Presentation is loading. Please wait.

Presentation is loading. Please wait.

Communication is Between People. The Rest is Technology. How to Prepare for and Survive an IT Audit.

Published byJunior Hudson Modified over 8 years ago

Similar presentations

Presentation on theme: "Communication is Between People. The Rest is Technology. How to Prepare for and Survive an IT Audit."— Presentation transcript:

1 Communication is Between People. The Rest is Technology. How to Prepare for and Survive an IT Audit

2 AGENDA Types of School Audits Why an IT Audit Benefits Drivers or “Triggers” Typical Components of an Audit Key Educational Components Phases of an Audit Key Documents Key Policies Resources

3 School District Audits Financial 3 rd party review of the districts financial statements Curriculum 3 rd party review of the districts teaching approach and alignment Information Technology 3 rd party review of the districts efficiencies of its existing network

4 Shaping Questions Why have we chosen to invest in educational technologies? What rationales have motivated and shaped these investments over time? What have been identified as the requisite steps to take in order to ensure that technologies are effectively implemented? What specific recommendations have been given priority over time? What assumptions underlie our vision for how technologies can impact teaching and learning, and how have these changed over time?

5 Why Conduct an IT Audit Gives us an opportunity to assess or re-asses why we use technology in the academic and administrative enterprise

6 Why Conduct an IT Audit Merely a “Checkup” Reveals areas of strength Reveals areas of weakness Promotes growth Accountability

7 Benefits Provides an insight to make sure your IT strategy is meeting your Technology Plan which feeds into: Objectives ROI Student Achievement Assets ……and finally desired Goals

8 Drivers Legislative Mandates E-Rate Funding Private Funding Privacy Notification Regulations Accountability Where the roles and responsibilities lie in meeting district goals Incidents School Board requests

9 Considered Areas of Focus

10 Typical Components Hardware Review Servers Workstations Closets Wiring Peripherals Software Evaluations OS Business Critical Licensing Training Standardization

11 Typical Components Documentation System components/Topology Facilities Plan Log Files Configuration Files Asset Management Benchmarks Backup Procedures/DR Plan Systems Environment Critical Functions Management Personnel Budgeting

12 Typical Components Security Access Controls Log Files Configuration Files Benchmarks IDS/IPS Reports Policies Acceptable use Signed agreements Security

13 Tools Nessus Comprehensive vulnerability scanning program. NMAP (Network Mapper) Used to discover hosts and services on a network creating a “map” of the network. MSBA Microsoft tool used to determine missing security updates and less secure settings on Windows machines.

14 Tools IDS/IPS Device or software that monitors network activities for malicious or policy violations. RAT (Router Audit Tool) Checks router configurations against benchmarks and produces a report listing each rule with a pass/fail score and corrections. Nipper Software that identifies weaknesses on firewalls, routers and switches and offers remediation.

15 This is where the “cookie cutter” approach ends We have just discussed the rudimentary components The “tailored components” starts now Crafted to address what matters in YOUR school district

16 Specific Key Components Professional Development What technology-related training and/or professional development do staff receive? What are the goals, methods, incentives, and content of technology-related training and/or professional development for staff? How are training and/or professional development for staff evaluated?

17 Specific Key Components Curriculum Development Does the school districts instructional applications support teaching and learning standards? Is there support for technology tool skill development? Are the applications in use evaluated for effectiveness? Technology Integration Are teachers proficient in the use of technology in the environment? Are students proficient in the use of the technology in the environment? Is technology fully integrated into the environment?

18 Phases of an IT Audit Pre-Audit (Internal) Creation of Teams Creation of “high-level” documentation Creation of questionnaires Report findings On-Site Visit (External) Collecting the Data Results and Follow up Data Analysis Final Report Remediation

19 Pre-Audit During this phase it is the schools intent to show that the school has its act together and is making progress toward goals established. Overview: Team leaders are chosen. (superintendent) Audit teams are chosen. (teachers, administrative) Existing documentation is gathered and shared Meetings are held to communicate process Teams work school by school Another team works on the district as a whole Questionnaires are created for teachers and staff Reports are written and combined Presentation to School Board School Board approves and results are posted

20 Sample Questions Some of the questions that can be addressed in this step. Questions: How does the use of computers, the Internet and other applications by teachers and students affect student performance, knowledge and skills? How does the investment in technology compare with other educational innovations, such as smaller classes or individualized instruction, in terms of costs and benefits? What are the professional development and technical support strategies for enhancing teachers’ effective use of technology?

