CYBER SECURITY by yantingting

VIEWS: 3 PAGES: 21

									 CYBER
SECURITY
  Vicki Bennett
Purpose of Cyber Security Training

• All school personal shall be training in District
  cyber security policy. Understanding the
  District policies will enable the staff member
  to further the students’ understanding of
  these policies and also enable the instructor
  to integrate the policies into the curriculum.
Definition of cyber security:
 Cyber security is the protection of data
 and systems within networks that are
 connected to the Internet, including:
 • information security
 • information technology disaster recovery
 • information privacy

 http://www.bitpipe.com/tlist/Cybersecurity.html
 http://www.nae.edu/nae/naehome.nsf/weblinks/MKEZ-542KBP?OpenDocument
• Protecting personal privacy and children are a
  major focus of district Internet security best
  practices.
  (FERPA) http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
  (PPRA) http://www.ed.gov/policy/gen/guid/fpco/ppra/index.html
  (CIPA) http://www.fcc.gov/cgb/consumerfacts/cipa.html


• An educator may often act on behalf of a parent
  or guardian and therefore he/she must take care
  to protect information given out about the child
  over the Internet.
  (FERPA) http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
• Safeguarding computers within the
  school is the responsibility of all
  individuals working within the schools.
 (CIPA) http://www.fcc.gov/cgb/consumerfacts/cipa.html
    Keeping Confidential Data Secure
Electronic data security is a top priority. A
district should:
•   Establish network security
•   Establish protocol for accessing network information
•   Create guidelines for electronic communication
•   Perform bi-yearly network security checks
•   Educate the school community about cyber security
•   Establish and enforce technology use guidelines
           Purpose of Security Policy
The district security policy has highlighted the following
security concerns:
• Information integrity: unauthorized deletion, modification or
  disclosure of information.

• Misuse: The use of information assets for other than authorized
  purposes.

• Information browsing: Unauthorized viewing of sensitive information
  by intruders or legitimate users.

• Penetration: attacks by unauthorized persons or systems that may
  result in denial of service or significant increases in incident handling
  costs.
Purpose of Security Policy (continued)
• Computer viruses: attacks using viral code that reproduces
  itself by modifying other programs, spreading across multiple
  programs, data files or devices on a system or through multiple
  systems in a network, that may result in the destruction of data
  or the erosion of system performance.

• Fraud: attempts to masquerade as a legitimate user to steal
  services or information, or to initiate transactions that result in
  financial loss or embarrassment to the district.

• Unauthorized additions and/or changes to infrastructure
  components.
Systems Management, Data Integrity, and
Security
 All school personal and students must follow these
 District rules and guidelines:

 • No non-district hardware or software shall be introduced in the
   system without approval.

 • Employees may download only files applicable to their position.

 • Students may download only files that are for use in classroom
   assignments and activities, with teacher permission and
   direction.
Systems Management, Data Integrity, and
Security (continued)
• Seek the assistance of qualified personnel to install non-standard
  data. Improper installation may cause computers and networks to
  function erratically, improperly, or cause data loss.

• Never install downloaded software to network storage devices
  without the assistance of qualified personnel.

• It is prohibited for any employee or student to “propagate” any
  viruses, worms, or malicious code via the District computer system.

• No intentional deletion or modification of software is to be done
  unless it is part of the curriculum.
Systems Management, Data Integrity, and
Security (continued)
• It is prohibited to disable or overload any computer system or
  network or to circumvent the district computer system’s privacy
  and security measures.

• Transferred data must be checked for viruses before being run
  or accessed.

• Disabling, modifying, deactivating, or uninstalling of District virus
  scanning software is prohibited.

• Students/employees may not access stored materials/data that
  are not appropriate to their position, or are outside education or
  employment duties.
Educators need to take appropriate precautions to protect
administrative accounts and passwords. When creating
passwords:

• Use at least 8 characters with a mix of letters, numbers, and symbols.

• Change the password regularly.

