Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dec. 6, 2012 Special Topics Webinar Larry Sigel, Partner Margaret Buckton, Partner © Iowa School Finance Information Services, 2012 1 Computer Investigations.

Similar presentations

Presentation on theme: "Dec. 6, 2012 Special Topics Webinar Larry Sigel, Partner Margaret Buckton, Partner © Iowa School Finance Information Services, 2012 1 Computer Investigations."— Presentation transcript:

1 Dec. 6, 2012 Special Topics Webinar Larry Sigel, Partner Margaret Buckton, Partner © Iowa School Finance Information Services, 2012 1 Computer Investigations Todays’ Bargaining Implications Policy Update New ISFIS Online Policy Manual Hosting

2 Update us with your email address PowerPoint on ISFIS web site at Use question pane to pose questions Ask questions. We will find the answer Special Topics Webinars Recordings on ISFIS Site: ▫ Dec. 6. 1:00, computer investigations, security, negotiations and policy ▫ Jan. 3, 6:00, Revenues, Resources and the Education in the Upcoming Legislative Session – invite your board and advocacy team. Weekly once Legislature convenes. Watch for invite or check ISFIS Webinar page and preregister Webinar Reminders

3 Using Webinar Information Later PPT, Recording and related tools posted on the Webinar Page Itemized list of contents is searchable (eg., today we have the policy check list for preparing for an accreditation site visit posted on the webinar page for subscribers to access) Find what you need when you need it via Google search box Thanks to Traci and Sean for organizing the web site! (And they can help you find anything, too....) 3

4 Today’s Agenda Computer Investigation: what do you do if you suspect inappropriate computer use by staff or students? Larry Sigel and Brett Nitzschke, Lynch Dallas PC Bargaining and Negotiations: considerations to prepare for bargaining with unknown Allowable Growth and new requirements for collaboration and peer review. Brett Nitzschke and Margaret Buckton Policy Update including a new tool to assist you in preparation for your district's accreditation site visit: Emily Ellingson, Lynch Dallas PC New ISFIS Online Policy Service: Larry and Margaret will cover highlights of the service now included in the subscription for supplemental policy and negotiations services. Dates and deadlines and a recipe... 4

5 Overview: Computer Investigation What to do in case you suspect inappropriate computer usage – Legal Viewpoint from Brett and Computer/techie best steps from Larry What you can expect out of your computer professional Email practices regarding former staff Best practices to prevent inappropriate computer usage and hacking Internal and external threats and risks

6 Legal Considerations on Computer Investigations BRETT S. NITZSCHKE EMILY K. ELLINGSON LYNCH DALLAS, P.C. P.O. BOX 2457 526 SECOND AVENUE SE CEDAR RAPIDS, IOWA 52406 TELEPHONE: (319) 365-9101 FAX: (319) 365-9512 E-MAIL:

7 Computer Investigation Recommendations Once there is a suspicion that a computer is being inappropriately used by an employee, a school district should secure the computer to prevent accidental or intentional deletion of the contents of the hard drive. Simply booting up a computer can alter information and may overwrite information resulting in irretrievable loss of information. If a computer hard drive has not been properly preserved or investigated the evidence retrieved will be compromised.

8 Computer Investigation Recommendations The school district should employ a computer expert to collect, preserve, and analyze information on the computer. A school district technology coordinator may be used, but must have the required expertise, objectivity, and confidentiality to perform and effective investigation. The computer expert should be an experienced investigator that is familiar with a wide range of computer hardware, applications and operating systems and offer expertise in the specialized tools and techniques used to examine a hard drive and its contents and experienced in providing testimony in regard to computer investigations.

9 Computer Investigation Recommendations Do not try to look at information on the computer or install software on the computer to recover deleted files. If you do so, you will damage or destroy evidence and will taint and possibly compromise the investigation. Establish and maintain an unbroken chain of custody of the computer and preserve the state of the hard drive at the moment an investigation is begun. Create a detailed inventory of the media involved, including the make, model, serial number, condition, and capacity.

10 Computer Investigation Recommendations A computer expert should first create a complete non-invasive sector-by-sector or “mirror image” backup of all data contained on the computer in question in order to recover all active, deleted, and temporary files. This process creates a complete snapshot of the computer at the time of acquisition and creates a back up copy in order to prove that the computer has not been altered during the examination process.

