Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Be safe in the cyber world ...
Cyber Safety and SecurityGuidelines for School
Prof. Amarendra Behera, Joint Director, Central Institute of EducationalTechnology, NCERT, New Delhi.
DEVELOPMENT COMMITTEEChairperson
Dr. Indu Kumar, Associate Professor and Head, Department of ICT& Training Division,Central Institute of Educational Technology, NCERT, New Delhi.
Dr. Mohd. Mamur Ali, Assistant Professor, Central Institute of Educational Technology,NCERT, New Delhi.
Dr. Rejaul Karim Barbhuiya, Assistant Professor, Department of Education in Science and Mathematics, NCERT, New Delhi.
Dr. Ramanujam Meganathan, Associate Professor, Department of Education in Languages, NCERT, New Delhi.
D. Varada M. Nikalje, Associate Professor, Department of Elementary Education,NCERT, New Delhi.
Ms. Surbhi, Assistant Professor, Central Institute of Educational Technology, NCERT, New Delhi.
Mr. I L Narasimha Rao, Project Manager II, Center for Development of Advanced Computing (CDAC), Hyderabad.
Ms. Sujata Mukherjee, Global Research and APAC Outreach Lead, Google India Pvt Ltd, Hyderabad.
Capt. Vineet Kumar, Founder and President, Cyber Peace Foundation, Ranchi, Jharkand.
Ms. Chandni Agarwal, National ICT Awardee and Head, Department of Computer Science, Maharaja Agrasen Model School, ,Delhi.
Ms. Vineeta Garg, Head, Department of Computer Science, Shaheed Rajpal DAV Public School, Delhi.
Member
Dr. Angel Rathnabai, Assistant Professor, Central Institute of Educational Technology, NCERT, New Delhi.
Member Coordinator
Cybersafety is the safe and responsible use of information andcommunication technology. It is not just about keeping information safe and secure, but also about being responsible with thatinformation, being respectful of other people online, and practising good 'netiquette' (internet etiquette).
As information infrastructure and Internet became bigger and more complex , it became critical to maintain systems functional and alert to security issues. Though the system administration tasks have become easier in recent years, school administrators need to be more updated on the systems and network security In recent years, all systems are exposed to Internet; hence there is increased challenge in maintaining and protecting them from the attackers.
Schools play a key role in promoting internet safety. Schools are primarily responsible for keeping systems/ computers/ network devices secure and functional. It is important to keep the information as secure as we keep the systems and network devices in the organi-sation.
Identify threatvulnerability
&assess risk exposure
Develop protection&
detection measures
12
34
5
Protectsensitive data
Respond toand recover
fromcyber security
incidentsEducate yourstakeholders
Index
vulnerability&
assess riskexposure 1
OOOOOPS...Identify threat
Slow and sluggish behavior of the system.
Navigation to new browser homepage, new toolbars and/or unwantedwebsites without any input.
Unfamiliar programs running in Task Manager.Appearance of unusual message or programs which start automatically.Appearance of new , unfamiliar icons on Desktop.Circulation of strange messages from your email id to your friends.
Inability to download updates.Crashing of programs/ system.Appearance of the infamous BSOD (Blue Screen of Death). Drainage of system battery life before expected period.Unexpected pop ups or unusual error messages.Inexplicable disappearance of system screen while working.
Develop protection&
detection measures2Invest in a robust firewall.
Have students and teachers create strong passwords. Have a password protocol that specifies strong password guidelines,frequent change of passwords, avoid reuse of old passwords.
Use only verified open source or licensed software and operating systems. Ensure that computer systems and labs are accessed only by authorizedpersonnel.
Discourage use of personal devices on the network, such as personal USBsor hard drives.
Set up your computer for automatic software and operating system updates.
Check that antivirus software in each system is regularly updated.
Consider blocking of file extensions such as .bat, .cmd, .exe, .pif by usingcontent filtering software.
2Read the freeware and shareware license agreement to check if adwareand spyware are mentioned, before installing them on systems.
Use encryption such as SSL or VPN for remote access to office or schoollab, through internet.
Ensure that third-party vendors (who have contract with the school) havestrong security measures in place.
Consider contracting with a trusted / verified third-party vendor to monitorthe security of your school’s network.
Institute two or multi factor authentication for students, teachers andadministrators when they log on.Protect your Wi-Fi Connection with secure password, WEP encryption, etc. Encrypt the network traffic.
Change the administrator’s password from the default password. If thewireless network does not have a default password, create one and use it toprotect the network. Disable file sharing on computers .Turn off the network during extended periods of non-use etc. Use "restricted mode", "safesearch", "supervised users" and other similarfilters and monitoring systems, so that no child can access harmful contentvia the school’s IT systems, and any concerns can be detected quickly.
Develop protection&detection measures
3
Design and implement information security and access controlprogrammes and policies by evaluating the storage (used/ unused),access, security and safety of sensitive information. Never store critical information in system’s C drive.
Backup critical data (contact numbers, email IDs, aadhaar number etc.)in an off-site location.
Establish safe reporting guidelines and escalation methods to protectthe identity of the person who reports the breach of security.
Protectsensitive data
4Respond to and recover
fromcyber security
incidents
Initial assessment: To ensure an appropriate response,it is essential that the response team find out: How the incident occurred ? Which IT and/or OT systems were affected and how ? The extent to which the commercial and/or operational data was affected ? To what extent any threat to IT and OT remains ?
Recover systems and data: Following the initial assessment of thecyber incident, IT and OT systems and data should be cleaned,recovered and restored, as much as possible, to an operationalcondition by removing threats from the system and restoring the software. Investigate the incident: To understand the causes and consequencesof a cyber incident, an investigation should be undertaken by thecompany, with support from an external expert, if appropriate.The information from an investigation will play a significant role inpreventing a potential recurrence.
