurity compliance for attorneys

School Business Division NC Department of Public Instruction

IS-700.A: National Incident Management System, An Introduction

WHAT TO EXPECT: A CROWN CORPORATION’S GUIDE TO A SPECIAL EXAMINATION

Cyber security Policy development and implementation

CalOHI Staff Policy Branch Operations Branch Information Technology

Continuity of Operations Planning

Risk Mitigation & Incident Response Week 12

Local Public Health Implementation Project Technical Assistance

House Select Committee on School Safety - Infrastructure and Security Subcommittee Recommendations Charles A. Quagliato, Division of Legislative Services.

Student Records Registration

IS-907 – Active Shooter: What You Can Do

MAARS Updates March2019.

Local Public Health Implementation Project Technical Assistance

North Carolina Education and Workforce Products, Services & Collaborations BLS Directors Meeting 2018 Atlanta, Ga May 22, 2018 Betty McGrath Labor.

Presentation transcript:

NCDPI Information Technology k-12 Cybersecurity Study Michael Nicolaides Julien Alhour January 27, 2017

Click image for full report Cybersecurity Study Click image for full report

Study required by - NC SL 2016-94 (HB 1030) Section 8.17: The Department of Public Instruction shall conduct a study on cybersecurity in North Carolina public schools, including charter schools. By December 15, 2016, the Department shall report the results of the study to the General Assembly in accordance with G.S. 120-29.5.

Study Approach Meetings and interviews were conducted The North Carolina Governor’s Office The North Carolina LT. Governor’s Office The Department of Information Technology MCNC The William & IDA Friday Institute for Educational Innovation The University of North Carolina School of Government North Carolina School Boards Association Secure Survey of LEAs and Charter Schools NCDPI Technology Services MCNC Department of Information Technology Services (DIT) - Enterprise Security and Risk Management office

Online Survey Overview 37 questions were asked covering the five function areas of security as identified in the National Institute of Standards and Technology Cybersecurity Framework: Identify Protect Detect Respond Recover

6 potential answers were possible for each question: Not Implementing = No policy, procedures or technology implemented Emerging / Developing = Informal policies, procedures or technology implemented Operationalized = Formalized policies, procedures or technology implemented Optimized = Formalized policies, procedures or technology implemented which include quality control efforts such as auditing effectiveness Not Applicable = Question did not pertain to the environment Compensating Control = Implemented alternate security measures that met the intent of the identified controls

Key Analysis The survey had a very high response rate. Hurricane Mathew did impact a few school districts and charter schools ability to respond to the survey. Detailed analysis of the survey questions and individual responses are confidential per North Carolina General Statute 132 -6.1(c). These are available as Appendix A and B in the Addendum.

General Observations School districts and charter schools vary significantly in their portfolios of cybersecurity capacity

General Observations Small school districts and charter schools are the most vulnerable

General Observations The majority of school districts and charter schools surveyed are not prepared for a significant disaster or cybersecurity event

General Observations Loss of federal funding for Internet content filtering and firewall Services

Click image for full report General Observations School districts and charter schools are not mandated to follow the guidelines established in the North Carolina Statewide Information Security Manual Click image for full report

Recommendations from the Study Develop Common Templates and Prioritization Guidelines Results of this survey indicate a need for state-level guidance and support to schools in both prioritizing and implementing important cybersecurity policies and practices.

Recommendations from the Study Publish a Quarterly Information Security Newsletter Results of the survey and communications with district and charter school personnel also revealed a lack of awareness about the importance and relevance of many key cybersecurity practices.

Recommendations from the Study Provide Cybersecurity Awareness Training The survey revealed that many districts and charter schools do not have a formalized cyber awareness training program for their employees.

Recommendations from the Study Require school districts and charter schools to follow the guidelines established in the North Carolina Statewide Information Security Manual Requiring school districts and charter schools to adhere to the requirements established in the security manual would provide a unified security framework from which they could formalize their security programs. (adjust the manual for schools) Click image for full report

Recommendations from the Study Provide Regional Cyber Security Specialists Survey results suggest the need for experienced and knowledgeable regional staff, to support school districts and charter schools in reducing risk to cybersecurity threats.

Recommendations from the Study Make Available State Funding for Internet Content Filtering and Firewall Protection The 2016-2017 projected cost of Internet content filtering and firewall services is $5.5 million. Cost Benefit

Questions?