Presentation is loading. Please wait.

Presentation is loading. Please wait.

NCDPI Information Technology k-12 Cybersecurity Study

Published byCharles Parrish Modified over 6 years ago

Similar presentations

Presentation on theme: "NCDPI Information Technology k-12 Cybersecurity Study"— Presentation transcript:

1 NCDPI Information Technology k-12 Cybersecurity Study
Michael Nicolaides Julien Alhour January 27, 2017

2 Click image for full report
Cybersecurity Study Click image for full report

3 Study required by - NC SL 2016-94 (HB 1030) Section 8.17:
The Department of Public Instruction shall conduct a study on cybersecurity in North Carolina public schools, including charter schools. By December 15, 2016, the Department shall report the results of the study to the General Assembly in accordance with G.S

4 Study Approach Meetings and interviews were conducted
The North Carolina Governor’s Office The North Carolina LT. Governor’s Office The Department of Information Technology MCNC The William & IDA Friday Institute for Educational Innovation The University of North Carolina School of Government North Carolina School Boards Association Secure Survey of LEAs and Charter Schools NCDPI Technology Services MCNC Department of Information Technology Services (DIT) - Enterprise Security and Risk Management office

5 Online Survey Overview
37 questions were asked covering the five function areas of security as identified in the National Institute of Standards and Technology Cybersecurity Framework: Identify Protect Detect Respond Recover

6 6 potential answers were possible for each question:
Not Implementing = No policy, procedures or technology implemented Emerging / Developing = Informal policies, procedures or technology implemented Operationalized = Formalized policies, procedures or technology implemented Optimized = Formalized policies, procedures or technology implemented which include quality control efforts such as auditing effectiveness Not Applicable = Question did not pertain to the environment Compensating Control = Implemented alternate security measures that met the intent of the identified controls

7 Key Analysis The survey had a very high response rate.
Hurricane Mathew did impact a few school districts and charter schools ability to respond to the survey. Detailed analysis of the survey questions and individual responses are confidential per North Carolina General Statute (c). These are available as Appendix A and B in the Addendum.

8 General Observations School districts and charter schools vary significantly in their portfolios of cybersecurity capacity

9 General Observations Small school districts and charter schools are the most vulnerable

10 General Observations The majority of school districts and charter schools surveyed are not prepared for a significant disaster or cybersecurity event

11 General Observations Loss of federal funding for Internet content filtering and firewall Services

12 Click image for full report
General Observations School districts and charter schools are not mandated to follow the guidelines established in the North Carolina Statewide Information Security Manual Click image for full report

13 Recommendations from the Study
Develop Common Templates and Prioritization Guidelines Results of this survey indicate a need for state-level guidance and support to schools in both prioritizing and implementing important cybersecurity policies and practices.

14 Recommendations from the Study
Publish a Quarterly Information Security Newsletter Results of the survey and communications with district and charter school personnel also revealed a lack of awareness about the importance and relevance of many key cybersecurity practices.

15 Recommendations from the Study
Provide Cybersecurity Awareness Training The survey revealed that many districts and charter schools do not have a formalized cyber awareness training program for their employees.

16 Recommendations from the Study
Require school districts and charter schools to follow the guidelines established in the North Carolina Statewide Information Security Manual Requiring school districts and charter schools to adhere to the requirements established in the security manual would provide a unified security framework from which they could formalize their security programs. (adjust the manual for schools) Click image for full report

17 Recommendations from the Study
Provide Regional Cyber Security Specialists Survey results suggest the need for experienced and knowledgeable regional staff, to support school districts and charter schools in reducing risk to cybersecurity threats.

18 Recommendations from the Study
Make Available State Funding for Internet Content Filtering and Firewall Protection The projected cost of Internet content filtering and firewall services is $5.5 million. Cost Benefit

19 Questions?

Download ppt "NCDPI Information Technology k-12 Cybersecurity Study"

Similar presentations

IDEA® English Language Proficiency Tests (IPT)

IDEA® English Language Proficiency Tests (IPT)
North Carolina Office of the State Auditor Honesty Integrity Professionalism.

North Carolina Office of the State Auditor Honesty Integrity Professionalism.
1 NORTH CAROLINA COUNCIL OF INTERNAL AUDITING October 31, 2007.

1 NORTH CAROLINA COUNCIL OF INTERNAL AUDITING October 31, 2007.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Department of Environmental Quality Environmental Management System Overview.

Department of Environmental Quality Environmental Management System Overview.
Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.

Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Idaho High School Wireless Project Joyce Popp Chief Information Officer.

Idaho High School Wireless Project Joyce Popp Chief Information Officer.
Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
IS-0700.A: National Incident Management System, An Introduction

IS-0700.A: National Incident Management System, An Introduction
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Procurement Transformation State of North Carolina

Procurement Transformation State of North Carolina
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Institute for Criminal Justice Studies School Safety Teams School Safety Teams ©This TCLEOSE approved Crime Prevention Curriculum is the property of CSCS-ICJS.

Institute for Criminal Justice Studies School Safety Teams School Safety Teams ©This TCLEOSE approved Crime Prevention Curriculum is the property of CSCS-ICJS.
PUBLIC HEALTH DIVISION Office of the State Public Health Director Modernization of Oregon’s Public Health System July 2015.

PUBLIC HEALTH DIVISION Office of the State Public Health Director Modernization of Oregon’s Public Health System July 2015.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the Preface to the Standards on Internal.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)

Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)

Similar presentations

Ads by Google