Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Consider these questions : Would you want your own SS# shared with just anyone? Would you want your own child’s name and address shared with just anyone? Have you come to rely on our network and information systems and want them to be tamper-proof and available? Do you want the community to trust our ability to protect sensitive data? Why – student safety, voter support, etc. Do you want to be “at fault” if and when sensitive data is compromised?
  • As more districts centralize academic and other information to make data-driven decisions—as encouraged under No Child Left Behind —they leave themselves even more vulnerable to risk. Open environment = data is available / accessible for parents, employees, and students when they have a legal or legitimate need to know (CMS, Parent Connection, Winocular, etc.) Reports of students’ in other districts gaining access to school networks to change grades, delete teachers’ files, or steal data are becoming more common. Unlike 10 years ago, people don’t have to be computer geeks to become hackers. Online chat rooms, listservs, and Web sites give step-by-step directions on how to hack and make it easy for students—and anyone else—to tap into networks rich with confidential data.
  • TEC-02 USER/WORKSTATION SECURITY MEASURES Use passwords that are unique and not easily guessed. Passwords should not be easily accessible to others or stored near the computer. Recommended password guidelines are as follows: a. Minimum of 8 characters in length b. Alphanumeric c. Upper and lower case d. At least one special character TEC-01 ELECTRONIC COMMUNICATION AND DATA MANAGEMENT TEC-10 MOBILE TECHNOLOGY EQUIPMENT SECURITY MEASURES Set a password that is not easily guessed on mobile devices · Laptops Computers · Personal Digital Assistants (PDA) · Pocket Personal Computers (Pocket PCs) · Password Capable Storage Devices (e.g. USB Flash Drives)
  • TEC-10 MOBILE TECHNOLOGY EQUIPMENT SECURITY MEASURES Be extremely careful about the type of data stored on the mobile equipment. Personnel are responsible for the NISD data stored on the mobile equipment. Do not store sensitive or confidential data on the device without realizing the risk assumed by doing so. The disclosure of certain types of information does violate federal regulations such as CIPA, HIPPA, FERPA, etc. and could result in a federal violation. Do not share or loan your device with others for non-business use at any time. Personnel are responsible for the physical safeguarding of District mobile technology equipment TEC-02 USER/WORKSTATION SECURITY MEASURES lock the workstation or log out when leaving the area requires password protected screensavers Keyloggers : a type of surveillance software that has the capability to record every keystroke you make to a log file. A keylogger can record account information (i.e., usernames and passwords), e-mail, and any information you type at any time using your keyboard. The log file can then be used by someone to gain unauthorized access to your data. Keyloggers are not illegal and HS students know all about them! Dumpster diving : going through the garbage fo paper copies of sensitive data Phishing : uses a combination of e-mail messages and fake Web sites to convince users they are dealing with a major company to try to trick someone into electronically sharing personal data such as a Social Security or credit card number. Social engineering / pre-texting : influencing and manipulating people into innocently giving away confidential data, often by pretending to be somebody in an “official” capacity
  • The Internet is an important teaching tool used in Northside ISD classrooms and libraries. The Internet can, however, provide students with access to inappropriate material. Federal law ( CIPA - Children's Internet Protection Act, 2001 ) requires school districts to use "filtering" software to block access to content that is obscene, pornographic, inappropriate for students, or harmful to minors, as defined by CIPA and as determined by the District. NISD currently filters content in approximately 35 categories / subcategories, reviewed annually (e.g., Nudity, Gambling, Racism and Hate; see online document for others) Internet Safety Committee reviews requests to unblock / block specific sites as necessary
  • Openness = nothing is ever truly anonymous online
  • Cybersmart

