IT cyber responsibilities

  • 7 minutes

In January 2023, CISA and education industry stakeholders released a report entitled, Protecting Our Future. This report outlined some of the cybersecurity threats that you learned about in the previous unit, and it offered key recommendations for mitigating risk and securing computing infrastructure.

Reproduction of the cover of the Protecting our Future Report.

CISA published several key findings and recommendations in the report:

  1. K-12 institutions can take a few steps to greatly reduce cybersecurity risk. Schools should invest in security measures with the greatest impact and build toward a mature cybersecurity plan.

    Key goals:

    • Implement multifactor authentication (MFA)
    • Prioritize patch management
    • Perform and test back-ups
    • Minimize exposure to common attacks
    • Develop and exercise an incident response plan
    • Create a training and awareness campaign at all levels

  2. Many districts struggle with insufficient resources and cybersecurity capacity. Schools should identify resource constraints and take creative approaches to secure the necessary funding and services.

    Key goals:

    • Partner with state organizations
    • Seek and apply for cybersecurity grants
    • Use free or low-cost tools and services
    • Demand higher security controls from technology providers
    • Migrate IT services to the cloud

  3. No K-12 entity can single-handedly address cybersecurity on their own. Information sharing and collaboration with partners is essential to build awareness and sustain resilience.

    Key goals:

    • Participate in state, regional, or national cybersecurity discussions
    • Join communities and forums to share experiences
    • Share information with CISA and the FBI

Although the report emphasized a "whole school" approach to K-12 cybersecurity, many of the recommendations fall on your shoulders to implement because of your technical expertise and role in schools.

Your role

As an IT professional, you're the frontline of defense against cyber threats. The steps that you take can mean the difference between a small, containable issue and a large disruption that results in data loss, outage, or closing school.

Consider some of the responsibilities that IT professionals like you assume each day:

  • Managing and securing devices
  • Protecting networks and system resources
  • Safeguarding sensitive data
  • Maintaining compliance with laws and regulations
  • Responding to incidents and containing threats
  • Backing up systems and developing recovery plans
  • Supporting the entire school community

It shouldn't be surprising to learn that most of the findings and recommendations in the Protecting Our Future report align with aspects of your job responsibilities. This module helps you learn how to apply CISA's recommendations as a part of duties that you probably already perform.

Laws and regulations

CISA's recommendations align not only with your duties and responsibilities, but each one strengthens your school's compliance with federal laws that protect students and their data.

Take a moment to review these laws. Test yourself by trying to explain the law before reading the description.

Law Description
Family Educational Rights and Privacy Act (FERPA) The Family Educational Rights and Privacy Act of 1974 (FERPA) protects the privacy of student education records and gives guardians access to their child's information.
Children's Internet Protection Act (CIPA) The Children's Internet Protection Act of 2000 (CIPA) requires schools and libraries to protect children from accessing obscene or harmful content on the Internet in order to be eligible for certain types of federal funding from the FCC.
Children's Online Privacy Protection Act (COPPA) The Children's Online Privacy Protection Act of 1998 (COPPA) imposes specific requirements on operators of websites or online services directed at children under 13 years of age.

Microsoft Security solutions

It isn't enough to be familiar with the Protecting Our Future report and the laws that shape data privacy and security in schools. You also need tools that allow you to secure your school's infrastructure and respond to incidents and threats. This module features security solutions that help IT professionals enhance security, control identity access, and maintain compliance throughout their computing environment.

Next steps

Take a moment to review the Protecting Our Future report for specific actions that your IT team should implement, if you haven't already.