This document discusses the importance of IT crisis preparedness for school districts. It outlines potential threats including natural disasters, violence, and cyber threats. It emphasizes having a plan to maintain essential services and restore critical ones first. The document provides examples of exemplary district plans and lessons learned from school districts that experienced disasters. Key recommendations include identifying mission critical operations, ensuring redundancy, communication planning, and regularly practicing crisis response plans.

1. Planning for the Inevitable: IT Crisis Preparedness Linda Sharp CoSN Project Director IT Crisis Preparedness SchoolDude University 2009

2. Expect and prepare for the unexpected! SchoolDude University 2009

3. Schools Run 24/7 Evening use of facilities Backup reports running at off-instructional hours Students and parents accessing the district website around the clock Other activities and uses in your district? SchoolDude University 2009

4. Reliance on Technology Instructional activities Business operations Student data and recordkeeping Assessment and accountability Internal and external communication with stakeholders Other areas of reliance in your district? SchoolDude University 2009

5. District Objectives in Any Disaster Safety and welfare of students Safety and welfare of staff Protection of property and facilities SchoolDude University 2009

6. District Objectives in Any Disaster Maintenance of essential services for as long as possible, shutting down least critical ones first Restoration of services - critical ones first - in the shortest amount of time possible SchoolDude University 2009

7. Think About It? What are some predictable threats in your own community? SchoolDude University 2009

8. Potential Disasters Natural disasters Violence, vandalism Man-made threats SchoolDude University 2009

9. Potential Disasters Natural disasters, acts of God Violence, vandalism Man-made threats Widespread medical emergencies and pandemics SchoolDude University 2009

10. Potential Disasters Natural disasters Violence, vandalism Man-made threats Widespread medical emergencies and pandemics Digital threats SchoolDude University 2009

11. Cyber Security for the Digital District www.securedistrict.org Tools and information to: Assess and improve security of technology systems To protect safety of staff and students Contribute to educational mission of their schools Maintain community support SchoolDude University 2009

12. Security Planning Process SchoolDude University 2009 Outcome: Security Project Description  goals  processes  resources  decision-making standards Phase 1: Create Leadership Team & Set Security Goals Outcome: Prioritized Risk Assessment A ranked list of vulnerabilities to guide the Risk Reduction Phase Phase 2: Risk Analysis Outcome: Implemented Security Plan Risk Analysis and Risk Reduction processes must be regularly repeated to ensure effectiveness Phase 3: Risk Reduction Outcome: Crisis Management Plan A blueprint for organizational continuity Phase 4: Crisis Management

13. Security Planning Grid SchoolDude University 2009 Security Area Basic Developing Adequate Advanced Management Leadership: Little participation in IT security Aware but little support provided Supports and funds security Aligns security with organizational mission Technology Network design and IT operations : broadly vulnerable security roll out is incomplete mostly secure seamless security Environmental & Physical: Infrastructure: not secure partially secure mostly secure secure End Users Stakeholders: unaware of role in security Limited awareness and training Improved awareness, Mostly trained Proactive participants in security

14. Security Planning Grid Provides benchmarks for assessing key security preparedness factors Uses the same topic areas for consistency Helps prioritize security improvement action steps SchoolDude University 2009

15. You never have time to plan for something you don’t think will ever happen. SchoolDude University 2009

16. Disaster Planning SchoolDude University 2009

17. Mitigation and Prevention Actions you take to identify preventable and unavoidable disasters and to address what can be done to eliminate or reduce the likelihood of a disaster and/or its accompanying risks SchoolDude University 2009 Cameron Parish School Board Office

18. Preparedness Consideration of worst-case scenarios and development of comprehensive plan for coordinated and effective response to any given disaster SchoolDude University 2009 South Cameron High

19. Response Execution of the preparedness plan and management of the disaster SchoolDude University 2009

20. Recovery Efficient and timely restoration of mission-critical operations and processes SchoolDude University 2009

21. Risk Assessment Analyze processes and functions deemed mission-critical. Identify types of potential disasters and impact of each on mission-critical items. SchoolDude University 2009

22. Risk Assessment Prioritize based on acceptable period of unavailability. Chart the workflow, considering hardware, software, people and other resource requirements for continued operations. SchoolDude University 2009

23. Risk Assessment Imagine worst-case scenarios for all types of potential disasters. What would be lost? What data would be critical? How would you communicate? How would you restore mission-critical services? SchoolDude University 2009

24. Consider Lack of Availability of Key Services and Operations What must be restored within 1 hour? What must be restored within 4 hours? What must be restored within 1 day? What must be restored within 3 days? What must be restored within 1 week? What could wait for 30 days or longer? SchoolDude University 2009

25. Disaster Recovery Plan Easy to understand and follow Organized into sections Detailed steps of tasks to be accomplished Multiple formats for different audiences Print and electronic SchoolDude University 2009

26. The worst case scenario . . . SchoolDude University 2009 No Plan!

27. First Steps Identify Planning Team SchoolDude University 2009

28. First Steps Identify and Classify Services, Operations and Records Vital Important Non-essential SchoolDude University 2009

29. Resources and Redundancies Hardware Software Communications Facilities People SchoolDude University 2009

30. Hardware Identify all required hardware. Be sure to include resources required to run and maintain hardware. Regularly update your list. Maintain key documents offsite. SchoolDude University 2009

31. Software Identify all required software. Regularly update the list. Keep copies of key applications offsite. Maintain key documents offsite. Be certain your backup systems are reliable - and redundant. SchoolDude University 2009

