Cybersecurity
This page is created to share resources regarding cybersecurity.
SETDA (State Education Technology Directors Association) - Landscape Analysis of Cybersecurity - Cybersecurity and Privacy Collaborative
Critical Vulnerabilities
Legislative Impacts and Needs
Strengthening State Response
Key Resources
Need for State Advocacy
Cyber Insurance Market and Control Presentation by Gallagher
Minimum Baseline for Cyberinsurance/Critical Priority Cybersecurity Controls
Require multifactor authentication for employee/user email
All faculty and staff accessing on main network or remotely
Students not currently required but some are beginning MFA for students when they get an email address - usually in MS or HS; carriers giving preference to those who implement with students and they are moving towards this...not there yet though
MFA required on Google Drive and One Drive if there is sensitive information stored on that platform
Require multifactor authentication for remote access (i.e. VPN, RDP)
Require MFA for privileged accounts (i.e. domain administrator accounts)
If IT is outsourced, when accessing the network those consultants need to utilize MFA
Require offline/offsite backups of critical data
Deploy an Endpoint Detection and Response Solution on all managed endpoints
Create a written plan that's self-audited for patching critical software/hardware - risk based escalation of security patches (within 7 days and no longer than 30 days after release)
Segment end of life/legacy hardware and software systems
Categories of focus - IAM (w/service accounts), endpoint protection, backup procedures, end of life, change management, and employee training
FREE E-risk Hub from Gallagher
https://eriskhub.com/gallagher; complete the new user registration at the bottom of the page - pick your own user ID and password (access code is 447597)
After registering you can access the hub immediately using the newly created credentials in the member login box located in top right
Breach preparation guidance
Privacy Statute guidance
Breach response/compliance/cybersecurity vendor directory
Current and trending events
Best practice policies and procedures
Cyber Risk management due diligence