Data Privacy & Security Service Digital Digest_Fall 2017

Data Privacy & Security Service

Issue 9


Additional Resources

The following organizations provide free and discounted cybersecurity-related pro- fessional development to school district staff.

The National CyberWatch Center (NCC) is a consortium of higher education in- stitutions, public and private schools, businesses, and government agencies focused on collaborative efforts to ad- vance cybersecurity education and strengthen the national cybersecurity workforce .

Center for Internet Security (CIS) and SANS Partnership

The partnership between SANS and the Center for Internet Security draws on the shared mission to ensure that InfoSec practitioners in critical organizations have the skills needed to protect national security and enhance the cyber security readiness and response of state, provincial, local, tribal and territorial government entities. This program offers both security awareness and online technical training courses to qualifying organizations at a substantial cost savings.

Online Training from SANS Institute is a flexible and effective option for information security professionals of all experi- ence levels to complete SANS' top training. The training is available via OnDemand or vLive Online Training formats - each offering slightly different features so that students can choose the workflow, interaction and speed of training that they pre- fer. Security Awareness training is a critical component of a comprehensive security program. Compliance and behavior change becomes difficult for non-technical individuals without the proper content. SANS Security Awareness offers a comprehensive solution for end users and individuals of all levels with expert-authored content.

Through a partnership with CIS, school districts receive up to 70% discounted pricing during aggregate purchase windows available twice a year (June 1 - July 31 & December 1 – January 31). See Aggregate Buy Program price sheet.

To participate, districts must be a member of Multi-State Information Sharing & Analysis Center (MS-ISAC). There is no cost to join but it requires the completion of a membership agreement. For more information, contact CIS at or (518) 266-3460.


In this Comptroller’s Corner, we feature an audit of the Rye Neck Union Free School District issued November 2016 that states, “The Board has not developed adequate policy and

procedures to ensure that District employees receive proper cyber security training to protect District IT assets…The lack of formal cyber security training increases the risk of District employees acting in a manner that could compromise District IT assets and security.” The Comptroller recommended that District officials should, “Ensure that employees receive formal IT security training on an ongoing basis that reflects current risks identified by the IT community.” In its response to the findings, the District stated that it had “added security awareness training to our list of required annual training for all employees.” Be sure to review and update your Board policy and procedures as necessary as it relates to cybersecurity staff training, and to document evidence of implementation.

View the contents of the full audit here .


Made with FlippingBook HTML5