    1. 1. Be CyberSMART! Addressing Safe and Appropriate Technology Use in Northside Administrator Institute July 26, 2006 Kelly Smith Assistant Superintendent for Technology Services
    2. 2. Ripped from Recent Headlines! <ul><li>Students behind grade changing </li></ul><ul><li>Employee fired for data breach at health care facility </li></ul><ul><li>Teen who hacked into school files takes deal </li></ul><ul><li>Consultant hacks way into FBIs computers; even director's password was obtained </li></ul><ul><li>Identity theft victims tell of job loss, red tape that follows when someone assumes your ID, spends in your name </li></ul><ul><li>Tipster leads FBI to laptop loaded with veterans' files; personal data on the stolen device apparently wasn't accessed, VA told </li></ul><ul><li>Franklin schools chief suspended for 4 days: further action possible after complaint about e-mails </li></ul><ul><li>Teacher charged with corrupting minors; allegedly had sex with a student in his truck and sent explicit e-mails to another </li></ul><ul><li>Arrest sought after fight; police pursue a warrant linked to a fight shown on </li></ul><ul><li>Tougher laws urged for web predators; AG expresses concerns about repeat offenders who solicit minors </li></ul><ul><li>Employee fired over blog; private blog wasn't; man fired for blasting boss </li></ul>
    3. 3. CyberSMART Principles   <ul><li>S = Security </li></ul><ul><li>M = Manners </li></ul><ul><li>A = Acceptable Use </li></ul><ul><li>R = Responsibility </li></ul><ul><li>T = Training </li></ul>
    4. 4. Scenarios for Discussion ( print version ) ( print version ) Classroom Scenario <ul><li>What kind of issues does Mr. Carter need to be aware of regarding safe and acceptable use of technology in the classroom? </li></ul><ul><li>As a CyberSMART teacher, what kinds of things can Mr. Carter do to protect himself and his data? </li></ul><ul><li>How can Mr. Carter address the parent's fear of pornography? What should he tell his students to do if they accidentally encounter it? </li></ul><ul><li>What are some specific actions Mr. Carter could / should take to address what has happened? </li></ul><ul><li>What kind of penalties should students face for misuse of school technology? </li></ul>Office Scenario <ul><li>What kind of issues does Ms. Gates need to be aware of regarding safe and acceptable use of technology in the workplace? </li></ul><ul><li>As a CyberSMART employee, what kinds of things can Ms. Gates do to protect herself and her data? </li></ul><ul><li>What options are there for the Winocular and Groupwise situations? </li></ul><ul><li>What are some specific actions Ms. Gates could / should take to address what has happened? </li></ul><ul><li>Has Ms. Gates done anything wrong for which she could be reprimanded or fired? </li></ul>
    5. 5. S = Security M = Manners A = Acceptable Use R = Responsibility T = Training
    6. 6. Security: Why Worry? <ul><li>Security breaches can compromise: </li></ul><ul><ul><li>student and staff safety and vulnerability </li></ul></ul><ul><ul><li>the district’s ability to function </li></ul></ul><ul><ul><li>public support and legitimacy </li></ul></ul><ul><ul><li>liability </li></ul></ul>
    7. 7. Security: Why Now? <ul><li>NISD is a “digital school district” </li></ul><ul><ul><li>Data-driven, information-rich, “open” environment </li></ul></ul><ul><ul><li>Inviting target for hackers of all kinds, even students! </li></ul></ul>
    8. 8. Security: Your Role <ul><li>Understand the risks </li></ul><ul><li>Understand the policies </li></ul><ul><li>Make security a high priority – be proactive! </li></ul><ul><li>Educate employees and students </li></ul><ul><li>Treat all security incidents / violations seriously and report them promptly </li></ul><ul><ul><li>Students  Technology Services </li></ul></ul><ul><ul><li>Staff  Human Resources </li></ul></ul>
    9. 9. Passwords and Security
    10. 10. Passwords and Security <ul><li>Passwords can be the weakest link or strongest defense in our data and network security arsenal </li></ul><ul><li>Choose strong passwords (TEC-02) </li></ul><ul><li>Don’t share passwords (TEC-01, TEC-02) </li></ul><ul><li>Change passwords frequently, at least every 120 days (TEC-01) </li></ul><ul><li>Password protect mobile devices, too! (e.g., flash drives, laptops, PDAs, etc.) (TEC-10) </li></ul>