21 On-site Visit An outside auditor free from bias of the existing situation. The job here is to collect the data created from exercises mentioned prior and to confirm it is accurate to the environment. Overview: Team leaders meet with the auditor Local teams share all documentation and internal reports Discuss timelines and objectives What is to be audited? Auditor studies all documentation Auditor conducts on-site visit, makes observations Auditor meets with teams, makes observations

22 Sample Questions Some of the questions that the auditor might include. Questions: Have processes been implemented to safe-guard the future viability of the system and the data residing on the system in the event of a malicious or catastrophic event? What processes have been implemented to allow for efficient management of the district’s deployed software/hardware? Is a process in place for the technology support group and teachers to communicate about the district's future direction in education technology and any challenges they might encounter?

23 Results and Follow up Auditor presents findings/reports to team leaders Auditor presents findings to School Board with recommendations Optional, but auditor might present findings to community Remediation should then proceed from findings This improvement plan will need to be created and executed This improvement plan is then reviewed by external auditor

24 Key Documents Technology Inventory (Asset Tagging) Technology Plan Facilities Plan Network Documentation Configurations and Log Files Security/Access Reports IDS/IPS Reports

25 Key Policies and Procedures Computer/Equipment Usage Acceptable Use Information Access Application Use Managing Sensitive Instruction-related Information Protecting Student Information/Privacy Technology Investment Protection Guidelines Staff Education Parent and Community Education

26 New Developments Social Networking SmartPhones BYOD

27 Summary Why an IT Audit Benefits Drivers or “Triggers”

28 Summary Typical Components of an Audit Key Educational Components Phases of an Audit Key Documents Key Policies

29 Resources Technology Audit www.nces.ed.gov Technology Plan www.nctp.com dpi.state.wi.us/imt/techplan.html www2.ed.gov/programs/edtech/techstateplan.html Technology Policies www.schooltechpolicies.com Other www.thejournal.com

30 Q&A

Download ppt "Communication is Between People. The Rest is Technology. How to Prepare for and Survive an IT Audit."

Similar presentations

Board Governance: A Key to Quality Organizations

Board Governance: A Key to Quality Organizations
Technology Integration Plan (TIP) Overview Meeting Welcome TIP Teams.

Technology Integration Plan (TIP) Overview Meeting Welcome TIP Teams.
NCLB Monitoring Cycle 1 Policies and Procedures. Letter  Explains monitoring process  Lists required documentation  Lists activities  Directions for.

NCLB Monitoring Cycle 1 Policies and Procedures. Letter  Explains monitoring process  Lists required documentation  Lists activities  Directions for.
Campus Improvement Plans

Campus Improvement Plans
August 15, 2012 Fontana Unified School District Superintendent, Cali Olsen-Binks Associate Superintendent, Oscar Dueñas Director, Human Resources, Mark.

August 15, 2012 Fontana Unified School District Superintendent, Cali Olsen-Binks Associate Superintendent, Oscar Dueñas Director, Human Resources, Mark.
 Reading School Committee January 23, 2011. 2

 Reading School Committee January 23,
Technology Plan EDLD 5362 Casey Smith.

Technology Plan EDLD 5362 Casey Smith.
Security Controls – What Works

Security Controls – What Works
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 

Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Center for Health Care Quality Licensing & Certification Program Evaluation 1 August 2014 rev.

Center for Health Care Quality Licensing & Certification Program Evaluation 1 August 2014 rev.
Part II: Strategic Planning for a Successful 1:1 Program

Part II: Strategic Planning for a Successful 1:1 Program
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Technology Use Plan Mary Anderson 7/29/08 EDTECH 571 click to go to each slide.

Technology Use Plan Mary Anderson 7/29/08 EDTECH 571 click to go to each slide.
Student Assessment Inventory for School Districts Inventory Planning Training.

Student Assessment Inventory for School Districts Inventory Planning Training.
Network security policy: best practices

Network security policy: best practices
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Similar presentations

Ads by Google