370 likes | 992 Views
CYBER SECURITY. Vicki Bennett. Purpose of Cyber Security Training.
E N D
CYBER SECURITY Vicki Bennett
Purpose of Cyber Security Training • All school personal shall be training in District cyber security policy. Understanding the District policies will enable the staff member to further the students’ understanding of these policies and also enable the instructor to integrate the policies into the curriculum.
Definition of cyber security: Cyber security is the protection of data and systems within networks that are connected to the Internet, including: • information security • information technology disaster recovery • information privacy http://www.bitpipe.com/tlist/Cybersecurity.html http://www.nae.edu/nae/naehome.nsf/weblinks/MKEZ-542KBP?OpenDocument
Protecting personal privacy and children are a major focus of district Internet security best practices. (FERPA) http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html (PPRA) http://www.ed.gov/policy/gen/guid/fpco/ppra/index.html (CIPA) http://www.fcc.gov/cgb/consumerfacts/cipa.html • An educator may often act on behalf of a parent or guardian and therefore he/she must take care to protect information given out about the child over the Internet. (FERPA) http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
Safeguarding computers within the school is the responsibility of all individuals working within the schools. (CIPA) http://www.fcc.gov/cgb/consumerfacts/cipa.html
Keeping Confidential Data Secure Electronic data security is a top priority. A district should: • Establish network security • Establish protocol for accessing network information • Create guidelines for electronic communication • Perform bi-yearly network security checks • Educate the school community about cyber security • Establish and enforce technology use guidelines
Purpose of Security Policy The district security policy has highlighted the following security concerns: • Information integrity: unauthorized deletion, modification or disclosure of information. • Misuse: The use of information assets for other than authorized purposes. • Information browsing: Unauthorized viewing of sensitive information by intruders or legitimate users. • Penetration: attacks by unauthorized persons or systems that may result in denial of service or significant increases in incident handling costs.
Purpose of Security Policy (continued) • Computer viruses: attacks using viral code that reproduces itself by modifying other programs, spreading across multiple programs, data files or devices on a system or through multiple systems in a network, that may result in the destruction of data or the erosion of system performance. • Fraud: attempts to masquerade as a legitimate user to steal services or information, or to initiate transactions that result in financial loss or embarrassment to the district. • Unauthorized additions and/or changes to infrastructure components.
Systems Management, Data Integrity, and Security All school personal and students must follow these District rules and guidelines: • No non-district hardware or software shall be introduced in the system without approval. • Employees may download only files applicable to their position. • Students may download only files that are for use in classroom assignments and activities, with teacher permission and direction.
Systems Management, Data Integrity, and Security (continued) • Seek the assistance of qualified personnel to install non-standard data. Improper installation may cause computers and networks to function erratically, improperly, or cause data loss. • Never install downloaded software to network storage devices without the assistance of qualified personnel. • It is prohibited for any employee or student to “propagate” any viruses, worms, or malicious code via the District computer system. • No intentional deletion or modification of software is to be done unless it is part of the curriculum.
Systems Management, Data Integrity, and Security (continued) • It is prohibited to disable or overload any computer system or network or to circumvent the district computer system’s privacy and security measures. • Transferred data must be checked for viruses before being run or accessed. • Disabling, modifying, deactivating, or uninstalling of District virus scanning software is prohibited. • Students/employees may not access stored materials/data that are not appropriate to their position, or are outside education or employment duties.
Educators need to take appropriate precautions to protect administrative accounts and passwords. When creating passwords: • Use at least 8 characters with a mix of letters, numbers, and symbols. • Change the password regularly. • Use a password that you can type quickly without looking at the keyboard. • Don’t use your own name, your family’s name, or your pet’s name in any form as your password. • Don’t use the “remember password function” on your computer. • Don’t share, write the password down, or e-mail it to yourself. http://www.cerias.purdue.edu/education/k-12/community_awareness/
Computer Virus • A computer virus is a program written specifically to infect and/or alter other programs by attaching itself to: • Documents • Presentations • E-mails • CDs • Floppy disks • Flash drives
Virus Protection There are four basic steps to computer virus protection: 1) Prevention by installing virus protection software; 2) Detection by running the anti-virus software on a regular basis; 3) Eradication by quarantining and deleting the virus; 4) Communication by informing the anti-virus software creators of a virus for further investigation. http://www.intel.com
Malicious Code • Malicious Code is a computer program code that is written with the intent to harm, destroy, or annoy. Viruses are malicious code. Other malicious codes include: • Worm is a self-duplicating program that works through computer networks and sends copies of itself to other systems. • Trojan horse claims to do one thing but actually does another when downloaded. • Spyware is a program running in the background that monitors the user’s computer activities.
Security Measures The district provides security through the use of: • Anti-Virus Software that attempts to identify and eliminate computer viruses and other malicious software by: -- Scanning files to look for known viruses matching dictionary definitions in a virus scan program. -- Identifying suspicious behavior from any computer program by using data captures, port monitoring, and other methods that detect infection.
Security Measures (continued) • Firewall protection is software or hardware designed to block hackers from accessing the computer network by making the computer network invisible on the Internet and enabling it to block communications from unauthorized sources.
Security Measures (continued) • Data backup is the process of regularly saving the system data and storing it offsite to protect the district in the event of hardware failure or accidental deletions, and also protect staff and students against unauthorized or accidental changes made to file contents.
Enforcement • Any user identified as a security risk may be denied access to the District’s computing facility (with or without advanced notice). • The district will report all violations or suspected violations of district, local, state, or federal laws and policies to the appropriate administrator, agency, or law enforcement authority, and will cooperate fully in the investigation of any activity that may violate established law or doctrine.
References Laws (FERPA) http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html (PPRA) http://www.ed.gov/policy/gen/guid/fpco/ppra/index.html (CIPA) http://www.fcc.gov/cgb/consumerfacts/cipa.html Works Cited Bitpipe. (2006). Cybersecurity. Retrieved on December 3, 2006 at http://www.bitpipe.com/tlist/Cybersecurity.html. CERIAS. 2003. Community awareness through K-12 school. Retrieved on December 3, 2006 at http://www.cerias.purdue.edu/education/k-12/community_awareness/. i-Safe. (2004). Cyber Security. Retrieved on September 30, 2006 at http://www.i-safe.com. Oconomowoc Area School District. (2001). Computer, internal network, electronic mail, and Internet safety policy. No. 363.2. Oconomowoc, WI. Rungta, S., Raman A., Kohlenberg, T., Li, H., Dave, M., and Kime, G. (2006). Bringing security actively into enterprise. Retrieved on December 3, 2006 at http://www.intel.com. Sellers, J. (1994).Primary and Secondary School Internet User Questions.Retrieved on December 3, 2006 at http://www.virtualschool.edu/mon/K12/K12InternetFAQ.html. Wolf, W. A. (2001). Cyber security: Beyond the Maginot line. Retrieved on December 3, 2006 athttp://www.nae.edu/nae/naehome.nsf/weblinks/MKEZ542KBP?OpenDocument