November 20, 2023

MS-ISAC toolkit and resources

CoSN released its NIST Cybersecurity Framework Resources Alignment for K-12. The resource is designed to ease the complexities of managing cybersecurity in K-12 educational settings. It offers a comprehensive suite of resources, guidance, and best practices aligned with the NIST Cybersecurity Framework’s core functions.

CoSN Toolkits resources for data privacy, cybersecurity, and more

SETDA’s Cybersecurity & Privacy Collaborative published Small Districts, Big Hurdles: Cybersecurity Support for Small, Rural, and Under-resourced Districts, a resource that shares how state agencies and other organizations are giving their smallest districts a leg up in improving their cybersecurity readiness. Download it here: https://oercommons.org/courses/small-districts-big-hurdles

K-12 Digital Infrastructure Brief: Defensible and Resilient

• The U.S. Department of Education (Department), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), has released the K-12 Digital Infrastructure Brief: Defensible and Resilient to highlight cybersecurity recommendations and promising practices from States and districts across the country. This brief provides specific steps schools and districts can take to keep their systems safe and serves as a helpful starting place for understanding the importance of securing digital infrastructure. The brief is part of a collection of briefs published by the Department’s Office of Educational Technology on the key considerations facing education leaders as they work to build and sustain core digital infrastructure for learning. This brief, along with other helpful resources, can be found on the Office of Educational Technology website at https://tech.ed.gov/infrastructure.

Erate

• • FCC Announces Proposal to Allow E-Rate Dollars to Cover Hot Spots - Earlier this week, FCC Chairwoman Jessica Rosenworcel moved forward with the second part of her Learn Without Limits Initiative (as we covered before, this is a three-tier effort to expand and support student connectivity, including wi-fi on buses, hotspots, and cybersecurity). As students and educators increasingly rely on remote educational tools and the online space becomes part of the classroom, the FCC seeks to update the E-Rate program to help meet these educational needs. The FCC had voted last month to immediately implement the use of E-Rate dollars for wi-fi on buses. This latest proposal will start a traditional rule-making process, and there will be a 30-day comment period. You can read the press release and full rule. 

AI Resources

• • K-12 Generative AI Readiness Checklist

  • AI is Disrupting Education but Only a Few States are Offering Guidance

Articles:

• • Your District's Cyber Safety Needs Help - Here's How to Fix It

Resources from the National K-12 Security Summit

• • CIS Critical Security Controls Version 8 Center for Internet Security The CIS Critical Security Controls (CIS Controls) are a prioritized set of safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks. Movement to cloud-based computing, virtualization, mobility, outsourcing, Work-from-Home, and changing attacker tactics prompted the update and supports an enterprise’s security as they move to both fully cloud and hybrid environments. Resource Link: https://www.cisecurity.org/controls/v8  

  • CISA Vulnerability Scanning Cybersecurity and Infrastructure Security Agency, U.S. Department of Homeland Security CISA's Vulnerability Scanning (VS) is persistent "internet scanning-as-a-service". VS service continuously assesses the health of your internet-accessible assets by checking for known vulnerabilities, weak configurations—or configuration errors—and suboptimal security practices. VS service also recommends ways to enhance security through modern web and email standards. Resource Link: https://www.cisa.gov/resources-tools/services/cisa-vulnerability-scanning   

  • K-12 Digital Infrastructure Brief: Defensible & Resilient U.S. Department of Education & Cybersecurity and Infrastructure Security Agency, U.S. Department of Homeland Security This product provides K-12 districts across our communities a starting place to understand the importance of securing our digital infrastructure and provides steps schools can take today to keep their systems safe. Resource Link: https://tech.ed.gov/files/2023/08/DOEd-Report_20230804_-508c.pdf  

  • Nationwide Cybersecurity Review Multi-State Information Sharing & Analysis Center The NCSR is a no-cost, anonymous, annual self-assessment. All states (and agencies), local governments (and departments), tribal nations, and territorial (SLTT) governments are encouraged to participate. It is designed to measure gaps and capabilities of SLTT governments’ cybersecurity programs and is based on the National Institute of Standards and Technology Cybersecurity Framework. Resource Link: https://www.cisecurity.org/ms-isac/services/ncsr  

  • Protecting Our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats Cybersecurity and Infrastructure Security Agency, U.S. Department of Homeland Security This report provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat landscape specific to the K-12 community and offers actionable steps school leaders can take to strengthen their cyber posture. Resource Link: https://www.cisa.gov/protecting-our-future-cybersecurity-k-12 

  • Discovery Ed updating pricing structure starting next school year.

Discovery Ed updating pricing structure starting next school year.

• IU1 will reach out with pricing as it becomes available.

• Moving away from per device billing to building based on student numbers.  

A follow up discussion occurred with respects to Google 3rd party Apps.

• Only one school in the group had sent out information to parents/guardians.

• Most parents had accepted what was sent out while there were a few that did not.  That school district is working through that process.

• Tweaked Google's suggestion on what to send out to parents/guardians. 

General Discussion

• Backblaze as a low cost backup solution.

  • One school district had discussed using Backblaze which had been mentioned in a recent MS-ISAC webinar.

  • So far this school district is having success with it as an alternative solution.   

Trafera

Lenovo