Crisis Management Plan	Cybersecurity Policy     Cybersecurity Plan       QUIZ
Texas Cybersecurity Framework (Adopted by Board)	Parents & Cybersecurity



Arp ISD Safety & Security Plan           


TEAMS


Arp ISD has formulated security campus teams made up of administrators, students, teachers, and parents on each campus to help identify security concerns. Each team is responsible for making recommendations to the District Security Team made up of directors from all departments, campus security officers, counselors, first responders, and administrators. The teams go through the safety and security audits every other year and stay vigilant as to new technologies and recommendations from Homeland Security, Texas Education Agency, The FBI, CISA, MS-ISAC Advisories, and others. 


UPDATES and PD


Arp ISD Cybersecurity Officer keeps the district updated with policies, procedures, news, and current threats on a regular basis through email, online PD, and required Security Training. All employees are required to complete the Safety and Cybersecurity training provided by the district. A daily Cybersecurity Calendar is provided to all faculty members for sharing with students (Inspired eLearning). Security updates include notifications from Homeland Security on the latest Phishing Schemes. 


All students are instructed in Cybersecurity and safety modules and must pass an Acceptable Use Policy exam for their grade level before they are able to gain access to the network. 


The Arp Tech Department uses Homeland Security Alerts to block malware injected IP addresses and to blacklist malicious sites. 

EMERGENCY COMMUNICATION

Arp ISD is committed to providing all stakeholders with immediate communication as required to keep all stakeholders safe and protected. The district employs several logging and notification programs for alerting the appropriate staff to cybersecurity issues, cyberbullying, and self-harm notifications. Additionally, the district employs a panic button application for all phones as well as handset radios, and a desktop Alertus program. 

NOTIFICATION of BREACH

Arp ISD will notify TEA of any data breach dealing with student information. The form for notification can be found here. 

ABCD BACKUP SCHEDULES

Arp ISD utilizes multiple backup sites and schedules to protect the district's critial and private data. We schedule offsite data backups each night, weekly offsite and cloud backup, and external drive backups detached from network and stored in a fire safe on a monthly schedule. Arp ISD also employs a 3rd party backup (Spanning) to all G Suite products for faculty and staff as well as Google Vault for email. 

NETWORK PROTECTION

Arp ISD utilizes multiple enterprise protection services for prohibiting malware, adware, spyware, and viruses. All devices are monitored and tracked for excessive bandwidth usage and possible infection. All IDFs, MDFs, and NOC are protected by secure locations and monitored for temperature, power outages, and humidity.  All critical stations and servers a connected to UPS units to enable graceful powerdown procedures. All wiring closets are connected to IP cameras for intrusion protection. 

• Security Awareness Begins with You!

  BEGIN PD Internet Safety Policy: CIPA requires the adoption and enforcement of an “Internet safety policy” covering the filtering & use of the Internet. For schools, the policy must also address “monitoring the online activities of minors.” (See Cybersecurity Policy below) As an employee of a governmental agency, best practices require that everyone is trained in Security and Awareness procedures. You will be given a short awareness information reading assignment with corresponding assessment each month (or as necessary). Please make time to complete these training exercises. SECURITY PD POLICY    VOCABULARY:   "Social Engineering" = getting YOU to respond (click on or provide information to a fraudulent source) by making the SCAM look like something you would normally do every day. THERE is ONLY ONE way to block this activity--EDUCATE the end-user = YOU! IT is imperative that ALL  Arp ISD folks know what to do when being SCAMMED. Tyler ISD just sent out W2 Forms to a scammer Arp ISD will NOT be SCAMMED! You may introduce these lessons to your students (6th-12th) as well. PLEASE complete your Security PD

