5 Components of an Effective and Sustainable Cybersecurity Program for Large School Districts
The purpose of this blog is intended to highlight a few core solutions to consider relative to the tremendous security risks our larger school districts face in today’s highly distributed network environments. Although all districts, no matter the size are facing the reality that current cybersecurity risk mitigation strategies comprised only of content filters and unified threat management technologies, is no longer a viable solution to combat the complex threats large district network environments are facing every day.
As former Assistant Superintendent of Technology for the Los Angeles County Office of Education, where I was charged with providing IT services, including internet connectivity and content filtering across 80 school districts and five community colleges; spanning over 1.4 million square miles, I certainly can appreciate the tremendous responsibilities and challenges IT leaders face. District IT administrators across the country are constantly challenged to secure massive server farms, including integrated student information systems, learning management systems, hundreds of connected school sites, and hyper mobile learning environments. So, I believe our level of risk is now greater than at any previous time, and if we do not act to establish a comprehensive and proactive network security strategy, the potential risks will be overwhelming.
So, what exactly is a proactive and sustainable network cybersecurity strategy? In my opinion, the technology solution we purchase is only one part of the equation. Here are 5 critical components of a practical and sustainable district-wide cybersecurity program:
Make cybersecurity everyone’s concern: From the board to the superintendent and executive cabinet, reach consensus on the concept of an organization-wide security strategy, get the buy-in and organize/establish your executive sponsors.
Inventory the risk and identify the priority: It’s one thing to have controls in place and another to ensure those controls correlate with the organization's security risk/priorities. Conducting a risk assessment/inventory across all departments is a vital aspect of establishing a district centric cybersecurity posture – not just central to the IT operation.
Align the risk inventory and priority to Critical Security Controls: Controls are great but irrelevant if they cannot be implemented, usable, scalable and compliant with the priorities of the organization and industry or government security requirements.
Get help: Building a cyber-resilient organization can be a complex process. There are several highly competent and effective consulting firms who specialize in cybersecurity & risk mitigation.
You’re Not alone: As one of my prior board members would often say “You are Not Too Big to Fail”. Failure to be successful in this area is not an option, considering large districts are so complex and interconnected, that their failure could have a disastrous impact across hundreds of thousands of students, families, and communities.
Richard Quinones, Senior Advisor to the NACC