32. Software Data Secure and Restore Data Assess Capabilities of Providers SchoolDude University 2009

33. Communications Establish a communications plan Develop strategic partnerships Employee communications SchoolDude University 2009

34. Communications Single point of contact What is communicated Technical staff support Ensure redundancies SchoolDude University 2009

35. People Who is qualified to manage tasks? Have they been trained? What is their prior experience? Ensure key people resources are backed up . SchoolDude University 2009

36. People Incident Response Team Identify critical personnel Communicate roles and responsibilities Ensure personnel have authority needed SchoolDude University 2009

37. Facilities Have building blue prints available Have all shut-off valves clearly labeled or color coded on blue prints Identify evacuation sites Identify potential known hazard areas SchoolDude University 2009

38. Emergency Operations Center (EOC) Determine overall strategy and priorities. Allocate resources. Manage the incident. Ensure objectives are met. Ensure strategies are followed. SchoolDude University 2009

39. Develop a Staged Shutdown Move from simple preparedness to ceasing operations. Protect assets while staff is available to do the work. Ensure that mission-critical operations are the last to be stopped. Ensure shutdown can be reversed if needed. SchoolDude University 2009

40. Exemplary District Plans Fairfax County (VA) Public Schools www.fcps.edu/emergencyplan Montgomery County (MD) Public Schools www.mcps.k12.md.us/info/emergency/ North Carolina’s Critical Incident Response Kit Project www.ncjjdp.org/cpsv/cirk/cirk.htm SchoolDude University 2009

41. Those who have lived it! Dr. Sheryl Abshire, Ph.D Chief Technology Officer Calcasieu Parish Public Schools, Lake Charles, LA Robert Gravina, Chief Technology Officer Poway Unified School District, CA Wayne Howard Technology Director Platte Canyon School District SchoolDude University 2009

42. Calcasieu Parish School System (LA) Hurricane Rita struck the Louisiana / Texas border on September 24, 2005 as a category 3 storm with 120 mph sustained winds. Calcasieu Parish was hit by the hurricane eyewall and the east quadrant which has the strongest winds. 34,000 students and 5,000 staff displaced 2008 experienced Ike and Gustav SchoolDude University 2009

43. Calcasieu Parish School System Every school damaged. Many schools in Calcasieu Parish received extensive roof and water damage. The lack of power afterwards promoted mold and mildew growth. 24 hours after Rita hit, the CPSB web and email servers were back up and providing information to evacuees across the country. 34 days later, CPSB schools reopened. SchoolDude University 2009

44. Calcasieu Parish School System Many didn’t see IT as the recovery team – yet they took the initiative and were ready when disaster hit. Take the leadership if no one else is doing it. SchoolDude University 2009

45. Calcasieu Parish School System Document during response and recovery Pictures Written records Items destroyed or damaged Items purchased SchoolDude University 2009

46. Calcasieu Parish School System Don’t just create a plan— communicate and practice it SchoolDude University 2009

47. Calcasieu Parish School System Develop a culture of preparedness. Revisit and actively practice the plan. Conduct periodic audits of the plan. SchoolDude University 2009 Practice, Practice, Practice

48. Calcasieu Parish School System Staff Power and capabilities Computer and storage options Facilities Records and files Communication methods SchoolDude University 2009 Redundancy, Redundancy, Redundancy

49. Calcasieu Parish School System You can’t over plan: Identify mission critical operations Think strategically Pay attention to detail SchoolDude University 2009 “ A plan needs to exist before it is needed. Making one on the fly is too late.”

50. Poway Unified School District Poway, CA Poway is the third largest school district in San Diego County covering 100 square miles and serving approximately 33,000 students. During the fires of 2007, the school district became the county’s communication center. SchoolDude University 2009

51. Poway Unified School District School Business Continuity Work on creating a stable and reliable network for your organization SchoolDude University 2009

52. Poway Unified School District Servers that can handle capacity in an emergency You may be the best form of communication in your area Clean data Online access Bandwidth for learning Opening up applications to your stakeholders SchoolDude University 2009

53. Poway Unified School District Secure dedicated equipment, software, supplies Capacity to Rebuild/Disaster Recovery Tape Drives and Juke Box (must be the same as what you are currently using) Back up server (work with your vendor) Estimated time to recover Personnel availability (cross training) SchoolDude University 2009

54. Poway Unified School District Moving your EOC What would you do if you had to evacuate your EOC? Could you set up a fully functional IT Department? How long would it take? Would you be able to have access to your network? SchoolDude University 2009

55. Poway Unified School District Remote Learning The Bird Flu, “when, not if” Applications that allow for anywhere, anytime learning Content Management Systems Online interactive tools Online courses SchoolDude University 2009

56. Poway Unified School District What Worked….. Multiple Communications Systems Auto dialers Webpage Content systems SchoolDude University 2009

57. Platte Canyon School District, CO Mountain Community – 45 minutes from Denver Approx 1300 students Platte Canyon High School - 480 students Preparations in place after Columbine shootings Lone intruder shot student SchoolDude University 2009

58. Platte Canyon School District Communications and coordination with police was key Separate communication channels Cameras Constant testing and update SchoolDude University 2009

59. “ It’s not the plan that’s important—it’s the planning.” Graeme Edwards SchoolDude University 2009

60. What are You Doing? Tips to share with colleagues What will you do now? SchoolDude University 2009

61. Consortium for School Networking SchoolDude University 2009 www.cosn.org www.cosn.org/itcrisisprep

62. Thank you Sponsors SchoolDude University 2009

63. Linda Sharp CoSN Project Director IT Crisis Preparedness [email_address] SchoolDude University 2009 Hope is Not a Strategy!