Connect with us


Progress, Not Perfection — THE Journal



Case Study

Advice for Overwhelmed School IT Staff from a Cybersecurity Pro: Progress, Not Perfection

“Really good cybersecurity management at school districts has very little to do with technology and everything to do with human behavior and leadership,” says Rod Russeau, director of technology and information services for Community High School District 99 in the Chicago suburb of Downers Grove, Ill.

A frequent instructor at cybersecurity and IT workshops around the country, Russeau also serves as chairperson for the Consortium on School Networking’s Cybersecurity Educator Advisory Panel, working with CoSN member schools’ technology personnel and district leaders to improve their network protections and reduce exposure to cyber threats.

During his 45-year career, he’s seen a lot of changes; in his first role, he managed mainframe computers. Then for about 20 years, Russeau worked in software development, managing support, training, and implementations for student information systems and financial information systems for schools.

He joined CSD99 25 years ago, when “email and the internet barely existed,” Russeau said. “We’ve come a long way.”

Nowadays, it seems like the IT cybersecurity landscape is constantly expanding, and school IT departments are overwhelmed, he told THEjournal recently.

“The significance of growth in bad actors — the increase in the attacks and the frequency of the attacks — against schools is alarming,” he said.

Also overwhelming: The “feeding frenzy” of remote-learning solutions marketed to schools at the start of the pandemic, and more recently the cybersecurity solutions being offered, Russeau said.

“Since the pandemic began, vendors have been ramping up their offerings and solutions” far more than ever before, he said. “They’re pitching us this or that whiz-bang software or product, like ‘install this and you’ll be secure.’ It’s hard to know which ones are really efficient.”

Nevertheless, Russeau maintains that the biggest hurdle to an effective K–12 cybersecurity strategy isn’t technical know-how; it’s getting district leaders and decision-makers on board and ensuring communication about cybersecurity goals and best practices permeates every level and every group within the district.

“During my career I’d never emphasized getting certifications but just learned what I needed to do my job,” he said. “Then a few years ago I took a cybersecurity class with CoSN andearned my certification as a Certified Information Security Manager; next I pursued a (Certified Information Systems Security Professional) certification to learn a little more.”

Russeau was “astounded” during the certification coursework by how much emphasis was placed on human behavior and district leadership, he recalled.

“For the CISM certification, I figured that would be the case, but the CISSP is far more technical — and yet it still very much emphasized the critical importance of the district leadership and organizational buy-in,” he said.

After those certifications were completed, Russeau said, he began focusing more within his own district on working with leadership to develop good policies, procedures, and plans for various scenarios, such as an Incident Response Plan, detailing steps for detecting and responding to a cyberattack; a Disaster Response Plan, with steps for resuming normal operations after any kind of incident affecting the network, hardware, or backups; and a Learning Impact Analysis, the education sector’s version of a Business Impact Analysis, wherein leadership decides how long a particular app or IT service can be down before it has a disastrous impact on the district’s operations.

“The first thing cybersecurity efforts should focus on is identifying your risks and determining how you’re going to manage those risks,” he said. “One of the ways we involve senior leadership – and the last thing we need is another committee – is that I formed a committee for this, with senior leaders in our district office participating.”

Bottom line: The more involved district leaders are in deciding the cybersecurity policies, the more they share the accountability for cybersecurity, Russeau said.

“Sure, the technology staff deploys the security controls and solutions — but we do that according to what the district has outlined as ‘here’s level of risk we’re willing to accept,’” he explained. “It’s the organizational leadership that I like to say has accountability for security; they’re not responsible for whether a firewall works, but they set the policies.”

Anyone who touches technology has to own responsibility for a school’s cybersecurity, but “it’s up to us to educate senior leadership on our critical systems and our critical resources, and it’s up to them to tell us the level of risk they’re willing to take. Then we must come up with a solution and a cost to fulfill their policies,” Russeau said.

Advice for the Overwhelmed School IT Staff

For school IT staff who haven’t yet spent much time or resources upgrading their cybersecurity protocols, Russeau has a list of tips:

  • Perform a risk assessment and establish a roadmap, and remember to go after the “low-hanging fruit.”
  • Aim for progress, not perfect; the IT to-do list can be overwhelming, and “complexity is the enemy of security,” he said.
  • Remember the primary goal is managing risk.
  • Ensure your leaders understand they, too, are accountable; involve leaders in policy-making and include them in security decisions.
  • Identify your critical assets.
  • Understand and assess your risks, and evaluate all your resources. Many of the software solutions that schools have in place frequently introduce new features and functions, and many schools have solutions they don’t even know about already accessible to them, Russeau said.
  • Work with district leadership to finalize updated policies and plans related to risk management and cybersecurity.
  • Educate employees in every department through awareness campaigns and phishing drills, and involve personnel in vetting potential new apps.
  • Make sure all data is backed up in multiple locations, including an air-gap copy and a backup that is stored on a separate server with separate credentials and that is off-site.
  • Enact top-tier controls, including log management and visibility, multi-factor authentication, hardened configurations, and endpoint detection and response.
  • Secure outside expertise such as from a virtual Chief Information Security Officer, or from IT security experts at nonprofits like CoSN, K12SIX, and Center for Internet Security.