• SECURITY ISSUE 1: REQUIRED (HB 3834): CYBERSECURITY POLICY   SECURITY SSSUE 2: REQUIRED (HB 3834): CYBERSECURITY TRAINING & QUIZ    PAPER COPY    PAPER QUIZ INFOSEC IQ - an email was sent to you, if you need another email let me know IAN Video -  IAN User Training HOUSE BILL 944 Letter to Employees SECURITY ISSUE 3 - Click Here and make sure you complete the assignment by taking the corresponding Assessment. SECURITY ISSUE 4 - Click Here and make sure you complete the assignment by taking the corresponding Assessment. SECURITY ISSUE 5 - Click Here and make sure you complete the assignment by taking the corresponding Assessment. SECURITY ISSUE 6-- CHECKLIST --Click Here and follow directions  SECURITY ISSUE 7 --CLICK HERE and follow directions SECURITY ISSUE 8 - Read this Article: Requiring Teacher Security Training for Student Privacy  and sign the compliance form SECURITY ISSUE 9: WATCH this VIDEO about Social Media     READ Socal Media Guidelines for Arp ISD and Sign the Compliance Form SECURITY ISSUE 10 --CLICK HERE and follow directions SAFETY - Child Sexual Abuse and What are the Signs?  Fill out this form when you have read the entire article.  CAMPUS SAFTEY ISSUES (1) FBI ACTIVE SHOOTER PREPAREDNESS PLAN -  quick reference Watch FBI Active Shooter Video TAKE the QUIZ  (2) SECURING DATA TRANSFERS (for secretaries only)  (3) SOCIAL MEDIA POLICY (4) SAFETY & SECURITY POLICY     TAKE the QUIZ (5) HOW CAN YOU TELL IF YOUR MACHINE IS INFECTED? Read the ARTICLE and then TAKE the QUIZ (only 5 questions) (6) An Addendum to the District Safety & Security Policies is the Crisis management policy for the Technology Department (7) Parent Online Safety Resources SECURITY, PRIVACY, and CRISIS MANAGEMENT for TECHNOLOGY DEPARTMENT External Threat Deterrence Ensure all doors and windows are in good repair and lock properly  Lock overhead and receiving doors with high-quality padlocks Install cameras at all access points to allow or disallow "buzz-ins" as needed  Light all exterior entries with fixtures that are difficult to reach or tamper with  Add surveillance cameras and motion detectors in appropriate areas   Add a locked door or barrier as the first line of defense if necessary with appropriate signage according to access under CJIS laws Ensure hidden areas are well protected. They are the most vulnerable areas   Leverage a monitored intrusion system to help deter crime and to alert emergency personnel if a crime event occurs All data transfers and backups offsite are encrypted with 256-bit data encryption procedures.  Internal Threat Deterrence Running background checks on potential employees before making a job offer  Restrict who has access to your security system’s arm and disarm codes Removing ALL personal information files and data files from the desktop Restrict access to all infrastructure components (NOC, IDFs, MDFs) Post warning signs: Prosecution under CIIS Security Act. If providing keys/access cards, give them only to those employees who need them for their jobs  Employ an access control system – access cards are difficult to copy, cost less and are easier than keys to replace if lost or stolen  Use security cameras that record to monitor areas where the money is kept and where valuable equipment is used or stored. Cameras are a strong deterrent to theft. Deploy an intrusion detection system and train employees on coded phrases Maintain temperature control and alert devices, temperature probes, and fire alarms Deploy halogen fire suppression system for the Network Operations Center instead of a water sprinklers. Access control all inventory, storerooms, maintenance equipment entrance and exit points. Practice safe & exemplary backup/recovery procedures (A, B, C, D backups to different locations- each campus, UT Health Center & Cloud backup through Spanning and Region 20) Require employees to run updates and scanning programs on all machines under their care All faculty members are responsible for monitoring and teaching students concerning Internet Safety (CIPA & DOPPA), Student Privacy, Anty-bullying, Acceptable Use Policies, and Ethical Use of district digital resources.  The District deploys the Auditor Filter to monitor for cyberbullying and harmful threats in emails.  Crisis Management & Preparedness Make sure all employees are trained on security, privacy, and emergency procedures, then perform regular drills  Keep your emergency contact list updated  Test your security systems monthly to make sure they are working properly  Review your log reports weekly to look for irregularities and before too much time has passed  Carefully train new employees to ensure safety and security procedures are being followed\ Keep critical data on offsite servers and backup storage devices.  Keep employees informed of all current threats such as malware, spyware, trojans, viruses, and socially engineered SCAMS Require all employees to report any suspicious behavior or unauthorized access to digital or hardware resources.  Update policies regularly to stay ahead of threats and emergency procedures.


RESOURCES

BARK for Schools 
SECURITY AUDIT

• SECURITY CALENDAR
• 12 MONTH SECURITY GUIDE
• Crisis Management Plan (Safety & Security Standards Worksheet)
• Security Policies for Arp ISD TECH DEPT
• Visitor's Policies
• Handgun Policy
• ADA Locking Policies
• Acceptable Use Policy
• Social Media Policy    
• ADA Locked Door Compliance   
• PROTECTING STUDENT DATA