2025DPSS

In recent years, there has been an intensified focus on cybersecurity within the K-12 educational sector, driven by local, state, and federal agencies. Notably, between 2023 and 2024, several pivotal reports have been released, offering strategic guidance tailored to the K-12 environment:

- “Protecting our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats” by the US Department of Homeland Security and Cybersecurity and Infrastructure Security Agency (January 2023)
- “K12 Digital Infrastructure: Defensible and Resilient” by the US Department of Education (August 2023)
- “K12 SIX Essential Cybersecurity Protections: 2022-2023/2023-2024” by K12 SIX (Annually)
- “Cybersecurity Guidance for K-12 Technology Acquisitions” by CISA (August 2023)

These documents converge on a set of best practices and core principles for the K-12 cybersecurity landscape. While the recommendations are essential, translating them into practice within diverse organizational cultures and political climates presents challenges.

Our session will outline effective strategies for implementing these recommendations and securing executive-level support to enhance cybersecurity postures. We will share insights from the West Irondequoit Central School District’s journey from policy to practice.

Synopsis: This session will guide attendees through the West Irondequoit Central School District’s transition from theoretical frameworks to actionable cybersecurity measures. We will explore the implementation of key recommendations from seminal reports such as “Protecting our Future” and “K12 Digital Infrastructure,” and discuss their integration with the NIST CSF 2.0 and CISA CPG frameworks.

Participants will leave equipped with immediate and long-term strategies for cybersecurity enhancement. Our discussion will cover:

- MFA Implementation: Overcoming cultural and political hurdles to deploy Multi-Factor Authentication among staff and students.
- Password Policy Evolution: Strengthening security while fostering a cybersecurity-aware culture.
- Backup Systems: Securing executive support for robust backup solutions, including navigating managed backups and testing.
- Network Hardening: Updating network access controls and revising longstanding guest network policies.
- Vulnerability Management: Utilizing CEVs and cybersecurity partnerships to address vulnerabilities and establish a patching schedule.
- Vulnerability Scanning and Penetration Testing: Obtaining leadership backing for Managed Detection and Response (MDR) and penetration testing, with a focus on remediation prioritization.
- Documentation and Drills: Developing and testing Incident Response Plans (IRPs), Disaster Recovery Plans (DRP), RunBooks, Business Continuity Plans (BCP), Business Impact Analyses (BIA), Data Flow Charts, and more.
- Additional Security Measures: Sharing further strategies developed throughout our cybersecurity journey.
This session promises to provide valuable insights and practical approaches for advancing cybersecurity initiatives in the K-12 sector.