11 Computer Investigation Recommendations After the “mirror image” is created, the computer expert should conduct an examination on the “mirror image” without ever altering the contents of the computer. This process is the only practical means of searching and analyzing computer files without altering critical information. The school district’s technology coordinator should also change any switches within the email system that automatically delete or alter data and also change any settings on the system that would delete or alter a log which records employee internet use.

12 Best Practices (in techno-speak) Suspect inappropriate use of a school computer Step 1: Seize the computer ▫ What if not running? Do NOT boot up the computer. ▫ What if running?  Don’t go through shutdown procedure. Just hold power button down for about 10 seconds to kill it. Do not start the computer!!! ▫ Turning on computer can erase temporary internet files that may be important.

13 Best Practices Step 2: Document the process of seizing the computer  Time, date, location, employees. Step 3: Keep it locked up so no one has access. This helps to establish the chain of custody. Step 4: Call your attorney and your computer expert. Follow your attorney’s advice! What should you expect out of your computer expert?

14 What You Should Expect out of your Computer Professional Step 1: Sector by sector image of the physical hard drive. Will image each section of hard drive platter including “white” (empty) space. ▫ Why image the whitespace?  Whitespace may contain deleted files, browser history, deleted pictures.  Time intensive – can take a long time – perhaps more than 12 hours to perform this. Step 2: Computer itself is locked back up. Step 3: Only boot computer using forensic tools to eliminate the possibility of changing the computer hard drive from it’s unaltered state while the image is being created

15 What You Should Expect out of your Computer Professional Step 4: Forensic utilities scrape info from data files and create text files for URL searches, domain names, email address correspondence, credit cards used; basically any identifiable information. (Data acquisition and Discovery can take a day or two or more, depending on computer hard drive size). Step 5: Recover deleted white space. Takes empty space and looks for file remnants and reassembles them into usable files. When a file is deleted, the header to the file is removed, but the actual file contents remain until they are overwritten. So, a LOT of information resides as deleted white space. (Expect as much as another day or two for this step.)

16 What You Should Expect out of your Computer Professional All of these processes have to be monitored (it’s not a “set it and forget it” situation). Collect files in a central location and review to determine whether something is a violation of district computer use policy. Can be pictures, files, browsing history. Just be aware that you can also restore viruses during this process, so you’d best know what you are doing!

17 What You Should Expect out of your Computer Professional Final analysis should include the following: ▫ A report with findings ▫ Copy of all files recovered ▫ Image of the hard drive ▫ Evidence of Chain of Custody  Includes times and locations  Who had access to laptop  Document that the computer was secured and no one else had access

18 Best Practices: Prevention What can you do to prevent inappropriate use? Web proxy filter: Filters internet traffic from inappropriate websites. Also has the ability to log traffic for each user. Logging should be turned on your routers. This allows you to pull reports on usage. Users should NOT have Administrator privileges on their computer

19 Why restrict administrator privileges? ▫ Viruses can easily infect the computer using the person’s credentials – can also infect the network. Includes keyloggers, trojan horses, and malware. ▫ A sophisticated user could use admin privileges to hide activity by deleting profiles and creating new profiles. Install unwanted software including chat and file sharing websites (mp3 and bootleg movies) or illegal (bootleg) software.

20 Best Practices: Prevention File sharing: When a user has admin access, they can set up file sharing. Makes your computer visible to other computers any time its connect to a wireless or wired network. Others can see your files, including potentially confidential student information. Once file sharing is set up, it doesn’t require a user name or password for access. Plug into a public Internet connection and anyone can see

21 Best Practices: Prevention With admin privileges, a user can turn their local firewall off and expose their computer and the computer network to viruses, malware, etc. Even if they have firewall on, if using File Sharing, this creates an exception to the firewall and others can get right in.

22 Best Practices: Prevention An example: A user has admin privileges and inadvertently turns off their firewall. Each computer has 65,000 ports (incoming and outbound each – for a total of 140,000 ports). A hacker could exploit one of these unprotected ports and make the computer a drone that they can take control of and view websites, log keystrokes (password theft) and take information from your network. Because your computer is the drone, it appears as if the user was the one doing the activity not the hacker.

