Presentation is loading. Please wait.

Presentation is loading. Please wait.

KTAC Security Task Force Superintendents Update April 23, 2015.

Published bySilvester Ryan Modified over 9 years ago

Similar presentations

Presentation on theme: "KTAC Security Task Force Superintendents Update April 23, 2015."— Presentation transcript:

1 KTAC Security Task Force Superintendents Update April 23, 2015

2 Learning Objective To help develop an understanding of the facets and complexity of cyber security and to provide the knowledge needed to ask the right questions to your IT staff. Success Criteria I can articulate the components of a comprehensive security policy. I can dig deeper on cyber security with my IT department.

3 What do all three have in common?

4

5 Why is Cyber Security important? What is the most confidential information you have in your department? How secure is it on a scale of 1-10? Do we need to keep it? What would be some recommendations for reducing the risk?

6 Establish Guidelines & Educate Staff Do we have Information Security Policy/guidelines? Is our staff aware of these policies and guidelines? De we have security awareness training for existing and new staff?

7 Protect Information, computers and network from cyber-attacks. Do we have full ‘endpoint protection’ which includes anti- virus and anti-malware on all school owned devices? Are we monitoring the Endpoint protection system software to identify when a device has been compromised? Do we regularly run reports on infected devices? If so, how many devices are infected per month. Do we allow staff and students to bring in personal devices and connect to our private network? If so, how are we guaranteeing that these personal devices are not infecting our network?

8 Keep computer operating systems and application software up to date. Do we have any devices (end user or servers) which have unsupported operating systems that are not getting new security updates? Is there a plan in place to update devices that are nearing ‘end of support’? How are we updating the operating systems on our devices? Is it automated?

9 Provide firewall security for your Internet connection. What is the replacement lifecycle of our firewall? Is our current firewall sufficient for our needs? Does it provide an adequate level of protection for our network? Is the firewall updated regularly to ensure protection? Are updates postponed for any reason?

10 Create a mobile device action plan. Do we have any monitoring or management solution for district owned mobile devices? What would happen if my smartphone or tablet was stolen? How would we handle that incident? Do we have any guidelines or requirements for what data is available on mobile devices? Do we enforce any passcode to lock devices?

11 Make backup copies of important business data and information. How do our backup systems work? How frequent are the backups? If this building were to go down tomorrow what data would be lost? Do we have a list of data which we store electronically and has it been identified as to criticality (non-critical, essential, critical, highly critical).

12 Control physical access to your computers and create user accounts for each staff member. Does each staff member have their own usernames and passwords? Do guests use staff devices? If so, are they monitored when doing so? What type of sensitive content have you seen on individual monitors because they didn’t close a window or software application when you approached? What departments could use a privacy screen? Do staff lock their workstations when leaving their office environment?

13 Secure wireless networks. What is our current setup with regard to guest wireless access and student/staff wireless access? What access do devices on the guest network have? What security measures do we have in place to ensure that our network is protected from unwanted wireless users? What is our replacement cycle for wireless? Does this timeframe allow us to have the most secure wireless options?

14 Limit access to data and information; authority to install software. What type of access does a teacher have to their workstation? Can they install software? What is the guideline IT uses for creating user permissions? Is there anyone person who has access to all data systems including HR/Payroll? Do we have updated documentation that lists who has access to sensitive information?

15 Passwords and authentication. Does staff each have their own passwords? Does IT keep a list of everyone’s passwords (this is a ‘no no’)? Do we force the changing of passwords? If so, how frequently? Is there a minimum character limit on passwords? Do staff share passwords or user credentials with each other (‘no no’)?

16 Don’t forget embedded systems and other often missed data sources. What contractors have remote access to our environment? Is the documentation on this updated regularly? Do we have Service Level or Confidentiality Agreements with them? Have we isolated facilities software and systems from the rest of our network? Do we know what happens to our copiers/printers/scanners/fax machines when they are retired and removed from our premises? Do those devices have internal storage and is that storage adequately erased?

17 Learning Objective To help develop an understanding of the facets and complexity of cyber security and to provide the knowledge needed to ask the right questions to your IT staff. Success Criteria I can articulate the components of a comprehensive security policy. I can dig deeper on cyber security with my IT department.

18 KTAC Security Task Force Ethan Ebenstein John Dombrowski Tim Lillis Walt Keener Doug Jenkins Freddie Avalos Sue Swanson Russ Hoorn Mohamoud Nur Glen Finkel

19 Questions???

Download ppt "KTAC Security Task Force Superintendents Update April 23, 2015."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Baltic High School Classroom Connections 2012-2013 Presentation.

Baltic High School Classroom Connections Presentation.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.

AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Information Security Policies and Standards

Information Security Policies and Standards
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
24/7/365 Remote Computer Support. Program Overview.

24/7/365 Remote Computer Support. Program Overview.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Similar presentations

Ads by Google