SAFETY and SECURITY
Texas Student Privacy Alliance (Arp ISD is a Member)
Vendor Agreements in Place (no exhibit)
Vendor Agreements in Place (with exhibit)
Search for Vendor (Resource) Agreement
If one district already has signed a DPA with a vendor, you can piggyback off that agreement by just submitting an Exhibit E.
Arp ISD Safety & Security Plan
TEAMS
Arp ISD has formulated security campus teams made up of administrators, students, teachers, and parents on each campus to help identify security concerns. Each team is responsible for making recommendations to the District Security Team made up of directors from all departments, campus security officers, counselors, first responders, and administrators. The teams go through the safety and security audits every other year and stay vigilant as to new technologies and recommendations from Homeland Security, Texas Education Agency, The FBI, CISA, MS-ISAC Advisories, and others.
UPDATES and PD
Arp ISD Cybersecurity Officer keeps the district updated with policies, procedures, news, and current threats on a regular basis through email, online PD, and required Security Training. All employees are required to complete the Safety and Cybersecurity training provided by the district. A daily Cybersecurity Calendar is provided to all faculty members for sharing with students (Inspired eLearning). Security updates include notifications from Homeland Security on the latest Phishing Schemes.
All students are instructed in Cybersecurity and safety modules and must pass an Acceptable Use Policy exam for their grade level before they are able to gain access to the network.
The Arp Tech Department uses Homeland Security Alerts to block malware-injected IP addresses and to blacklist malicious sites.
EMERGENCY COMMUNICATION
Arp ISD is committed to providing all stakeholders with immediate communication as required to keep all stakeholders safe and protected. The district employs several logging and notification programs for alerting the appropriate staff to cybersecurity issues, cyberbullying, and self-harm notifications. Additionally, the district employs a panic button application for all phones as well as handset radios and a desktop Alertus program.
NOTIFICATION of BREACH
Arp ISD will notify TEA of any data breach dealing with student information. The form for notification can be found here.
ABCD BACKUP SCHEDULES
Arp ISD utilizes multiple backup sites and schedules to protect the district's critical and private data. We schedule offsite data backups each night, weekly offsite and cloud backups, and external drive backups detached from the network and stored in a fire-safe on a monthly schedule. Arp ISD also employs a 3rd party backup (Spanning) to all G Suite products for faculty and staff as well as Google Vault for email.
NETWORK PROTECTION
Arp ISD utilizes multiple enterprise protection services for prohibiting malware, adware, spyware, and viruses. All devices are monitored and tracked for excessive bandwidth usage and possible infection. All IDFs, MDFs, and NOC are protected by secure locations and monitored for temperature, power outages, and humidity. All critical stations and servers a connected to UPS units to enable graceful power-down procedures. All wiring closets are connected to IP cameras for intrusion protection.
Security Awareness Begins with You!
BEGIN PD
Internet Safety Policy: CIPA requires the adoption and enforcement of an “Internet safety policy” covering the filtering & use of the Internet. For schools, the policy must also address “monitoring the online activities of minors.” (See Cybersecurity Policy below)
As an employee of a governmental agency, best practices require that everyone is trained in Security and Awareness procedures. You will be given a short awareness information reading assignment with a corresponding assessment each month (or as necessary). Please make time to complete these training exercises.
VOCABULARY:
"Social Engineering" = getting YOU to respond (click on or provide information to a fraudulent source) by making the SCAM look like something you would normally do every day.
THERE is ONLY ONE way to block this activity--EDUCATE the end-user = YOU!
IT is imperative that ALL Arp ISD folks know what to do when being SCAMMED. Tyler ISD just sent out W2 Forms to a scammer
Arp ISD will NOT be SCAMMED! You may introduce these lessons to your students (6th-12th) as well. PLEASE complete your Security PD
SECURITY ISSUE 1: REQUIRED (HB 3834): CYBERSECURITY POLICY
SECURITY SSSUE 2: REQUIRED (HB 3834): CYBERSECURITY TRAINING & QUIZ PAPER COPY PAPER QUIZ
INFOSEC IQ - an email was sent to you, if you need another email let me know
IAN Video - IAN User Training
SECURITY ISSUE 3 - Click Here and make sure you complete the assignment by taking the corresponding Assessment.
