2025DPSS

Learn how to be a “Rock Star DPO” for your district. The session will cover Ed Law 2-d Part 121 best practices and the steps DPOs can take to earn “Rock Star” status. The audience for this session can include newly appointed DPOs or DPOs that would like a refresher.

This session provides attendees with a panel of 5 DPO's from around the state that will be discussing the best practices they have put into place for 2024-25.

Learn how to respond quickly and effectively to phishing attempts, with a focus on system responses (with an emphasis on Google) and follow-up actions beyond the system. This session will introduce the FLARE framework (Find, Lock Down, Alert, Review, Evaluate) to guide you through immediate actions during an attack and post-incident improvements.

The 12 Regional Information Centers (RICs) have been working in partnership with NYSED to develop a new centralized and standardized structure to support districts in accessing Data Privacy Agreements (DPAs).  Using this structure, educational agencies will be able to piggyback on existing DPAs with vendors that include terms to address the Family Education Rights and Privacy Act (FERPA), New York State Education Law Section 2-d (Ed Law 2-d), and other data privacy requirements.  Additionally, agencies will be able to submit requests to the RICs to initiate the negotiation of new DPAs.  This panel session will support technology leaders, administrators, and other interested stakeholders in learning more about this structure.

A gamified cybersecurity tabletop simulation where you roll the dice, battle cyber threats, and defend critical data in this interactive tabletop adventure where strategy and quick thinking determine your fate! 

In today’s digital landscape, educational institutions are increasingly targeted by cyber threats, making it critical to have a well-prepared response plan. This presentation will explore the comprehensive response to the recent PowerSchool data breach, detailing the steps taken to mitigate risks, communicate transparently, and strengthen cybersecurity practices.

This session will provide a real-world case study on navigating cybersecurity challenges in education and will offer actionable strategies for improving response times, vendor accountability, and data security policies. Whether you are a technology leader, administrator, or IT professional, this presentation will equip you with the knowledge and tools to better protect your institution from future cyber threats.

Join us for an in-depth workshop where educators, administrators, and IT professionals come together to navigate the complex landscape of data retention in schools. In an era where data plays a crucial role in decision-making and accountability, understanding what records to keep, which ones to discard, and the potential repercussions of data mismanagement is vital.

During this engaging session, we will cover:
- Essential Records: Identifying the types of data that are legally required to be retained and best practices for storing them securely.
- Data Disposal: Learning about effective methods for safely disposing of data that is no longer needed, and understanding the risks of improper disposal.
- Legal and Ethical Considerations: Exploring the legal obligations and ethical considerations surrounding data retention and how to ensure compliance with relevant regulations.
- Real-World Examples: Examining case studies of schools that faced challenges due to poor data retention policies and what we can learn from their experiences.
- Practical Strategies: Developing actionable strategies for creating a robust data retention policy tailored to your school's unique needs.

Equip yourself with the knowledge and tools to make informed decisions about data management and safeguard your school from potential data-related pitfalls. Whether you're looking to update your current practices or establish new protocols, this workshop will provide valuable insights and practical guidance.

Let's demystify data retention and ensure your school's data is managed effectively and responsibly!

I will take my notes, presentations, and questions from DPOs from around the State for the past 4 years and compile them into a concise toolkit comprised of 10 skills a DPO should have: 5 things that are a low bar threshold must-have and 5 things to strive for as best practices. The presentation will focus heavily on 8 NYCRR Part 121 requirements. Group participation encouraged!

This session will provide an overview of the implementation a Student Data Privacy PIN system in the Buffalo Public Schools. We will discuss the overall need for implementing the system, process for creating secure PINs within the SIS, educating staff on use, communicating with stakeholders, and going live with the system to share the opportunities and challenges from our experience to strengthening student data privacy across the district.

In an era where cybersecurity threats are ever-evolving, school leaders play a crucial role in safeguarding their institution's digital assets. This session will empower educational leaders with the knowledge and tools needed to implement the NIST Cybersecurity Framework (CSF) effectively within their schools.

Participants will explore the leadership strategies required to align cybersecurity initiatives with educational goals, foster a culture of security awareness, and ensure compliance with regulatory standards. Through practical insights and actionable strategies, attendees will learn how to lead their institutions in adopting the core functions of the NIST CSF to build a resilient cybersecurity posture.

Key Takeaways:

- The role of leadership in driving cybersecurity initiatives
- Strategic implementation of the NIST CSF in educational environments
- Best practices for fostering a culture of cybersecurity awareness
- Tools and resources to support ongoing security improvements

Join this session to discover how proactive leadership can make cybersecurity an integral part of your school's success.

In a digitally inclusive learning environment, security is paramount to ensure equitable access and safety for all students. Join representatives from NYS School Districts and Arctic Wolf for a comprehensive session on enhancing school security through advanced threat intelligence. This session will explore how K-12 schools can leverage cutting-edge threat intelligence solutions to protect students, staff, and data from increasingly sophisticated cyber threats. Join us in a discussion on best practices, case studies, and effective collaboration between schools and security vendors to create a resilient, inclusive digital learning environment. 