23 Best Practices: Prevention Make sure antivirus software is installed, running and up to date. ▫ Cost is no longer an issue – several good, free alternatives exist; Microsoft Security Essentials, AVG, McAffee, just to name a few. Analyze services available to the outside world ▫ VPN access ▫ Websites ▫ SQL databases ▫ File sharing

24 Best Practices: Prevention Example: SQL database that contains student information from your student information system. A database that is accessible from anywhere on the Internet (all vendors should have to validate through a VPN to access SQL services). ▫ Only username, password and domain authentication are required and these can be easily overcome with cracking software. ▫ Could expose confidential student data (aka, FERPA no no)

25 Threats are not just virtual! ▫ Many schools have TONS of physical Internet connections ▫ These are not necessarily secured and provide access to your local internal network. Simply by plugging into the wall they can bypass all of your security (firewall and routers). Then can scan for any computers plugged into the network and access computers that are connected via wireless. ▫ Also gives you the ability to query the routers and see what routes are available. Multiple subnets on the router can be revealed to the hacker. If you don’t have the routers to set up to manage this, you can have exposure.

26 A Couple of Examples “Rogue” access points ▫ These are created individuals plugging into your ethernet network unauthorized wireless access points. Usually, these are not intended to be malicious, but are sometimes related to poor wireless connection issues the user is trying to overcome. ▫ Example: $45 Linksys wireless access point from Best Buy.  Teacher plugs the access point into the wall.  Creates an instant access point with potentially no security.  Can go anywhere on your network.

27 Honeypots Wireless access points that impersonate a real website or access point for the purpose of collecting usernames, passwords, credit card numbers. Greater risk if staff are away from your buildings (and hence your security) using publicly accessible sites. Example: you’re sitting in Panera and decide to order your wife’s Christmas present from Amazon. Unknowingly you connect to a honeypot because it was open and looked like the real Panera site. Because your credit card info passes through the site, your hacker is going to have a Merry Christmas and you’re going to spend the next 6 weeks (or months) cleaning this up.

28 Remote File Access There are times when users need access to your network from remote locations. Options include: ▫ Worst: Application is directly available from the Internet In our computer expert’s experience, a number of student information systems are directly connected to the Internet. ▫ Better: Authenticating through a VPN client. In this case, the computer would have to use a VPN client to create a encrypted secure tunnel to your network. ▫ Best: Isolating critical applications behind internal firewalls. In this case the user would still use a VPN client but the user is authenticated by an internal firewall before they are allowed access.

29 BYOD IF individuals are allowed to utilize personal devices (computers, tablets, iPads, smartphones) within your building, then: ▫ Use separate wireless network and web filtering and rules limit access to the router and other routers and other networks. ▫ This prevents access to objectionable web content as well as potentially confidential information.

30 Network Administrator Four primary needs for any school network:  Printing  Web surfing  File sharing  Application usage It’s the Network Administrator’s job to properly authenticate the users using those resources.

31 Email Policy Considerations: former staff “Will you be touching on what to do with former employees’ email accounts?” Thanks for asking, Janet from Iowa Valley! Details might go in operational procedure or policy (board policy might require the superintendent to include safe email transition expectations in procedures) The termination or transition plan should anticipate Open records legal requirements. James suggests using the backup method "grandfather - father - son" - what is that? 31

32 Email Policy Considerations: Backups Define three sets of backups (eg., daily, weekly, monthly) ▫ The daily, or son, backups are rotated on a daily basis with one graduating to father status each week. ▫ The weekly or father backups are rotated on a weekly basis with one graduating to grandfather status each month. ▫ In addition, quarterly, biannual, and/or annual backups can also be separately retained. ▫ One or more of the graduated backups may be removed from the site for safekeeping/disaster recovery purposes. Keep the grandfather tapes for 7 years (cost of tape storage and budget dictates how many tapes you keep and how many circulate back into rotation.) 32

33 Email Policy Considerations: former staff Steps to take upon termination/resignation: 1. Change employee passwords during HR/person exit interview 2. Forward the email address to a replacement person so important emails and current project information are protected. Based on the position, this "Forward" can last anywhere from 30-90 days. 3. Remove the address when the forward period expires. 33

34 Email Policy Considerations: former staff Steps to take upon termination/resignation: 4. Archive the emails to a offline file for roughly 1 year depending on the retention policy of electronic documents and if the email accounts are backed up on a regular basis. Check with your school attorney on open records retention legal requirements. 5. If an electronic discovery device is used for archiving all emails to and from a district, this could also be considered a way to backup (may also have legal implications for email retention.) 34

