Lesson 16 - Security for Team II

 

David Garza

Alex Flores

MaryAnn Flores

 

Our security plan will closely follow the guidelines developed in “Safeguarding Your Technology – Practical Guidelines for Electronic Education Information Security” by the National Center for Education Statistics.  The goal for our security plan is to insure that our educational materials, software, hardware, and confidential information, are: safe from unauthorized users (computer hackers, unauthorized copying, and vandalism); protected against “mean time between failures (equipment failure, computer viruses, user error, power fluctuations, spilled beverages, and magnetic fields); and doesn’t have over bearing security that authorized users have difficulty gaining access. 

Our security plan will have these prerequisites and conditions: program directors will provide strong support for a high priority security plan, they will be prepared to invest the necessary resources for security training and they will be aware of what essential information must be secured; local, state, and federal laws and copyright and intellectual property regulations will be been taken into consideration in all security planning; a designated staff member will be specifically responsible and have appropriate authority for all security initiatives; and all staff members will always participate in all security training.

Our security plan will also conduct a risk assessment to identify critical security needs. Our team will know the potential value of our information and make infiltration of information more difficult than it’s worth.  Our assessment will take a complete look at the value of all educational materials on our computer system, the threats to our computer system, the vulnerable points within our system that are open to attack, the countermeasures taken to combat potential security threats, and how to build a trusted security system for dealing with risk.    The steps in our assessment instrument will include: 1. Identify sensitive information and critical systems (separate general/system information and sensitive information): 2. Estimate the value of system components (direct replacement cost of software or hardware): 3. Identify threats (natural, manmade unintentional, and manmade intentional): 4. Identify vulnerabilities (stolen passwords or backup copies kept on same hard drive): 5. Estimate the likelihood of potential penetration becoming an actual penetration (what is the probability of penetration due to vulnerability): 6. Identify countermeasures against perceived threats and vulnerabilities (password protection, firewalls, and encryption strategies): 7. Estimate cost of implementing countermeasures (both money and time for research, staff training, development, procurement, installation, and maintenance): 8. Select suitable countermeasures for implementation (which countermeasure make most sense and the most cost effective).

            Our team will have a security policy for development and implementation of security system.  Our policy will provide a clear, comprehensive, and well-defined plans, rules, and practices that regulate access to an organization’s system and the information included in it.  Our security policy: will address the needs identified in the risk assessment; incorporate a variety of staff member in the policy development; include reason for development, who developed and approved police, who and how will it be enforced, what assets are protected, how will security violations be reported, and what is effective and expiration date of policy.

            Security management will strive to find a sensible balance between system defense and user independence and convenience.  A computer lab/security manager will be hired to: communicate to staff that protecting the integrity of security is in everyone’s best interest; provide security training to staff; operate, maintain and monitor security system; develop a backup security plan; manage user accounts appropriately; and update virus protection software when needed. All security measures will also be evaluated every six months for quality and effectiveness.

            The physical location of the computer system will be located in a large one-classroom environment with two exits and no windows.  The room will be well ventilated, air-conditioned and contain a security/fire alarm system that is hooked up to the local authorities.  The server and all computers will all have surge protectors.  All instructional material and all other information related to our educational program will be backed up using most economical software/hardware (zip dives, CD’s, etc), and protected by the latest and most effective virus protection software (Norton Antivirus, etc) and desktop protection software (Fortress, Full Control, etc).  All computers will have administrator/system passwords and all authorized users will required to use passwords to enter instructional program.  Passwords will be updated every 15 days or when required because of unauthorized system penetration.