SECURITY ISSUE 4 - Click Here and make sure you complete the assignment by taking the corresponding Assessment.
SECURITY ISSUE 5 - Click Here and make sure you complete the assignment by taking the corresponding Assessment.
SECURITY ISSUE 6-- CHECKLIST --Click Here and follow directions
SECURITY ISSUE 7 --CLICK HERE and follow directions
SECURITY ISSUE 8 - Read this Article: Requiring Teacher Security Training for Student Privacy and sign the compliance form
SECURITY ISSUE 9: WATCH this VIDEO about Social Media
READ Socal Media Guidelines for Arp ISD and Sign the Compliance Form
SECURITY ISSUE 10 --CLICK HERE and follow directions
SAFETY - Child Sexual Abuse and What are the Signs? Fill out this form when you have read the entire article.
CAMPUS SAFTEY ISSUES
(1) FBI ACTIVE SHOOTER PREPAREDNESS PLAN -
quick reference
TAKE the QUIZ
(2) SECURING DATA TRANSFERS (for secretaries only)
(5) HOW CAN YOU TELL IF YOUR MACHINE IS INFECTED?
Read the ARTICLE and then TAKE the QUIZ (only 5 questions)
SECURITY, PRIVACY, and CRISIS MANAGEMENT for TECHNOLOGY DEPARTMENT
External Threat Deterrence
Ensure all doors and windows are in good repair and lock properly
Lock overhead and receiving doors with high-quality padlocks
Install cameras at all access points to allow or disallow "buzz-ins" as needed
Light all exterior entries with fixtures that are difficult to reach or tamper with
Add surveillance cameras and motion detectors in appropriate areas
Add a locked door or barrier as the first line of defense if necessary with appropriate signage according to access under CJIS laws
Ensure hidden areas are well protected. They are the most vulnerable areas
Leverage a monitored intrusion system to help deter crime and to alert emergency personnel if a crime event occurs
All data transfers and backups offsite are encrypted with 256-bit data encryption procedures.
Internal Threat Deterrence
Running background checks on potential employees before making a job offer
Restrict who has access to your security system’s arm and disarm codes
Removing ALL personal information files and data files from the desktop
Restrict access to all infrastructure components (NOC, IDFs, MDFs) Post warning signs: Prosecution under CIIS Security Act.
If providing keys/access cards, give them only to those employees who need them for their jobs
Employ an access control system – access cards are difficult to copy, cost less and are easier than keys to replace if lost or stolen
Use security cameras that record to monitor areas where the money is kept and where valuable equipment is used or stored. Cameras are a strong deterrent to theft.
Deploy an intrusion detection system and train employees on coded phrases
Maintain temperature control and alert devices, temperature probes, and fire alarms
Deploy halogen fire suppression system for the Network Operations Center instead of a water sprinklers.
Access control all inventory, storerooms, maintenance equipment entrance and exit points.
Practice safe & exemplary backup/recovery procedures (A, B, C, D backups to different locations- each campus, UT Health Center & Cloud backup through Spanning and Region 20)
Require employees to run updates and scanning programs on all machines under their care
All faculty members are responsible for monitoring and teaching students concerning Internet Safety (CIPA & DOPPA), Student Privacy, Anty-bullying, Acceptable Use Policies, and Ethical Use of district digital resources.
The District deploys the Auditor Filter to monitor for cyberbullying and harmful threats in emails.
Crisis Management & Preparedness
Make sure all employees are trained on security, privacy, and emergency procedures, then perform regular drills
Keep your emergency contact list updated
Test your security systems monthly to make sure they are working properly
Review your log reports weekly to look for irregularities and before too much time has passed
Carefully train new employees to ensure safety and security procedures are being followed\
Keep critical data on offsite servers and backup storage devices.
Keep employees informed of all current threats such as malware, spyware, trojans, viruses, and socially engineered SCAMS
Require all employees to report any suspicious behavior or unauthorized access to digital or hardware resources.
Update policies regularly to stay ahead of threats and emergency procedures.
