Cybersafety

1. Cybersafety: The safe and responsible use of technology (Source), of which digital citizenship plays a key role

   1. Cyberbullying: Cyberbullying is bullying that takes place over digital devices like cell phones, computers, and tablets. Cyberbullying can occur through SMS, Text, and apps, or online in social media, forums, or gaming where people can view, participate in, or share content. Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation. Some cyberbullying crosses the line into unlawful or criminal behavior (Source).

   2. Digital Citizenship: The self-monitored habits that sustain and improve the digital communities you enjoy or depend on (Source)

Cybersecurity

1. Cybersecurity: Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security (Source)

   1. Content Filters: On the Internet, content filtering (also known as information filtering) is the use of a program to screen and exclude from access or availability Web pages or e-mail that is deemed objectionable (Source)

   2. Data Breach: A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property (Source).

   3. Denial of Service (DOS)/Distributed Denial of Service (DDOS) Attack: A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses (Source). In a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more (Source).

   4. Firewall: Software/hardware that blocks external attacks from malicious attackers

   5. Malware: A catch-all term for malicious software targeting computers and mobile devices. 170M malware events in 2014 (Source).

   6. Personally Identifiable Information (PII): Personally identifiable information (PII), or sensitive personal information (SPI), as used in information security and privacy laws, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context (Source).

   7. Phishing: An attack that impersonate user(s) to obtain data access via email. Nearly 50% of users fall for this.

   8. Point of Sale (POS) Intrusion: An attack that targets a device transacting a sale. Account for 30% of data breaches.

   9. Ransomware: A form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities (Source).

   10. Safe Harbor: The concept of “Safe Harbor” refers to specific actions, example; encryption of private data, that an individual or an organization can take to show a good-faith effort in complying with the law. This good-faith effort provides a person or organization “Safe Harbor” against prosecution under the law (Grama, 2015, pg.253). The State of Texas Statute 521.002 states that when a an individual’s first name or first initial and last name are combined with other private information, example, Social Security Number, that the information must be encrypted. (Source)

   11. Web App Attack: A web-based attack that relies on http/https protocol to target a website. Ten to twelve percent of data breaches occur as a result of this form of attack (2014) (Source).

Insight #1 – Cross-Departmental Collaboration

“Process. The process has to involve HR, Business Office, and M&O,” said David Jacobson (Lamar Consolidated ISD). The Executive Director of Technology for Round Rock ISD agreed. “It’s the processes and procedures, working with all the other customers.

We have to get them to understand the importance of planning. One way is to do tabletop exercises to practice to see what we would do in the event of an event,” said Mark Gabehart (Round Rock ISD).

Insight #2 – Disaster Recovery Planning Resources

“There are genuine resources out there to put plans together. It’s been frustrating to find resources, but now I know about various resources. We have a disaster recovery plan, but I didn’t realize how huge the business continuity plan was. How do we continue doing business?” It’s unsettling to realize that if you have no equipment to load all your backup data into and make it work, your district can’t overcome the disaster. What’s worse, the cost of recreating a network operations center (NOC) would be exorbitant, not to mention duplicating network/internet connections to district locations.

To help you think through these issues, here are a few documents shared at the Technology Leadership Summit:

• Michael Knight (CEO/CTO of Encore Technologies, TLS17 Event Sponsor) shared his slide deck on the topic, providing several snapshots documenting the evolution of disaster recovery from multiple NOCs to the hybrid cloud.

• Frosty Walker (Chief Information Security Officer of Texas Education Agency) shared resources available at the Texas Gateway, including the DIR Incident Response Team redbook.

• David Carpenter (Huffman ISD) on I’ve Been Hacked…Now What?

Directions

1. Pick ONE video to watch.

2. Watch the video.

3. In the chat, share the link to the video you watched. Then, share your thoughts about the situation. How would YOU have handled it differently?

Scenario #1: Teacher Password

A teacher has written down his login information to the new student information system on a sticky note and put it on his desk. While he is gone, a couple of students discover the note. They then use the teacher’s login to access the system after hours and change students’ grades. Additionally, since the teacher used the same password on other internal systems, the students were also able to access other systems with sensitive employee data, including Social Security numbers and other private information.

Scenario #2 - External Drive

“John,” began Liz, the PEIMS Data Clerk at the high school. Tears started to stream down her face. “I saved some work out of iTCCS to take home and analyze last night onto my USB drive. This morning, when I went to pick up my coffee from Starbucks, I think it fell out of my purse while I was paying. I can’t find it and I’ve looked everywhere.”

Liz paused then said, “I had the entire freshman class’ data on in an encrypted file. What do I do?”

Scenario #3 - Emailed File

When Melodie, an elementary school principal, opened her email on her phone, she saw that Jake had sent her the Excel spreadsheet with student names, IDs, addresses and much more for her campus. She quickly opened the file in her phone’s Excel viewer. She ignored that a copy of the file was saved somewhere on her phone. Satisfied she had received the correct information, she forwarded the email with attachment to her secretary to begin processing for the mail merge to send custom flyers to parents.