2025DPSS

Learn how to respond quickly and effectively to phishing attempts, with a focus on system responses (with an emphasis on Google) and follow-up actions beyond the system. This session will introduce the FLARE framework (Find, Lock Down, Alert, Review, Evaluate) to guide you through immediate actions during an attack and post-incident improvements.

In a digitally inclusive learning environment, security is paramount to ensure equitable access and safety for all students. Join representatives from NYS School Districts and Arctic Wolf for a comprehensive session on enhancing school security through advanced threat intelligence. This session will explore how K-12 schools can leverage cutting-edge threat intelligence solutions to protect students, staff, and data from increasingly sophisticated cyber threats. Join us in a discussion on best practices, case studies, and effective collaboration between schools and security vendors to create a resilient, inclusive digital learning environment. 

Participants will gain insights into:
- Real-world Threats and Challenges in K-12: Learn about the unique security challenges facing schools and the importance of protecting student data in inclusive digital environments.
- Threat Intelligence Strategies: Discover how Arctic Wolf’s threat intelligence services help identify, prevent, and mitigate cyber threats, providing a proactive stance in safeguarding student data and ensuring safe digital learning experiences.
- Building a Culture of Security Awareness: Explore ways to foster a security-first mindset among staff and students, ensuring everyone plays a role in protecting school digital resources.

Protecting your online school accounts is crucial in this day and age. This workshop will approach the issue from a "in the trenches" mentality.

In recent years, there has been an intensified focus on cybersecurity within the K-12 educational sector, driven by local, state, and federal agencies. Notably, between 2023 and 2024, several pivotal reports have been released, offering strategic guidance tailored to the K-12 environment:

- “Protecting our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats” by the US Department of Homeland Security and Cybersecurity and Infrastructure Security Agency (January 2023)
- “K12 Digital Infrastructure: Defensible and Resilient” by the US Department of Education (August 2023)
- “K12 SIX Essential Cybersecurity Protections: 2022-2023/2023-2024” by K12 SIX (Annually)
- “Cybersecurity Guidance for K-12 Technology Acquisitions” by CISA (August 2023)

These documents converge on a set of best practices and core principles for the K-12 cybersecurity landscape. While the recommendations are essential, translating them into practice within diverse organizational cultures and political climates presents challenges.

Our session will outline effective strategies for implementing these recommendations and securing executive-level support to enhance cybersecurity postures. We will share insights from the West Irondequoit Central School District’s journey from policy to practice.

Synopsis: This session will guide attendees through the West Irondequoit Central School District’s transition from theoretical frameworks to actionable cybersecurity measures. We will explore the implementation of key recommendations from seminal reports such as “Protecting our Future” and “K12 Digital Infrastructure,” and discuss their integration with the NIST CSF 2.0 and CISA CPG frameworks.

Participants will leave equipped with immediate and long-term strategies for cybersecurity enhancement. Our discussion will cover:

- MFA Implementation: Overcoming cultural and political hurdles to deploy Multi-Factor Authentication among staff and students.
- Password Policy Evolution: Strengthening security while fostering a cybersecurity-aware culture.
- Backup Systems: Securing executive support for robust backup solutions, including navigating managed backups and testing.
- Network Hardening: Updating network access controls and revising longstanding guest network policies.
- Vulnerability Management: Utilizing CEVs and cybersecurity partnerships to address vulnerabilities and establish a patching schedule.
- Vulnerability Scanning and Penetration Testing: Obtaining leadership backing for Managed Detection and Response (MDR) and penetration testing, with a focus on remediation prioritization.
- Documentation and Drills: Developing and testing Incident Response Plans (IRPs), Disaster Recovery Plans (DRP), RunBooks, Business Continuity Plans (BCP), Business Impact Analyses (BIA), Data Flow Charts, and more.
- Additional Security Measures: Sharing further strategies developed throughout our cybersecurity journey.
This session promises to provide valuable insights and practical approaches for advancing cybersecurity initiatives in the K-12 sector.