35 Bargaining and Negotiations Implications for Today’s Uncertainty © Iowa School Finance Information Services, 2012 35

36 Bargaining and Negotiations: Allowable Growth unknown: 2013-14 or 2014-15 ▫ Tell legislators the box you are in regarding timelines Unlikely (not impossible) for early Session determination, so options include: ▫ Delay: Impasse waiver – agree to a date certain ▫ Proceed/include reopener language if different from assumptions ▫ Consider district ability to pay (unspent authorized budget backed by cash). Proceed without knowing ▫ Focus on language first ▫ ISFIS budget projection tool for scenario planning 36

37 Negotiating for 2013-2014 Do you still have TSS spending authority carried over from 2009 ATB 10% cut? Consider value of that to teachers and what you might be able to trade for it. Language: Understand SF 2284 requirements on collaboration and peer review

38 SF 2284: 36 Hours of Collaboration Time for Practitioners Collaborate with each other to: ▫ deliver educational programs and assess student learning ▫ engage in peer review In Code Section 284: references the Iowa Professional Development Model (TQ Committee has some say) Collaboration can take place during PD time, but not during prep time Collaboration must be outside the minimum school instructional day - defined in Iowa law to be at least 5.5 hours, but most district exceed that threshold. Law doesn’t say collaboration must be outside of minimum contract day. 38

39 Peer Review Language in SF 2284 Peer Review – in years 1 and 2 of a 3-year cycle. Peer group reviews all of the peer group members. Peer reviews are formative, informal, collaborative and focused on each teacher meeting individual PD plan goals. Peer group reviews are prohibited from an employment consequence (intensive assistance, compensation, promotion, layoff, termination or any other.) Teacher may voluntarily elect to participate in an intensive assistance program based on the peer review. Members of the peer group shall be reviewed every third year by at least one certified evaluator. 39

40 SF 2284 Peer Review doesn’t require: Confidentiality or exclusivity to teachers Exclusive right of the reviewed teacher to all documentation Release time for training (although training is a good idea, could be done in the context of the 36 hours and PD) Self-selection process of determining peer groups SF 2284 language doesn’t trump or invalidate existing contract language. Your contract already covers prep time and per diem payment for time outside the contract day. 40

41 Sum it up: Be cautious of adding language to the contract not required by law It’s not necessary to add language to the contract if something is required by law Process may change – NCLB waiver was rejected. Iowa’s proposed evaluation piece may not have been strong enough. Perhaps prudent to go slowly. Consider having the TQ Committee look at the law, the relationship to existing PD practices, and make recommendations to the board on next steps.(Iowa Code 284.8(1) SF 2284SF 2284 41

42 Thanks Brett! Policy Updates: Emily BRETT S. NITZSCHKE EMILY K. ELLINGSON LYNCH DALLAS, P.C. P.O. BOX 2457 526 SECOND AVENUE SE CEDAR RAPIDS, IOWA 52406 TELEPHONE: (319) 365-9101 FAX: (319) 365-9512 E-MAIL:

43 Policy Updates – check if your policy includes current requirements General updates ▫ Student Records Policy ▫ Wellness Policy (revamped to make as user-friendly as possible) ▫ Student Surveys (PPRA) Policy ▫ Purchasing and Bidding Policy

44 Policy Updates Law requires 5-year cycle of reviewing policy and it’s tough to do all in one year. Check out your local policy for review and see if you’re on track. What if you have an upcoming site visit? ▫ ent&task=view&id=1558&Itemid=2342#Public ent&task=view&id=1558&Itemid=2342#Public

45 DE Site: Checklist of resources and processes to help you prepare and helps you learn what to expect 45

46 Policy Updates ▫ New on ISFIS web site - List of considerations for the site accreditation visit ▫ Emily prepared the list – nice guide to make sure you have all of your policy ducks in a row ▫ Posted on today’s webinar page and on the supplemental policy subscription site ▫ Call or email us if you have difficulty finding these local policies in your manual:

47 47 Search for all policies that touch on these issues. Snapshot of about ¼ of the list Posted on ISFIS site Having this checklist will help site visit team find them

