SAFETY_and_SECURITY


Security Awareness Begins with You!

Internet Safety Policy: CIPA requires the adoption and enforcement of an “Internet safety policy” covering the filtering & use of the Internet. For schools, the policy must also address “monitoring the online activities of minors.”


As an employee of a governmental agency, best practices require that everyone be trained in Security and Awareness procedures. You will be given a short awareness information reading assignment with corresponding assessment each month (or as necessary). Please make time to complete these training exercises.

SECURITY PD POLICY
   VOCABULARY:  

"Social Engineering" = getting YOU to respond (click on or provide information to a fraudulent source) by making the SCAM look like something you would normally do every day.

THERE is ONLY ONE way to block this activity--EDUCATE the end user = YOU!


IT is imperative that ALL  Arp ISD folks know what to do when being SCAMMED. Tyler ISD just sent out W2 Forms to a scammer

Arp ISD will NOT be SCAMMED! You may introduce these lessons to your students (6th-12th) as well. PLEASE complete your Security PD

  1. SECURITY ISSUE 1 - Click Here and make sure you complete the assignment by taking the corresponding Assessment.
  2. SECURITY ISSUE 2 - Click Here and make sure you complete the assignment by taking the corresponding Assessment.
  3. SECURITY ISSUE 3 - Click Here and make sure you complete the assignment by taking the corresponding Assessment.
  4. SECURITY ISSUE 4-- CHECK LIST --Click Here and follow directions 
  5. SECURITY ISSUE 5 --CLICK HERE and follow directions
    • SECURITY ISSUE 6 - Read this Article: Requiring Teacher Security Training for Student Privacy  and sign compliance form
    • WATCH this VIDEO about Social Media    
      READ Socal Media Guidelines for Arp ISD and Sign the Compliance Form
    • SECURITY ISSUE 7 --CLICK HERE and follow directions
    • FBI ACTIVE SHOOTER PREPAREDNESS PLAN
        10. SECURING DATA TRANSFERS (for secretaries only)



    External Threat Deterrence
    • Ensure all doors and windows are in good repair and lock properly 
    • Lock overhead and receiving doors with high-quality padlocks
    • Install cameras at all access points to allow or disallow "buzz-ins" as needed 
    • Light all exterior entries with fixtures that are difficult to reach or tamper with 
    • Add surveillance cameras and motion detectors in appropriate areas  
    • Add a locked door or barrier as a first line of defense if necessary with appropriate signage according to access under CJIS laws
    • Ensure hidden areas are well protected. They are the most vulnerable areas  
    • Leverage a monitored intrusion system to help deter crime and to alert emergency personnel if a crime event occurs
    • All data transfers and backups offsite are encrypted with 256 bit data encryption procedures. 

    Internal Threat Deterrence
    • Running background checks on potential employees before making a job offer 
    • Restrict who has access to your security system’s arm and disarm codes
    • Restrict access to all infrastructure components (NOC, IDFs, MDFs) Post warning signs: Prosecution under CIIS Security Act.
    • If providing keys/access cards, give them only to those employees who need them for their jobs 
    • Employ an access control system – access cards are difficult to copy, cost less and are easier than keys to replace if lost or stolen 
    • Use security cameras that record to monitor areas where money is kept and where valuable equipment is used or stored. Cameras are a strong deterrent to theft.
    • Deploy an intrusion detection system and train employees on coded phrases
    • Maintain temperature control and alert devices, temperature probes and fire alarms
    • Deploy halogen fire suppression system for the Network Operations Center instead of a water sprinklers.
    • Access control all inventory, storerooms, maintenance equipment entrance and exit points.
    • Practice safe & exemplary backup/recovery procedures (A, B, C, D backups to different locations- each campus, UT Health Center & Cloud backup through Spanning and Region 20)
    • Require employees to run updates and scanning programs on all machines under their care
    • All faculty members are responsible for monitoring and teaching students concerning Internet Safety (CIPA & DOPPA), Student Privacy, Anty-bullying, Acceptable Use Policies, and Ethical Use of district digital resources. 
    • The District deploys the Auditor Filter to monitor for cyberbullying and harmful threats in emails. 
    Crisis Management & Preparedness
    • Make sure all employees are trained on security, privacy, and emergency procedures, then perform regular drills 
    • Keep your emergency contact list updated 
    • Test your security systems monthly to make sure they are working properly 
    • Review your log reports weekly to look for irregularities and before too much time has passed 
    • Carefully train new employees to ensure safety and security procedures are being followed\
    • Keep critical data on offsite servers and backup storage devices. 
    • Keep employees informed of all current threats such as maleware, spyware, trojans, viruses, and socially engineered SCAMS
    • Require all employees to report any suspicious behavior or unauthorized access to digital or hardware resources. 
    • Update policies regularly to stay ahead of threats and emergency procedures. 

    RESOURCES


    Comments