Information SecurityInformation Security

““The Responsibility of Security The Responsibility of Security Lies on The Shoulders of Each Lies on The Shoulders of Each

and Every User…….”and Every User…….”R. LaRocca 1997R. LaRocca 1997

Robert LaRocca - Director Information Technology Security

Linda Mainord – Chief Technology Officer

Joseph Moore – Chief Operations Officer

Topics for Discussion:Topics for Discussion:

Reasons Why Information Security is Reasons Why Information Security is Critical to District OperationsCritical to District Operations

1.1. Keep Kids SafeKeep Kids Safe

2.2. Data ProtectionData Protection

3.3. Prevent Misuse of ResourcesPrevent Misuse of Resources

4.4. Prevent Interruption of OperationsPrevent Interruption of Operations

5.5. What IT Security Has AccomplishedWhat IT Security Has Accomplished

6.6. How We Are Addressing The IssuesHow We Are Addressing The Issues

Keep Kids SafeKeep Kids Safe

Parents trust us to keep their children Parents trust us to keep their children safe during the hours they are in our safe during the hours they are in our care. This is simply a non-negotiable care. This is simply a non-negotiable requirement that we have to meet.requirement that we have to meet.

Data ProtectionData Protection

As schools strive to increase student As schools strive to increase student achievement by collecting data about achievement by collecting data about learning performance, the resulting data learning performance, the resulting data systems become increasingly tempting systems become increasingly tempting targets for illegal activity by those seeking targets for illegal activity by those seeking to change or steal sensitive and restricted to change or steal sensitive and restricted information. (Live password cracking information. (Live password cracking demonstration)demonstration)

Prevent Misuse of ResourcesPrevent Misuse of Resources

Teachers, applications and educational Teachers, applications and educational resources are allocated to promote resources are allocated to promote learning within and beyond school walls. learning within and beyond school walls. But without security these resources can But without security these resources can be easily highjacked and used for be easily highjacked and used for launching denial of service attacks, for launching denial of service attacks, for promulgating viruses, personal business, promulgating viruses, personal business, and other inappropriate activity. The and other inappropriate activity. The growing use of wireless connectivity growing use of wireless connectivity makes this an even greater challenge. makes this an even greater challenge.

Prevent Interruption of Prevent Interruption of OperationsOperations

If our technology systems are not If our technology systems are not functional, they are not processing functional, they are not processing teaching, learning, administration, or any teaching, learning, administration, or any other aspect of the educational process. other aspect of the educational process. Without continually enhancing the Without continually enhancing the evolvement of security, the responsibility evolvement of security, the responsibility of maintaining systems operational will of maintaining systems operational will quickly overwhelm critical resources within quickly overwhelm critical resources within our district.our district.

Through Board Action and Approval Through Board Action and Approval We Have Accomplished:We Have Accomplished:

IPS – Intrusion Prevention Scanning IPS – Intrusion Prevention Scanning – Live DemoLive Demo– Our Network is attacked approximately 16,000 times a dayOur Network is attacked approximately 16,000 times a day

E-Mail ScanningE-Mail Scanning– Removing Viruses and Spam From E-mailRemoving Viruses and Spam From E-mail– 100,000 E-Mails per week are sent to the district – 100,000 E-Mails per week are sent to the district –

(Phishing Demo)(Phishing Demo)– 60,000 are blocked as spam or unacceptable60,000 are blocked as spam or unacceptable

DeskTop Security – DeskTop Security – Patching, Service Packs, Removing Patching, Service Packs, Removing Unauthorized Files, Asset Inventory, Application Deployment Unauthorized Files, Asset Inventory, Application Deployment (Sample Hacking tool Report)(Sample Hacking tool Report)

Internet Filtering – Internet Filtering – Lexicons, Abuse, AppealsLexicons, Abuse, Appeals

Redundant Firewalls – Redundant Firewalls – Hot FailoverHot Failover

Virus ProtectionVirus Protection – 700 Servers and 65,000 – 700 Servers and 65,000 Desktops are Updated DailyDesktops are Updated Daily

Enterprise BackupsEnterprise Backups – 176+ Locations, – 176+ Locations, – All critical Applications = 37 Terabytes of data All critical Applications = 37 Terabytes of data

(37,000,000,000,000 TB)(37,000,000,000,000 TB)

Web Caching – 60% of Schools are installedWeb Caching – 60% of Schools are installed– Throughput speed has doubled, access time has Throughput speed has doubled, access time has

been cut in half.been cut in half.

Accomplishments (cont.)Accomplishments (cont.)

How We Continue To Address The How We Continue To Address The IssuesIssues

Awareness ProgramAwareness Program– Monthly Security Web ArticlesMonthly Security Web Articles– PostersPosters– BulletinsBulletins– Site VisitsSite Visits– Security Week – Hack Me Contest – Student Security VideoSecurity Week – Hack Me Contest – Student Security Video– Reward program – Students who discover vulnerabilitiesReward program – Students who discover vulnerabilities

Token Security For Administrators (Token Security For Administrators (Provide SampleProvide Sample))Student ID’s and Identity Mgmt– Student ID’s and Identity Mgmt– Accountability, Accountability, ResponsibilityResponsibility

Centralization – Centralization – Monitoring, Access, and MaintenanceMonitoring, Access, and Maintenance

Auditing Critical Applications – Auditing Critical Applications – Logging, ReportingLogging, Reporting

Investing In Leading Edge TechnologyInvesting In Leading Edge TechnologyStrict Password Rules and ExpirationsStrict Password Rules and ExpirationsBOARD SUPPORT!!!!BOARD SUPPORT!!!!