SAFETY_and_SECURITY

  • Security Awareness Begins with You!

    		 BEGIN PD

    Internet Safety Policy: CIPA requires the adoption and enforcement of an “Internet safety policy” covering the filtering & use of the Internet. For schools, the policy must also address “monitoring the online activities of minors.” (See Cybersecurity Policy below)


    As an employee of a governmental agency, best practices require that everyone is trained in Security and Awareness procedures. You will be given a short awareness information reading assignment with corresponding assessment each month (or as necessary). Please make time to complete these training exercises.

    SECURITY PD POLICY
       VOCABULARY:  

    "Social Engineering" = getting YOU to respond (click on or provide information to a fraudulent source) by making the SCAM look like something you would normally do every day.

    THERE is ONLY ONE way to block this activity--EDUCATE the end-user = YOU!


    IT is imperative that ALL  Arp ISD folks know what to do when being SCAMMED. Tyler ISD just sent out W2 Forms to a scammer

    Arp ISD will NOT be SCAMMED! You may introduce these lessons to your students (6th-12th) as well. PLEASE complete your Security PD


    1. READ Socal Media Guidelines for Arp ISD and Sign the Compliance Form

      2. CAMPUS SAFTEY ISSUES



      External Threat Deterrence
      • Ensure all doors and windows are in good repair and lock properly 
      • Lock overhead and receiving doors with high-quality padlocks
      • Install cameras at all access points to allow or disallow "buzz-ins" as needed 
      • Light all exterior entries with fixtures that are difficult to reach or tamper with 
      • Add surveillance cameras and motion detectors in appropriate areas  
      • Add a locked door or barrier as the first line of defense if necessary with appropriate signage according to access under CJIS laws
      • Ensure hidden areas are well protected. They are the most vulnerable areas  
      • Leverage a monitored intrusion system to help deter crime and to alert emergency personnel if a crime event occurs
      • All data transfers and backups offsite are encrypted with 256-bit data encryption procedures. 

      Internal Threat Deterrence
      • Running background checks on potential employees before making a job offer 
      • Restrict who has access to your security system’s arm and disarm codes
      • Removing ALL personal information files and data files from the desktop
      • Restrict access to all infrastructure components (NOC, IDFs, MDFs) Post warning signs: Prosecution under CIIS Security Act.
      • If providing keys/access cards, give them only to those employees who need them for their jobs 
      • Employ an access control system – access cards are difficult to copy, cost less and are easier than keys to replace if lost or stolen 
      • Use security cameras that record to monitor areas where the money is kept and where valuable equipment is used or stored. Cameras are a strong deterrent to theft.
      • Deploy an intrusion detection system and train employees on coded phrases
      • Maintain temperature control and alert devices, temperature probes, and fire alarms
      • Deploy halogen fire suppression system for the Network Operations Center instead of a water sprinklers.
      • Access control all inventory, storerooms, maintenance equipment entrance and exit points.
      • Practice safe & exemplary backup/recovery procedures (A, B, C, D backups to different locations- each campus, UT Health Center & Cloud backup through Spanning and Region 20)
      • Require employees to run updates and scanning programs on all machines under their care
      • All faculty members are responsible for monitoring and teaching students concerning Internet Safety (CIPA & DOPPA), Student Privacy, Anty-bullying, Acceptable Use Policies, and Ethical Use of district digital resources. 
      • The District deploys the Auditor Filter to monitor for cyberbullying and harmful threats in emails. 
      Crisis Management & Preparedness
      • Make sure all employees are trained on security, privacy, and emergency procedures, then perform regular drills 
      • Keep your emergency contact list updated 
      • Test your security systems monthly to make sure they are working properly 
      • Review your log reports weekly to look for irregularities and before too much time has passed 
      • Carefully train new employees to ensure safety and security procedures are being followed\
      • Keep critical data on offsite servers and backup storage devices. 
      • Keep employees informed of all current threats such as malware, spyware, trojans, viruses, and socially engineered SCAMS
      • Require all employees to report any suspicious behavior or unauthorized access to digital or hardware resources. 
      • Update policies regularly to stay ahead of threats and emergency procedures. 
    2. RESOURCES

    4. PROTECTING STUDENT DATA