April 2007 — News
Print this article | Email this articleClick here to receive your FREE subscription to T.H.E. Journal
Data Security in K-12 School Districts
Houston Independent School District Appropriate Use Policy (AUP) might be a model, as well as the Kentucky Department of Education's AUP guidelines and state requirements for access to electronic information resources. I suspect that many school districts will need to update their AUPs for the use of portable technologies (e.g., iPods, USB drives, and digital cameras), particularly in regard to authorized connections to the school's network and consequences for unauthorized connections.Micro security: the human side
Security systems and policies alone are not sufficient. When was the last time you left your laptop open for all to see and left your classroom? Or forgot to log out of the network? Or put your password on a post-it note taped to the bottom of your desk? Or opened an e-mail attachment from an unknown sender? When might you have attached a document to e-mail with confidential information about a student that you wanted to discuss with a colleague? Have you deleted e-mails you sent with school related business, thinking you would not need them anymore? Or left a window open in the computer lab overnight? If you did any of those, you put yourself, your school, and your data at risk.
Purdue University has a new initiative, Keeping Information Safe: Practices for K-12 Schools, which considers the micro level to securing data--namely, people. Purdue recognized, "K-12 educators and support staff are largely unaware of the threats and vulnerabilities associated with the information systems they use." They might not know how their actions can affect data security. Hence, the university developed a series of modules to help people understand why information security is important to them, and what they can do to contribute to the overall information security of their organization.
I found video clips, case studies, and interactive quizzes in those modules, and learned a few new things, too. They contain security concepts, how to keep your PC and the data on it safe from physical threats, common vulnerabilities and drawbacks to using e-mail and best practices to increase e-mail safety and security, including encryption; proven techniques for creating strong passwords; how to avoid getting duped by the social engineering methods that hackers use to get passwords or physical access to the network; and software/Internet applications and operating system issues, like proper configuration and updates. Plus, key vocabulary like spoofing, phishing, viruses, worms, and Trojan horses are discussed. The entire package is provided free for non-commercial use and can easily be downloaded and burned onto CDs for mass distribution.
