The MDE and educators across Mississippi school districts are committed to ensuring the confidentiality of student data while enabling that information to be used appropriately to improve student outcomes.
K12 Security Advisory Guidance for Improving Cyber Security in Mississippi School Districts
Information Security, or Cybersecurity is a dynamic, ever-evolving field. The days of a school district addressing its data security concerns through the purchase of fireproof cabinets have given way to fighting daily online attacks from overseas parties. The emergence of new threats is happening in a world where near-instant access to student and district information is expected not only by school employees, but also by numerous stakeholders. Layer into this the need to attend to regulatory issues such as the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA), and the complexities of school districts’ cybersecurity status can seem overwhelming.
Mississippi school district personnel wrestling with cyber security challenges have expressed their desire for guidance from the Mississippi Department of Education (MDE). In response, and in cooperation with district technology directors, MDE’s Office of Technology and Strategic Services (OTSS) is creating a series of guidance webinars and documentation to advise district administrators, technology directors, and staff on these issues and support them as they develop and/or revise their district’s cybersecurity plan.
Introduction
|
|
Please click here to download a copy of the slide deck
Framework of Guidance to Districts
The guidance given to district in three parts:
To Know: What do districts need to know about their current cybersecurity state to understand their level of risk and to determine next steps?
To Know
The recording from the webinar are available in three parts.
|
|
|
|
|
|
Please click here to download a copy of the slide deck
Click here to download the “To Know” Guidance document for districts.
“To Do: The Mitigation Feedback Loop”
|
|
|
|
|
|
|
|
“To Do: Policies and Procedures”
|
|
|
To Do: Once the current state is understood, what do districts need to do in order to improve their cybersecurity posture?
- Develop Policies and Procedures
- Training for TC
- Training for Staff
“To Become”
To Become: As an improvement plan is defined and implemented, how do districts alter their approach to cybersecurity issues to become nimble in handling incidents and proactively aware of emerging threats?
Districts that fully engage in the guidance provided should find themselves with a better understanding of their cybersecurity outlook and insurable.
OTSS will follow the outline below in releasing guidance over the next few months. Regular updates and refinements to content as changes in the cyber security landscape may dictate will be released as they occur.
- Become Supportive: Buy-In from Supt & Administration.
- Become Ready – Have PLANs Cybersecurity Incidents.
- Become Proactive, including future risks, emerging tech/strategies.
- Become Insured – not necessarily the end goal but to be insurable should be A goal of all school districts.
Additional Resources
- The Family Educational Rights and Privacy Act (FERPA): Link to this law and associated training materials
- FERPA 101 for Local Education Agencies: FERPA training for districts and schools
- Privacy and Education Technology: Protecting student privacy while using new instructional technology
- The Protection of Pupil Rights Amendment (PPRA): Link to this law and associated guidance
- Student Data Privacy Consortium: Addressing “day-to-day, real-world multi-faceted issues faced each day by privacy stewards”
- Student Data Privacy Resources, Training and FAQs from the US Department of Education
- What is Student Data?: Understanding the basics of student data from The Data Quality Campaign