Prevent re-occurrence: Complying with the outcome of the investigationmentioned above, any inadequacies in technical and/or proceduralprotection measures should be addressed, in accordance with the companyprocedures for implementation of corrective action.
45
Educate your stakeholders.
Stakeholders
Frame cyber safety rules as Do’s and Don’ts for the Schools.
Orient school administrators with latest tools that can be used to monitorthe sites visited by the students/ teachers.Orient the stakeholders on cyber laws (http://cyberlawsindia.net/)
Consult cyber security professionals to raise awareness levels about therisks in cyber space and their preventive measures
Introduce courses/ lessons/ activities for students and teachers on majorcomponents of cyber security and safety.
Advocate, model and teach safe, legal, and ethical use of digital informationand technology.
Promote and model responsible social interactions related to the use oftechnology and information
Celebrate Safer Internet Day (February 5th) and conduct activities to create awareness through cyber clubsEstablish a relationship with a reputable cybersecurity firm/ organisation. Follow guidelines, policies and procedures to keep the school safe andsecure in cyberspace.
CYB
ER
SEC
UR
ITY
SAFE
PR
AC
TIC
E
MA
JOR
TH
REA
TS
Viru
s
Phis
hing
Spam
Hac
king
Hoa
xPR
OTE
CTI
NG
mea
ns
Info
rmat
ion
&D
evic
es
Una
utho
rised
Acc
ess
Use
/Mis
use
Des
truc
tion
Dis
rupt
ion
Mod
ifica
tion
Dis
clos
ure
Cyb
er C
rime
fromM
oney
Fun
Rev
engeC
urio
sity
Atte
ntio
nco
mm
itted
for
Cyb
er
Law
slega
l
Porn
ogra
phy
Mor
phin
g
Iden
tity
Thef
t
Pira
cy
Fake
Acc
ount
Def
amat
ion
Cyb
er B
ully
ing
Teas
ing Th
reat
sNam
e C
allin
g
Rum
ors
Insu
lts
Lies
Web
site
Def
acem
ent
E-M
ail
Bom
bing
Mal
war
e
Cyb
er
Stal
king
Pass
wor
d
use
Stro
ngsh
oud
be
Shar
e
do n
otC
hang
edsh
ould
be
Secu
rely
save
Soci
al M
edia
in
Stra
nger
s
avoi
d
Pers
onal
In
form
tion
do n
ot s
hare
Secu
rity
Opt
ions
use
Priv
acy
Opt
ions
Mob
ile
Dev
ices
in u
sing
Cal
l fro
m W
eire
d N
umbe
r
do n
ot
acce
pt
Cal
l bac
k
and
do n
ot
Aut
horis
ed
Stor
e
dow
nloa
d ap
p fr
om
Aut
horis
ed
WiF
i
acce
ss
only
Aut
o Lo
ck
use
Blu
etoo
th
switc
h on
Whe
n N
eede
d
only
Des
ktop
/La
ptop
for
Softw
are
upda
te
Ant
iviru
s
use
&up
date
Scan
regu
lar/
auto
mat
ic
Ope
ratin
g Sy
stem
use
curr
ent/
upda
ted
Pira
ted
Softw
are
no to
Pass
wor
dpr
otec
t
Inte
rnet
Unt
rust
ed
Web
site
neve
r vi
sit
Ref
erra
l Li
nks
avoi
d
Type
the
UR
L
inst
ead
Bro
wse
r P
lugg
ins
upda
te
Late
st
Bro
wse
r use
Fire
wal
l
use
E-m
ail
Atta
chm
ents
do n
ot
open
Unk
now
n Pe
rson
s
from
Dat
a
back
up
Frie
ndsh
ip
avoi
d
Unk
now
n Pe
ople
Onl
ine
with
Mee
ting
in P
erso
n
avoi
dTh
reat
s
Pare
nts
info
rm
any
Use
r to
beO
ld E
noug
h
ensu
re
Bef
ore
Dis
card
ing
form
at
Cop
yrig
htVi
olat
ion
Scam
Clic
kja
ckin
g
bro
wse
r’s
cook
ies
and
cach
e
clea
n
UR
L
chec
k
E-m
ail
Trac
erus
e
Tab
Nap
ping
Onl
ine
Pred
ator
s
incl
ude
Gro
omin
gTh
reat
s
Har
assm
ents
Sexu
alA
ctiv
ities
Con
tent
Fi
lterin
g
use
IMEI
N
umbe
r
reco
rd
Rep
eate
dH
aras
smen
t
is
Fal
se
Acc
usat
ions
Slan
der
E-m
ails
Libe
l
incl
udin
gIM
Web
site
s
Onl
ine
Gro
ups
Phon
e
thro
ugh
Sens
itive
In
form
atio
n
obta
inin
g
Pass
wor
d
Use
r Nam
e
Cre
dit C
ard
Det
ails
like
E-m
ail
Spoo
fing
Inst
ant
Mes
sagi
ng
Web
site
sSp
oofin
g
Phon
eC
all
Adw
are
Troj
ans
Wor
ms
Ran
som
war
e
Spyw
are
Scar
ewar
e
incl
ude
Soci
al
Engi
neer
ing
uses
thro
ugh
any
Be
Scar
ed
do n
ot
Cha
t Scr
een
save
Cyb
erPo
lice
appr
oach
Spy
Cam
era
bew
are
of
WiF
i secu
re
Thef
t
from
CC
:BY:
SA-M
.U.P
aily
For more details visitwww.ncert.nic.inwww.ciet.nic.in
www.ictcurriculum.gov.inwww.infosecawareness.in
www.cyberswachhtakendra.gov.in