Popis: |
Internet connectivity has been added to the classrooms of United States (U.S .) K-12 schools, but recognition of the security risks and related management responsibilities to address increased risk exposure is not apparent. Providing a sufficient level of access for K-12 students to learn through exploration and experimentation needs to be balanced with sufficient limitations to minimize the risk of technically proficient participants inflicting harm through school resources. Problems of inappropriate use such as adjusting grades, tampering with work of other students, and defacing Web sites by K-12 students are already appearing in U.S. newspapers. In addition, the growing level of Internet security incidents such as worms and malicious code puts K-12 technology infrastructure and data at risk. Each K-12 school and school district has a unique set of technical capabilities that must be balanced against the risk of misuse to establish appropriate security. Applying security risk management can allow K -12 administrators to identify areas of weak security that pose unacceptable risk and plan for needed improvements. Within this investigation, a security risk methodology was selected, tailored to incorporate organizational characteristics and regulatory requirements unique to K-12 schools and school districts, and successfully applied by the Scarsdale Public School District, Scarsdale, New York. In addition, several K-12 school officials including school board members, technology directors, and superintendents, reviewed the tailored methodology and affirmed its applicability to their schools and school districts. The Operationally Critical Threat, Asset, and Vulnerability EvaluationsM (OCTA VE®) Methodology was selected by this investigator for evaluating the security risk ofK-12 schools and school districts. The OCTAVE Methodology applies a security risk management approach developed by researchers at the Carnegie Mellon® Software Engineering Institute (SElsM). The methodology is used by over 1,000 medical, financial, manufacturing, and government organizations, and allows for self-direction. It is available at no cost and provides a wide range of tailoring capabilities for adapting |