    11. 11. Passwords and Security <ul><li>Why so many passwords?!? </li></ul><ul><ul><li>Life online means living with--and managing -passwords (work, bank, personal e-mail, online newspaper, shopping, etc.). </li></ul></ul><ul><ul><li>Using the same password for multiple sites and applications compounds the likelihood that someone will take control of your accounts! </li></ul></ul><ul><ul><li>If you record your passwords, recognize that there is truly no safe location to store passwords. One idea : an encrypted password-protected Word or Excel file (Tools > Options > Security) </li></ul></ul><ul><li>Technology Services is working to “synchronize” NISD user-IDs and passwords, where possible. The vision  one user-id and password to access many different systems at work </li></ul>
    12. 12. Protect that Data! <ul><li>Data on mobile equipment (e.g., flash drives, laptops, PDAs) – exercise extreme caution! (TEC-10) </li></ul><ul><li>Physical security, especially for mobile equipment (TEC-10, PUR-03) </li></ul><ul><li>Lock workstation (TEC-02) </li></ul><ul><li>Be wary! </li></ul><ul><ul><li>Keyloggers </li></ul></ul><ul><ul><li>Dumpster diving </li></ul></ul><ul><ul><li>Phishing </li></ul></ul><ul><ul><li>Social engineering / pre-texting </li></ul></ul>
    13. 13. Student Safety <ul><li>Internet filtering in place – see online document for more information (CQ Legal & Local, TEC-01) </li></ul><ul><li>Employees with students under their supervision must educate them about safety and security issues and actively monitor them! (CQ Legal & Local, TEC-01) </li></ul><ul><li>Social networking websites may put students at risk for exploitation and harm (e.g., MySpace, Xanga) </li></ul><ul><ul><li>Visit NISD Web Warning website </li></ul></ul>
    14. 14. S = Security M = Manners A = Acceptable Use R = Responsibility T = Training
    15. 15. Effective E-mail Netiquette Source: TEC-08 DISTRICT E-MAIL USAGE REGULATION <ul><li>Treat all electronic messages the same as written, hard copy communications in regard to decency, courtesy, and openness </li></ul><ul><li>Be professional and exercise good taste! </li></ul><ul><li>Avoid misunderstandings – remember electronic text is devoid of any context clues which convey shades of irony, sarcasm, or harmless humor </li></ul><ul><li>Make subject headings as descriptive as possible </li></ul><ul><li>Restate the question or issue being addressed or include the original message in your response </li></ul>
    16. 16. Effective E-mail Netiquette Source: TEC-08 DISTRICT E-MAIL USAGE REGULATION <ul><li>Include the most important fact / idea / issue first or very near the top of the message </li></ul><ul><li>Proofread / edit each message and use the system’s spell check prior to sending a message </li></ul><ul><li>Check the facts in your message before sending it; do not spread rumors via e-mail </li></ul><ul><li>Think twice before CC’ing and forwarding (privacy issues, need to know, inbox clutter, etc.) </li></ul><ul><li>Remember the human – don’t hide behind e-mail (or voicemail)! </li></ul>
    17. 17. Discussion Break Let’s discuss those scenarios! Great idea! What do you think about Mr. Carter?
    18. 18. S = Security M = Manners A = Acceptable Use R = Responsibility T = Training
    19. 19. <ul><li>Digital Citizenship = The expected standard of behavior with regard to technology use </li></ul><ul><li>We should all teach, model, and expect exemplary digital citizenship! </li></ul>Acceptable Use: AKA “Digital Citizenship”
    20. 20. Digital Citizenship at Work: Principle #1 <ul><li>Access to all District technology is made available to employees primarily for instructional and administrative purposes in accordance with Board Policies and District Administrative Regulations. </li></ul>
    21. 21. Digital Citizenship at Work: Principle #2 <ul><li>Employees are responsible at all times for their use of the District’s electronic communications system and must assume personal responsibility to behave ethically and responsibly, even when technology provides them the freedom to do otherwise. </li></ul>
    22. 22. <ul><li>There are consequences for NOT being a good digital citizen (i.e. violating acceptable use policies) </li></ul><ul><ul><li>Access to technology denied </li></ul></ul><ul><ul><li>Reprimand </li></ul></ul><ul><ul><li>Termination </li></ul></ul><ul><ul><li>Legal action </li></ul></ul>Digital Citizenship at Work: Principle #3 System use is electronically monitored.
