Вы находитесь на странице: 1из 3

Jeremy Nishihara

Session 5.2 – Cybersecurity Fundamentals


Curriculum Summary

The ninth session of the 2019 Chief Technology Officer Mentor (CTOM) training program, titled
Session 5.2 – Cybersecurity Fundamentals, was a full day course held on Saturday, June 8,
2019, in Orange County, CA. The overall goals for the day were for cohort members to
demonstrate familiarity with the resources that need to be protected by network security in the
K12 environment, familiarity with cybercrime and web defacement hacks, a working knowledge
of one or more tools used in network security, familiarity with the fundamentals of cyber security
incident response planning and implementation, and demonstrate the ability to communicate the
details of a cyber security incident, from discovery to resolution, to relevant organization
stakeholders.

The agenda for the day focused on the following main topics: 1) Introduction to cybersecurity in
K12 environments, 2) Understanding cyber security threats, 3) Cybersecurity tools and defense
resources, 4) Introduction to SANS Critical Security Controls (CIS), 5) Introduction to Incident
Response, and 6) Developing a culture of cybersecurity awareness. The instructor pointed out
that the main objective of the class is to learn how to manage risk to the organization and will
focus on process and procedures.

The first discussion point was an overall introduction to cybersecurity in the K12 environment.
The instructor made the point that the world is now hyper-connected and it is projected that
there will be 50 billion devices on earth by 2020. LEAs take stakeholder data, input the data into
numerous systems, integrate the systems across the district, store the information on hosted
networks, and then connect those networks to the world. Cybersecurity is the practice of
protecting computer systems, networks, and programs from digital attacks since if one system
goes the entire organization can struggle to operate. In addition, data breach incidents can put
the educational and business processes of a district at risk and cost upwards of $70 per leaked
record.

The next part of the class was a discussion to gain an understanding of cyber security threats.
The cohort members discussed the fact that the most common threats include ransomware,
malware, social engineering (hacked information that serves a particular agenda), and phishing
attacks (usually associated with financial gain). It was pointed out that the State of California
requires entities to publicly notify those affected by a data breach. The instructor outlined the
numerous State and Federal laws and regulations, such as FERPA and COPPA to illustrate the
relationship between cybersecurity and data governance to keep data safe, secure, and
accessible.

Cybersecurity tools and defense resources was the next topic discussed in class. The class was
asked to discuss the resources that need to be protected by network security in the K12
environment. These resources include infrastructure, systems, data, finances, and district
reputation. The class participants were asked to reflect on what is the impact of a prolonged
network or system outages, as well as what is the financial cost to recover or recreate the data.
In order to protect against these threats, districts need to take a systematic approach to
resource protection. Protection requires the following four aspects: 1) Standards, 2)
Investments, 3) Assessment, and 4) Communication. In order to implement the right protective
tools, CTOs must understand what they are protecting against. The instructor presented a social
engineering video which highlighted how hacks usually happen through some type of phishing
or credential stealing. It was noted that even the most sophisticated users can be tricked into
giving up credentials and that users need to be educated over and over again. Other threats
that were discussed included DDoS attacks, website defacement, the Darknet, USB keylogger,
viruses, ransomware, and crypto-currency mining. All of these threats are becoming more
common and more costly for districts. It was suggested that a great network security tool was
the Nessus Scan that was created as one of the prerequisites for the class. Other suggested
tools were Shodan.io to detect network vulnerabilities, password managers, server
segmentation, and encryption tools. The instructor reminded the class that security is a process
not a product. As such there are no magic bullets.

The instructor then went over the requirements for Artifact 1 of the session. The artifact was
designed for candidates to demonstrate the ability to incorporate the results of one or more tools
used in network security to mitigate potential security problems and to keep stakeholders
informed of the organization’s security posture. Using the Nessus scan, candidates need to
write an analysis of what the report contained and create a short vulnerability mitigation and
communication plan.

The class was then provided an introduction to SANS Critical Security Controls (CIS). CIS is a
framework of practices, policies, and recommendations that can be implemented at the local
level. The framework is based on the NIST Framework and is supported by several public
sector partners and is an easy way to start implementing cybersecurity protections. CIS
contains 20 items that broken up into three main sections.

As a follow-up to the CIS conversation, the class began a more in-depth review of the steps to
take when responding to a cybersecurity incident. The first step is to determine who should
serve on the incident response team. There needs to be a CTO/IT Leader, risk manager,
business/fiscal executive representative, communications officer, facilities, instruction
representative, human resources, and purchasing. The instructor shared the seven steps for
incident response, which include identification of incident, select incident commander, activate
response team, create documentation, follow containment and mitigation, assesses effects, and
follow recovery processes, and complete the incident response form.

The last topic discussed was how CTOs can develop a culture of cybersecurity awareness. This
section kicked-off with a table top activity where groups of students planned a response to a
typical cybersecurity event. Once developed, the groups reported out their responses.

The session concluded with the requirements for the second artifact for the session. Candidates
were asked to draft an initial incident response plan based on the team scenario provided in
class. This plan should demonstrate the candidates’ understanding about how to respond to an
incident using the best practices discussed in the class and in their readings.