1. Be CyberSMART! Addressing Safe and Appropriate Technology Use in Northside Administrator Institute July 26, 2006 Kelly Smith Assistant Superintendent for Technology Services
2.
3.
4.
5. S = Security M = Manners A = Acceptable Use R = Responsibility T = Training
28. S = Security M = Manners A = Acceptable Use R = Responsibility T = Training
29.
30.
31.
32.
33.
34. S = Security M = Manners A = Acceptable Use R = Responsibility T = Training
35.
36. Discussion Break Let’s discuss those scenarios! Great idea! What are some important points?
37.
38.
39. Be CyberSMART! Addressing Safe and Appropriate Technology Use in Northside Administrator Institute July 26, 2006 Kelly Smith Assistant Superintendent for Technology Services
Editor's Notes
Consider these questions : Would you want your own SS# shared with just anyone? Would you want your own child’s name and address shared with just anyone? Have you come to rely on our network and information systems and want them to be tamper-proof and available? Do you want the community to trust our ability to protect sensitive data? Why – student safety, voter support, etc. Do you want to be “at fault” if and when sensitive data is compromised?
As more districts centralize academic and other information to make data-driven decisions—as encouraged under No Child Left Behind —they leave themselves even more vulnerable to risk. Open environment = data is available / accessible for parents, employees, and students when they have a legal or legitimate need to know (CMS, Parent Connection, Winocular, etc.) Reports of students’ in other districts gaining access to school networks to change grades, delete teachers’ files, or steal data are becoming more common. Unlike 10 years ago, people don’t have to be computer geeks to become hackers. Online chat rooms, listservs, and Web sites give step-by-step directions on how to hack and make it easy for students—and anyone else—to tap into networks rich with confidential data.
TEC-02 USER/WORKSTATION SECURITY MEASURES Use passwords that are unique and not easily guessed. Passwords should not be easily accessible to others or stored near the computer. Recommended password guidelines are as follows: a. Minimum of 8 characters in length b. Alphanumeric c. Upper and lower case d. At least one special character TEC-01 ELECTRONIC COMMUNICATION AND DATA MANAGEMENT TEC-10 MOBILE TECHNOLOGY EQUIPMENT SECURITY MEASURES Set a password that is not easily guessed on mobile devices · Laptops Computers · Personal Digital Assistants (PDA) · Pocket Personal Computers (Pocket PCs) · Password Capable Storage Devices (e.g. USB Flash Drives)
TEC-10 MOBILE TECHNOLOGY EQUIPMENT SECURITY MEASURES Be extremely careful about the type of data stored on the mobile equipment. Personnel are responsible for the NISD data stored on the mobile equipment. Do not store sensitive or confidential data on the device without realizing the risk assumed by doing so. The disclosure of certain types of information does violate federal regulations such as CIPA, HIPPA, FERPA, etc. and could result in a federal violation. Do not share or loan your device with others for non-business use at any time. Personnel are responsible for the physical safeguarding of District mobile technology equipment TEC-02 USER/WORKSTATION SECURITY MEASURES lock the workstation or log out when leaving the area requires password protected screensavers Keyloggers : a type of surveillance software that has the capability to record every keystroke you make to a log file. A keylogger can record account information (i.e., usernames and passwords), e-mail, and any information you type at any time using your keyboard. The log file can then be used by someone to gain unauthorized access to your data. Keyloggers are not illegal and HS students know all about them! Dumpster diving : going through the garbage fo paper copies of sensitive data Phishing : uses a combination of e-mail messages and fake Web sites to convince users they are dealing with a major company to try to trick someone into electronically sharing personal data such as a Social Security or credit card number. Social engineering / pre-texting : influencing and manipulating people into innocently giving away confidential data, often by pretending to be somebody in an “official” capacity
The Internet is an important teaching tool used in Northside ISD classrooms and libraries. The Internet can, however, provide students with access to inappropriate material. Federal law ( CIPA - Children's Internet Protection Act, 2001 ) requires school districts to use "filtering" software to block access to content that is obscene, pornographic, inappropriate for students, or harmful to minors, as defined by CIPA and as determined by the District. NISD currently filters content in approximately 35 categories / subcategories, reviewed annually (e.g., Nudity, Gambling, Racism and Hate; see online document for others) Internet Safety Committee reviews requests to unblock / block specific sites as necessary