Participants will gain insights into:
- Real-world Threats and Challenges in K-12: Learn about the unique security challenges facing schools and the importance of protecting student data in inclusive digital environments.
- Threat Intelligence Strategies: Discover how Arctic Wolf’s threat intelligence services help identify, prevent, and mitigate cyber threats, providing a proactive stance in safeguarding student data and ensuring safe digital learning experiences.
- Building a Culture of Security Awareness: Explore ways to foster a security-first mindset among staff and students, ensuring everyone plays a role in protecting school digital resources.

Protecting your online school accounts is crucial in this day and age. This workshop will approach the issue from a "in the trenches" mentality.

This presentation offers strategies and insights for enhancing security across school districts. Designed for educational leaders, this session emphasizes practical tools and methods to safeguard sensitive data, align with compliance requirements, and foster a secure environment for staff and students alike. The session focuses on upgrading security practices by examining and improving how we manage staff throughout their employment lifecycle. Presentation at esmschools.org/oconnor

Step into the world of cybersecurity response with The Game of CIRP! This interactive tabletop experience takes teams through the key phases of a Cybersecurity Incident Response Plan (CIRP)—from preparation to recovery. Navigate real-world scenarios, tackle unexpected challenges, and make critical decisions that shape your team’s success. Earn points for strong strategies, but beware—some choices come with risks! Learn, strategize, and compete to see who can best manage a cyber incident. Are you ready to play, plan, and protect?

You can't manage PII if you don't know what files in your staff drives contain PII.  Learn with us as we navigate the use of File Sensitivity Labels and DLP (Data Loss Prevention) rules within the Google ecosystem to better manage the sensitive data in your district.  

This presentation explores responsible AI implementation in K-12 education, focusing on enhancing learning while protecting student data. Topics include the benefits and risks of AI, best practices for data privacy and security, compliance with legal standards, and practical AI applications that ensure student privacy. Learn how to use AI responsibly to create a safe and effective educational environment.

In today’s digital landscape, safeguarding sensitive data and maintaining secure networks require a collective effort from all stakeholders within an educational agency. This session will explore how Data Protection Officers can conduct departmental security reviews to assess compliance with laws, regulations, and best practices. Attendees will gain insights into effective strategies for evaluating security protocols, identifying vulnerabilities, and fostering a culture of data protection across all departments.

In recent years, there has been an intensified focus on cybersecurity within the K-12 educational sector, driven by local, state, and federal agencies. Notably, between 2023 and 2024, several pivotal reports have been released, offering strategic guidance tailored to the K-12 environment:

- “Protecting our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats” by the US Department of Homeland Security and Cybersecurity and Infrastructure Security Agency (January 2023)
- “K12 Digital Infrastructure: Defensible and Resilient” by the US Department of Education (August 2023)
- “K12 SIX Essential Cybersecurity Protections: 2022-2023/2023-2024” by K12 SIX (Annually)
- “Cybersecurity Guidance for K-12 Technology Acquisitions” by CISA (August 2023)

These documents converge on a set of best practices and core principles for the K-12 cybersecurity landscape. While the recommendations are essential, translating them into practice within diverse organizational cultures and political climates presents challenges.

Our session will outline effective strategies for implementing these recommendations and securing executive-level support to enhance cybersecurity postures. We will share insights from the West Irondequoit Central School District’s journey from policy to practice.

Synopsis: This session will guide attendees through the West Irondequoit Central School District’s transition from theoretical frameworks to actionable cybersecurity measures. We will explore the implementation of key recommendations from seminal reports such as “Protecting our Future” and “K12 Digital Infrastructure,” and discuss their integration with the NIST CSF 2.0 and CISA CPG frameworks.

Participants will leave equipped with immediate and long-term strategies for cybersecurity enhancement. Our discussion will cover:

- MFA Implementation: Overcoming cultural and political hurdles to deploy Multi-Factor Authentication among staff and students.
- Password Policy Evolution: Strengthening security while fostering a cybersecurity-aware culture.
- Backup Systems: Securing executive support for robust backup solutions, including navigating managed backups and testing.
- Network Hardening: Updating network access controls and revising longstanding guest network policies.
- Vulnerability Management: Utilizing CEVs and cybersecurity partnerships to address vulnerabilities and establish a patching schedule.
- Vulnerability Scanning and Penetration Testing: Obtaining leadership backing for Managed Detection and Response (MDR) and penetration testing, with a focus on remediation prioritization.
- Documentation and Drills: Developing and testing Incident Response Plans (IRPs), Disaster Recovery Plans (DRP), RunBooks, Business Continuity Plans (BCP), Business Impact Analyses (BIA), Data Flow Charts, and more.
- Additional Security Measures: Sharing further strategies developed throughout our cybersecurity journey.
This session promises to provide valuable insights and practical approaches for advancing cybersecurity initiatives in the K-12 sector.

The NIST Govern function is one of the six core functions outlined in the NIST Cybersecurity Framework (CSF). It focuses on establishing and maintaining governance structures and processes to manage cybersecurity risks within an organization effectively. Learn how to establish and run a Cybersecurity Governance Committee that formalizes the involvement of your executive team and other stakeholders in the decision-making process.  This committee will help raise awareness of and provide valuable feedback on your policies and practices and will also help to identify and manage all organizational risks.  This awareness and involvement will help to build support for your budgetary needs.

Enhance your organization's resilience by evaluating and strengthening its readiness to tackle a Business Email Compromise (BEC) incident—focusing on swift detection, effective response, and seamless recovery to minimize impact and safeguard critical operations.