Source link


Navigate360 Adds PBIS Rewards to Its Student Wellness, Safety Solutions Portfolio — THE Journal



Mergers & Acquisitions

Navigate360 Adds PBIS Rewards to Its Student Wellness, Safety Solutions Portfolio

Student wellness and physical safety company Navigate360 has announced its acquisition of SaaS platform PBIS Rewards to round out its K–12 programs focusing on safer school environments and strengthening academic performance through positive behavior reinforcement, interventions, and other measures.

Navigate360’s Mental Health and Awareness, Threat Detection and Prevention, and Safety and Management and Preparedness suites are now paired with the Positive Behavior Interventions and Supports (PBIS) Rewards program to foster a “whole child” safety framework, the company said in a news release. The combined program addresses school climate and culture, full-cycle emergency management, early detection, and assessment and violence prevention.

PBIS Rewards is a digital management system that replaces paper tickets and tokens. Available on smartphones and laptops, it simplifies the administration of “rewards points” for positive behaviors as identified by the school district. Students can use them to “purchase” tangible and privilege rewards such as homework passes, jeans day coupons, iPad time, admissions to events, and more.

The system also allows for workplace rewards for teachers that result in recognition and perks. Learn more about how PBIS Rewards works on its website.

Source link

Continue Reading


Centegix Partners with Ident-A-Kid to Extend Security Capabilities with iVisitor Management Software — THE Journal



Campus Safety

Centegix Partners with Ident-A-Kid to Extend Security Capabilities with iVisitor Management Software

Centegix has announced a partnership with Ident-A-Kid to extend the abilities of K–12 schools’ safety and security systems, using Ident-A-Kid’s iVisitor Management (IVM) software.

Centegix’s CrisisAlert system does not rely on WiFi or cell phones but is activated by a wearable panic-alert badge that every administrator, teacher and staff member wears. In an emergency, pushing the badge button gives precise alert location, immediate audio, and visual incident notifications (including lighted strobes, screen messages, and intercom integration) to put the campus in lockdown and instantly notify administrators and responders.

Ident-A-Kid’s IVM software can manage and track all school traffic, including staff, student tardiness, and visitors, who scan their driver’s licenses or other acceptable ID. The software reads the barcode information on the license and conducts and returns data searches on custody issues, sex offenders, and other banned persons across 42 states. Information can also be entered manually.

With these two systems paired, K–12 schools will be able to “provide instantaneous alerts to on-site resources including SROs (School Resource Officers) and campus administrators that alleviate the burdens on educators and staff when faced with critical safety issues,” said Brent Cobb, CEO of Centegix.

Rick Hagan, CEO of Ident-A-Kid, added, “Together we can add control measures on school campuses and reduce the risks that have become increasingly prevalent in the past several years.”

Learn more at the Centegix home page and the Ident-A-Kid home page.

Source link

Continue Reading


STEM Fuse Releases Advanced Game-Design Coding Curriculum for Construct 3 Platform — THE Journal




STEM Fuse Releases Advanced Game-Design Coding Curriculum for Construct 3 Platform

Newest in GAME:IT Series to be Shown at CareerTech Vision Conference Nov. 30–Dec. 3

Digital K–12 curriculum provider STEM Fuse and game and animation developer Construct have released the latest in a series of career and technical education curricula: GAME:IT Advanced, which is recommended for grades 10–12 and uses the Construct 3 platform to teach coding through game design.

The GAME:IT series teaches computer, programming, and game development skills from elementary through high school. The ready-made, intuitive curricula are designed for those with no coding experience, so teachers without prior experience can assist their students. GAME:IT Advanced also offers students the opportunity to take an industry certification course upon completion, with the GAME:IT Intermediate course recommended prior.

GAME:IT Advanced modules include mobile game development, JavaScript programming, advanced game physics, UX and UI design, marketing and monetization, and in-app advertisements. The Construct 3 platform runs in a browser and can also be run offline.

GAME:IT Advanced will be demonstrated at the upcoming Association for Career and Technical Education (ACTE) CareerTech Vision 2022 conference to be held in person and online Nov. 30 through Dec. 3, 2022 in Las Vegas.

Learn more about GAME:IT Advanced on STEM Fuse’s website.

Source link

Continue Reading