48 Wait a minute. What, did you say? Search in your policies for a word or phrase? Can you do that? ISFIS announced yesterday our new Policies Online, a complimentary addition to our ISFIS Policy Services Supplemental Subscription or available as a stand alone service. 48

49 Policies Online Benefits: Completely Transparent: 24/7 accessibility by board members, staff, students, parents and your school attorney - anyone with access to the Internet can find, verify and understand the district's up-to-date policies and forms. Free Hosting: Linked directly from your school's web site Easy Editing : Make changes once, online. No need for board members to swap out old pages in a 3-ring binder. Always up to date. 49

50 Policies Online Benefits: Versioning: Know when policies have been changed, and track who made the edits. Fully Searchable: Most services offer limited searching within a policy due to limitations of PDFs. Policies Online is searchable across the entire manual. Also fully capable of being indexed by online search engines. Complimentary Technical Support Use simple training video and be up and running in two days or less, depending on your current format. Or just send us an electronic version of your manual, and we'll get it all uploaded for an additional fee.simple training video 50

51 ISFIS Sample policies online Let’s take a look at what this looks like 51

52 ISFIS Policies Online Contact Traci Giles 515-251-5970 Ext. 4

53 ISFIS February Budget Workshops Format will be slightly different: ▫ 9AM-12PM is for newer Superintendents and Business Managers who haven't been through the budget process, have financial situations or just need a little extra help. ▫ 1PM-4PM will be geared towards Superintendents and Business Managers who have been through the budget process, want to get in and out, and don’t need much one-on- one help. Complete the following worksheets BEFORE the session: FY12 Worksheet 1 and Worksheet 2 AND FY13 Re-estimated Worksheet 1 and Worksheet 2. Expect info from local AEA regarding registration and location details. We will also post all the information on our website when it becomes available. 53 Thanks to AEAs for your help!!


55 Weigh in on Teacher Leadership and Compensation Final Report: Read the full report Submit your written comments ew=article&id=2738#comment Share your observations, celebrations and concerns with legislators Stay tuned Special Topics Webinar next Wed, Nov. 7, 1:00 Election Results Impact on Education 55

56 Pending Dates and Deadlines ▫ Dec. 7Districts Submit Civil Rights Data Collection To Federal Government ▫ Dec. 15Deadline to submit MAG request for Dropout Prevention ▫ Dec. 17Deadline to submit School Association Reporting ▫ Jan. 1Last date to certify to the DE reorganization or dissolution action effective July 1. ▫ Jan. 142013 Legislative Session Begins DE Deadlines Calendar (from Calendar tab on home page) 56

57 Ingredients: Mrs. Grass Homestyle Chicken Noodle Soup mix (5.92 oz package) 8 cups water 8 cups chopped veggies (carrots, celery, bok choy, onion, carrots, spinach) 32 oz. chicken stock Sprig of rosemary and two sage leaves and black pepper 6 oz can Chicken (or any leftover chicken) Directions: 1.Mix all ingredients in a crock pot 2.Set on high for 4-5 hours or on low if longer 3.Supper’s ready when you get home (unless Sam and all of his buddies eat it all before I get there) Quick Homestyle Chicken Noodle Soup

58 The best ways to contact us:  Text us – Include your name in the message ▫ Larry’s cell 515-490-9951 ▫ Margaret’s cell 515-201-3755  Email us – Use either email, we have no preference ▫ or ▫ or ▫ ▫ ▫  Call the office – Traci will grab the call if we’re not in at the moment ▫ 515-251-5970 listen for directory and enter first 3 digits of last name  When we’re on the road and out of the office, texting is the best way to get in touch with us. It’s easy to read and respond to those as we are attending meetings or traveling.

59 Thank you from all of us at ISFIS! 59 Iowa School Finance Information Services 515-251-5970

60 Questions or Comments? Larry Sigel, ISFIS – Partner Cell: 515-490-9951 60 Margaret Buckton, ISFIS – Partner Cell: 515-201-3755 Iowa School Finance Information Services 4685 Merle Hay Road, Suite 209 Des Moines, IA 50322 Office: 515-251-5970

Download ppt "Dec. 6, 2012 Special Topics Webinar Larry Sigel, Partner Margaret Buckton, Partner © Iowa School Finance Information Services, 2012 1 Computer Investigations."

Similar presentations

Ads by Google