    23. 23. E-mail Acceptable Use
    24. 24. <ul><li>Do not send or forward e-mail messages or images that are abusive, obscene, pornographic, sexually oriented, threatening, harassing, damaging to another’s reputation, or illegal. </li></ul><ul><li>Users may not send or forward any e-mail messages that are for personal-profit use. </li></ul><ul><li>District-wide e-mail broadcasts must be approved by the Executive Director of Communications. ( Use the BC field .) </li></ul><ul><li>Campus/site-wide e-mail broadcasts must be approved by the campus Principal/Site Administrator. </li></ul>E-mail Acceptable Use Source: TEC-08 DISTRICT E-MAIL USAGE REGULATION
    25. 25. <ul><li>Do not send or forward chain e-mail messages or images. </li></ul><ul><li>Use the e-mail system’s proxy capabilities whenever out for extended periods of time only if someone needs access to your e-mail. The Helpdesk can provide assistance. </li></ul><ul><li>Send e-mail to appropriate (i.e. need to know) parties only. </li></ul>E-mail Acceptable Use Source: TEC-08 DISTRICT E-MAIL USAGE REGULATION
    26. 26. <ul><li>Open e-mail on a regular basis (at least daily, if possible) </li></ul><ul><ul><li>delete unneeded items </li></ul></ul><ul><ul><li>file items needed for future reference appropriately to prevent filling up your mailbox </li></ul></ul><ul><li>Refrain from storing attachments in the mailbox (i.e. spreadsheets, slide shows, documents, pictures, etc.) </li></ul><ul><ul><li>Attachments should be saved to your network home directory, hard drive, or external storage media </li></ul></ul><ul><li>Comply with mailbox size limits, as determined by the District due to technical requirements </li></ul><ul><li>Do not waste mail system resources (i.e., spamming, distribution of videos or photos, etc.) </li></ul>E-mail Acceptable Use Source: TEC-08 DISTRICT E-MAIL USAGE REGULATION
    27. 27. <ul><li>E-mail messages, created or received in the transaction of official Northside Independent School District business, can be categorized as public records based on the content and topic of the message, and therefore are subject to Texas Public Information Act </li></ul><ul><li>Each user is individually responsible for maintaining the public accessibility of his/her own incoming and outgoing e-mail messages as required by law (See ) </li></ul><ul><li>Another reason to “be professional” in e-mail correspondence! </li></ul>E-mail as a Public Record Source: TEC-09 DISTRICT E-MAIL RETENTION REGULATION
    28. 28. S = Security M = Manners A = Acceptable Use R = Responsibility T = Training
    29. 29. <ul><li>Increased electronic systems  increased access to data (i.e., “open” environment) </li></ul><ul><li>Confidentiality of data is addressed in FL (Legal) Student Records and DH (Exhibit) Employee Standards of Conduct </li></ul><ul><li>An employee shall not reveal confidential information concerning students or colleagues unless disclosure serves lawful professional purposes or is required by law </li></ul><ul><li>Avoid sending e-mail to colleagues or parents that contain personally identifiable information about students </li></ul>Model and Emphasize Data Confidentiality
    30. 30. Know the Acceptable Use District Policies & Regs <ul><li>CQ Legal and Local, TEC series </li></ul><ul><li>Other important topics </li></ul><ul><ul><li>Copyright </li></ul></ul><ul><ul><li>Campus, classroom/teacher, extra-curricular and student websites </li></ul></ul><ul><ul><li>Personal hardware and software </li></ul></ul>
    31. 31. Educate Others <ul><li>Provide acceptable use training for all staff and students under your supervision </li></ul><ul><li>Enlist the help of your campus technologists, technology teachers, librarian, & district technology trainers </li></ul><ul><li>Lots of great NISD-developed resources are available online </li></ul><ul><li>Promote and model Digital Citizenship! </li></ul>