• Use a password that you can type quickly without looking at the
  keyboard.

• Don’t use your own name, your family’s name, or your pet’s name in
  any form as your password.

• Don’t use the “remember password function” on your computer.

• Don’t share, write the password down, or e-mail it to yourself.

   http://www.cerias.purdue.edu/education/k-12/community_awareness/
Cyber Threats
           Computer Virus
• A computer virus is a program written specifically to
  infect and/or alter other programs by attaching itself
  to:
   – Documents
   – Presentations
   – E-mails
   – CDs
   – Floppy disks
   – Flash drives
                   Virus Protection
There are four basic steps to computer virus
protection:
   1) Prevention by installing virus protection software;

   2) Detection by running the anti-virus software on a regular
   basis;

   3) Eradication by quarantining and deleting the virus;

   4) Communication by informing the anti-virus software creators
   of a virus for further investigation.

http://www.intel.com
              Malicious Code
• Malicious Code is a computer program code that is
  written with the intent to harm, destroy, or annoy.
  Viruses are malicious code. Other malicious codes
  include:
   – Worm is a self-duplicating program that works through
     computer networks and sends copies of itself to other
     systems.

   – Trojan horse claims to do one thing but actually does
     another when downloaded.

   – Spyware is a program running in the background that
     monitors the user’s computer activities.
           Security Measures
The district provides security through the use of:

• Anti-Virus Software that attempts to identify and eliminate
  computer viruses and other malicious software by:

        -- Scanning files to look for known viruses matching
           dictionary definitions in a virus scan program.

        -- Identifying suspicious behavior from any computer
           program by using data captures, port monitoring, and
           other methods that detect infection.
Security Measures (continued)
 • Firewall protection is software or hardware
   designed to block hackers from accessing the
   computer network by making the computer
   network invisible on the Internet and enabling it to
   block communications from unauthorized sources.
Security Measures (continued)
• Data backup is the process of regularly saving the
  system data and storing it offsite to protect the district
  in the event of hardware failure or accidental
  deletions, and also protect staff and students against
  unauthorized or accidental changes made to file
  contents.
                Enforcement
• Any user identified as a security risk may be denied
  access to the District’s computing facility (with or
  without advanced notice).

• The district will report all violations or suspected
  violations of district, local, state, or federal laws and
  policies to the appropriate administrator, agency, or
  law enforcement authority, and will cooperate fully in
  the investigation of any activity that may violate
  established law or doctrine.
References
Laws
   (FERPA) http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
   (PPRA) http://www.ed.gov/policy/gen/guid/fpco/ppra/index.html
   (CIPA) http://www.fcc.gov/cgb/consumerfacts/cipa.html


Works Cited
   Bitpipe. (2006). Cybersecurity. Retrieved on December 3, 2006 at
              http://www.bitpipe.com/tlist/Cybersecurity.html.
   CERIAS. 2003. Community awareness through K-12 school. Retrieved on December 3, 2006 at
             http://www.cerias.purdue.edu/education/k-12/community_awareness/.
   i-Safe. (2004). Cyber Security. Retrieved on September 30, 2006 at http://www.i-safe.com.
   Oconomowoc Area School District. (2001). Computer, internal network, electronic mail, and Internet safety policy. No. 363.2.
             Oconomowoc, WI.
   Rungta, S., Raman A., Kohlenberg, T., Li, H., Dave, M., and Kime, G. (2006). Bringing security actively
             into enterprise. Retrieved on December 3, 2006 at http://www.intel.com.
   Sellers, J. (1994). Primary and Secondary School Internet User Questions. Retrieved on December 3,
              2006 at http://www.virtualschool.edu/mon/K12/K12InternetFAQ.html.
   Wolf, W. A. (2001). Cyber security: Beyond the Maginot line. Retrieved on December 3,
             2006 at http://www.nae.edu/nae/naehome.nsf/weblinks/MKEZ542KBP?OpenDocument

								
To top