Databus Issue: 2007 3 09/17/2007
The Importance of Data Security
Linda Sharp 
PDF
Schools are information-rich environments
and data is critical as we
conduct day-to-day operations. The
data includes names, social security numbers,
health background and financial
information, as well as a myriad of other
details about students and employees. Data
collection, analysis and reporting are critical
components of No Child Left Behind
(NCLB). School districts must collect even
more data, in more detail and disaggregate
it. This trend to rely on and share data
will continue to grow, as will the necessity
of protecting this confidential information.
This has become a primary concern
to schools. If this data should fall into the
wrong hands, it can lead to identity theft,
fraud or other issues putting the district at
legal and ethical risk. Also, the protection,
backup, and restoration of data in the case
of a disaster must be a major component of
your planning.
Cyber security involves three strategic
areas: people, policy and technology. A
district must create a community of trust
by reducing the risk and having the right
tools to implement policies that serve
the learning community. There are also
three ongoing action items that need to be
addressed including prevention, monitoring
and maintenance.
First, districts must ensure that the
leadership team realizes the importance
of providing the personnel, financial and
technology resources to address the issues.
Many district leaders realize the importance
of data, but fail to prioritize the
process of protecting that data. Including
cyber security as a priority in a large list
of priorities is not an easy task, yet the
importance of identifying and supporting
the resources necessary to protect the data
must not be underestimated. It is imperative
that the leadership team set security
goals, determine the budget and define
the expectations for internal and external
access.
Second, district officials must know
what data they have, where it is stored,
how it is accessed, and who has access
to it. The issue of data safety is not limited
to protecting a closed environment,
as today schools provide a great deal of
data to state departments, other schools,
employees and parents. Users expect to
have access to the data 24/7. This means
that there must be levels of access that
are appropriate while safeguarding information
that must be kept confidential.
Training personnel and helping them
understand the importance of following
security procedures is imperative. Schools
can put measures in place to protect data,
but if users do not follow the procedures,
the best-designed plans are in danger.
Third, schools need to consider the
stability and security of their technology.
The risk of threat and the sophistication
of those attempting to “crack” the
systems continue to make this an area
that needs to be diligently evaluated and
updated. Cyber security requires identifying
the vulnerabilities and deciding what
to do to minimize impact and exercise
care and diligence to protect information.
This is an ongoing process. Schools
must diligently evaluate and update their
technology, processes and training. As
you evaluate the district plan, you must
determine how to address security by
cause, impact and players. Is the software
or hardware you are adding to your
network secure? Don’t assume that your
software vendors are as concerned about
security as you are. Do you know where
every piece of equipment in your district
is located and is it updated with the latest
software and patches to protect it from
threats, whether intentional or accidental?
Is your software updated and tested to
ensure compliance to your network security
plan? Also, you must evaluate your
security plan by its impact on the information
itself. What will happen if the data is
disclosed to others, corrupted or what if
there is destruction of the data? What can
your district live without for an hour, day,
week or longer? Finally, determine who
has access to the data and how will you
address their access to assure that your
network and users are safe. It is imperative
that you evaluate your plan, monitor
your network and provide ongoing maintenance
to ensure that your plan is viable
and your network is protected.
According to John Bailey, former
director of educational technology, U. S.
Department of Education, “There are four
reasons to pay attention to K-12 network
security. Schools need to protect data,
prevent the misuse of resources, prevent
an interruption of operations and keep
students and employees safe.”
Security is the responsibility of every
person in the district. It is critical to plan,
budget and train in order to do everything
possible to meet your data security needs.
Security planning is an ongoing process.
You need to plan, test, communicate,
implement and document every process
to protect from unauthorized access, use,
disclosure, modification or destruction of
data, then you need to plan, test, communicate
and document all over again. Never
assume that you are done. Data security is
an evolving process.