    32. 32. Report Incidents / Violations <ul><li>Treat all acceptable use incidents / violations seriously and report them as appropriate </li></ul><ul><ul><li>Staff  Human Resources </li></ul></ul><ul><ul><li>Students  Technology Services </li></ul></ul><ul><li>Administer consistent consequences, especially for students’ inappropriate use </li></ul>
    33. 33. Manage the Paperwork <ul><li>Collect and manage student acceptable use agreement forms promptly </li></ul><ul><li>Ensure that the AUP data is entered into the Region 20 student system by September 1, 2006 (10 days after the first day of school) </li></ul><ul><ul><li>Direct your Library Assistants to help the Attendance Secretaries perform the AUP data entry at middle schools and high schools (optional at the elementary schools) </li></ul></ul><ul><ul><li>AUP data is automatically “pushed” nightly to populate several other systems </li></ul></ul><ul><li>Professional and classified staff will acknowledge and agree to acceptable use online, with the online handbook process. Auxiliary staff will complete and submit the paper form to their supervisor. </li></ul>
    34. 34. S = Security M = Manners A = Acceptable Use R = Responsibility T = Training
    35. 35. Online Acceptable Use Class <ul><li>Available to all employees </li></ul><ul><li>Required for all new employees with access to technology, within 3 weeks of employment </li></ul><ul><li>Online, takes 45 minutes to complete </li></ul><ul><li>All users will receive an e-mail in August with specific instructions </li></ul><ul><li>Online course completion will be tracked and reported in ERO (Electronic Registration Online) </li></ul>
    36. 36. Discussion Break Let’s discuss those scenarios! Great idea! What are some important points?
    37. 37. Classroom Scenario Points <ul><li>Monitor students when using computers (gum, software installation, flash drives) </li></ul><ul><li>Be aware of keyloggers and safeguarding password (grades). Change password; report it. </li></ul><ul><li>Don’t e-mail IEPs (wrong recipient; confidentiality) </li></ul><ul><li>Be able to explain how Internet filtering works in NISD; if inappropriate material is viewed accidentally – move on immediately and tell teacher </li></ul><ul><li>Refer student and parent to Web Warning; counsel student </li></ul><ul><li>Harassing e-mail – forward to [email_address] and report it to supervisor </li></ul><ul><li>Follow Student Code of Conduct for students who violate AUP </li></ul><ul><ul><li>more serious examples: cyberbullying; hacking and other malicious activity; purposely accessing materials that are abusive, obscene, sexually oriented; proxy avoidance </li></ul></ul><ul><ul><li>less serious example: non-school related Internet use </li></ul></ul>
    38. 38. Office Scenario Points <ul><li>Don’t use others’ passwords (access to certain applications such as Winocular must be limited to administrators/supervisors) </li></ul><ul><li>Be professional in e-mail correspondence (Hr policy situation) </li></ul><ul><li>Report acceptable use violations to supervisor (co-worker wasting time and resources – maybe it is business related) </li></ul><ul><li>Don’t respond to the phishing scam; forward message to [email_address] </li></ul><ul><li>Do not forward jokes; could be offensive; waste resources </li></ul><ul><li>Keep laptop physically secure; encrypt data </li></ul><ul><li>Don’t share GroupWise password; grant proxy if you want someone else to keep up with your messages </li></ul>
    39. 39. Be CyberSMART! Addressing Safe and Appropriate Technology Use in Northside Administrator Institute July 26, 2006 Kelly Smith Assistant Superintendent for Technology Services