1 / 23

Security Policies needed for K-12 Environment

Security Policies needed for K-12 Environment . Student: PETER SILL Consulting Professor : SAEED RAJPUT. Introduction. The use of the Internet in schools has increased over the years especially in the K-12 environment. Pew research 2013

livia
Télécharger la présentation

Security Policies needed for K-12 Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Policies needed for K-12 Environment Student: PETER SILL Consulting Professor : SAEED RAJPUT

  2. Introduction The use of the Internet in schools has increased over the years especially in the K-12 environment. Pew research 2013 • 73% of AP teachers say that they and/or their students use their mobile phones in the classroom or to complete assignments • 45% report they or their students use e-readers and 43% use tablet computers in the classroom or to complete assignments

  3. There has been an increase in physical security (which is needed) in the K-12 environment. (Sandy Hook, Pennsylvania stabbing) No increase in the computing infrastructure even though there is an increase in usage.

  4. Security AssessmentA report that documents the vulnerabilities discovered during security assessment activities. It also provides an assessment of the risks associated with the possible exploitation of those vulnerabilities.

  5. NIST Recommended Steps for Risk Analysis • Step 1 System Characterization • Step 2 Threat Identification • Step 3 Vulnerability Identification • Step 4 Control Analysis • Step 5 Likelihood Determination • Step 6 Impact Analysis • Step 7 Risk Determination • Step 8 Control Recommendations • Step 9 Results Documentation

  6. My Focus

  7. Focus of My Directed Project

  8. Step 1 System Characterization • Define the scope of the effort. • Boundaries of the IT system are identified, • Resources and the information that constitute the system. • Gather System-Related Information • Hardware • Software • System interfaces (e.g., internal and external connectivity) • Data and information • System and data criticality (e.g., the system’s value or importance to an organization) • System and data sensitivity

  9. Step 1 System Characterization

  10. Step 1 System Characterization

  11. Step 1 System Characterization

  12. Step 1 System Characterization

  13. Role Access for Faculty, Staff, Parents

  14. Role Access for Students

  15. Step 2 Threat Identification

  16. Our Threat Identification

  17. Step 3 Vulnerability Identification

  18. Our Vulnerability Identification

  19. Recommendations based on threats and vulnerabilities

  20. Recommendations

  21. Conclusion • Hands on experience in doing security assessment. • Realized there was not a lot of information in the K-12 environment • Had to research on NIST guidelines and how it is applied to perform an analysis. • Did analysis on System Characterization • Did analysis on Threat Identification • Did analysis on Vulnerability Identification • Interviews with teachers, Directors, It support staff • Created illustrations and Tables

  22. Conclusion cont’d • Created a structured paper • I understand what needs to be done to do a Security Assessment • In the end I identified the Threat and vulnerability identification and provided recommendation to mitigate these threats and vulnerabilities and still provide a high level of protection.

More Related