2025DPSS

Protecting your online school accounts is crucial in this day and age. This workshop will approach the issue from a "in the trenches" mentality.

This presentation offers strategies and insights for enhancing security across school districts. Designed for educational leaders, this session emphasizes practical tools and methods to safeguard sensitive data, align with compliance requirements, and foster a secure environment for staff and students alike. The session focuses on upgrading security practices by examining and improving how we manage staff throughout their employment lifecycle. Presentation at esmschools.org/oconnor

Step into the world of cybersecurity response with The Game of CIRP! This interactive tabletop experience takes teams through the key phases of a Cybersecurity Incident Response Plan (CIRP)—from preparation to recovery. Navigate real-world scenarios, tackle unexpected challenges, and make critical decisions that shape your team’s success. Earn points for strong strategies, but beware—some choices come with risks! Learn, strategize, and compete to see who can best manage a cyber incident. Are you ready to play, plan, and protect?

You can't manage PII if you don't know what files in your staff drives contain PII.  Learn with us as we navigate the use of File Sensitivity Labels and DLP (Data Loss Prevention) rules within the Google ecosystem to better manage the sensitive data in your district.  

This presentation explores responsible AI implementation in K-12 education, focusing on enhancing learning while protecting student data. Topics include the benefits and risks of AI, best practices for data privacy and security, compliance with legal standards, and practical AI applications that ensure student privacy. Learn how to use AI responsibly to create a safe and effective educational environment.

In today’s digital landscape, safeguarding sensitive data and maintaining secure networks require a collective effort from all stakeholders within an educational agency. This session will explore how Data Protection Officers can conduct departmental security reviews to assess compliance with laws, regulations, and best practices. Attendees will gain insights into effective strategies for evaluating security protocols, identifying vulnerabilities, and fostering a culture of data protection across all departments.

In recent years, there has been an intensified focus on cybersecurity within the K-12 educational sector, driven by local, state, and federal agencies. Notably, between 2023 and 2024, several pivotal reports have been released, offering strategic guidance tailored to the K-12 environment:

- “Protecting our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats” by the US Department of Homeland Security and Cybersecurity and Infrastructure Security Agency (January 2023)
- “K12 Digital Infrastructure: Defensible and Resilient” by the US Department of Education (August 2023)
- “K12 SIX Essential Cybersecurity Protections: 2022-2023/2023-2024” by K12 SIX (Annually)
- “Cybersecurity Guidance for K-12 Technology Acquisitions” by CISA (August 2023)

These documents converge on a set of best practices and core principles for the K-12 cybersecurity landscape. While the recommendations are essential, translating them into practice within diverse organizational cultures and political climates presents challenges.

Our session will outline effective strategies for implementing these recommendations and securing executive-level support to enhance cybersecurity postures. We will share insights from the West Irondequoit Central School District’s journey from policy to practice.

Synopsis: This session will guide attendees through the West Irondequoit Central School District’s transition from theoretical frameworks to actionable cybersecurity measures. We will explore the implementation of key recommendations from seminal reports such as “Protecting our Future” and “K12 Digital Infrastructure,” and discuss their integration with the NIST CSF 2.0 and CISA CPG frameworks.

Participants will leave equipped with immediate and long-term strategies for cybersecurity enhancement. Our discussion will cover:

- MFA Implementation: Overcoming cultural and political hurdles to deploy Multi-Factor Authentication among staff and students.
- Password Policy Evolution: Strengthening security while fostering a cybersecurity-aware culture.
- Backup Systems: Securing executive support for robust backup solutions, including navigating managed backups and testing.
- Network Hardening: Updating network access controls and revising longstanding guest network policies.
- Vulnerability Management: Utilizing CEVs and cybersecurity partnerships to address vulnerabilities and establish a patching schedule.
- Vulnerability Scanning and Penetration Testing: Obtaining leadership backing for Managed Detection and Response (MDR) and penetration testing, with a focus on remediation prioritization.
- Documentation and Drills: Developing and testing Incident Response Plans (IRPs), Disaster Recovery Plans (DRP), RunBooks, Business Continuity Plans (BCP), Business Impact Analyses (BIA), Data Flow Charts, and more.
- Additional Security Measures: Sharing further strategies developed throughout our cybersecurity journey.
This session promises to provide valuable insights and practical approaches for advancing cybersecurity initiatives in the K-12 sector.

The NIST Govern function is one of the six core functions outlined in the NIST Cybersecurity Framework (CSF). It focuses on establishing and maintaining governance structures and processes to manage cybersecurity risks within an organization effectively. Learn how to establish and run a Cybersecurity Governance Committee that formalizes the involvement of your executive team and other stakeholders in the decision-making process.  This committee will help raise awareness of and provide valuable feedback on your policies and practices and will also help to identify and manage all organizational risks.  This awareness and involvement will help to build support for your budgetary needs.

Enhance your organization's resilience by evaluating and strengthening its readiness to tackle a Business Email Compromise (BEC) incident—focusing on swift detection, effective response, and seamless recovery to minimize impact and safeguard critical operations.