August 2004 — Editorial
Print this article | Email this articleClick here to receive your FREE subscription to T.H.E. Journal
Securing High-Tech Classrooms
Editor's note: Politics, beyond funding, normally is not a major topic for T.H.E. Journal. But increasingly, politics is affecting technology and education. A case in point is the politics of security as exemplified by the Supreme Court decision of June 29, striking down the Child Online Protection Act (COPA). Your vote in the future can affect not only security-related issues such as COPA, but also other technology and education concerns. Future issues of T.H.E. Journal will include information to help you think about the upcoming election, as well as how it will affect technology and education in both K-12 and higher education.
Security is defined as "the state or feeling of being free from fear, care, danger, etc.; safety or a sense of safety." As a technology user and bureaucrat responsible for instructional technology policy and practices at a state department of education in the early 1990s, I had a very simplistic view of security: Don't leave your password where others may find it, and be careful with any equipment that you take with you to presentations to ensure it isn't stolen. If I did those things, I felt free from fear, care and danger, technologically speaking.
Then I was asked to take on responsibility of the department's information systems, and my view of security changed. Over 1,000 computers, an internal network, wiring closets, servers, a mainframe, a growing wide area network, a student information system with more than 3 million students on over 6,000 campuses in 1,100 districts were involved. We also were responsible for creating, maintaining and implementing a disaster-recovery plan. I never felt free from fear, care and danger, technologically speaking, during my time in that position. Those of you in charge of technology systems of any size on any campus, university or district must feel a constant state of anxiety, as the threats to security have continued to grow exponentially over the last decade.
There is a variety of approaches to security in educational institutions. A typical approach is to identify a problem, such as viruses, and then attack it or shield the institution from the problem. As technological infrastructures have grown in a piecemeal fashion, managed by overworked CIOs and staff, sometimes this seems to be the only way to address the problem(s). This practical, specific approach is illustrated by özkan and Günay in the article "Minimizing Security Vulnerabilities in High-Tech Classrooms". They provide specific ideas and software that they've used in addressing security concerns.
A more holistic approach, and one we were required to use in creating a disaster-recovery plan, is asset-based. This is the approach advocated by the Consortium for School Networking (CoSN) in a monograph titled "Cyber Security: Protecting Your District's Mission and Assets" (www.cosn.org). This approach is very different in that it focuses on the assets of the educational institution first, along with an analysis of the assets' vulnerabilities. The focus on assets rather than threats helps to ensure that the most important assets get attention first. The process still allows for less important assets to be addressed, especially if the solution is easy and/or inexpensive. Mixed into this process is a careful consideration of laws, budget, technical staff, as well as a thorough evaluation of threats.
