CoSN Issues K-12 Cybersecurity Guide to Meet NIST Standards

The nonprofit Consortium for School Networking (CoSN) this week published a free guide of resources for educators to enhance their data protection systems regardless of their level of experience with cybersecurity.

CoSN's "NIST Cybersecurity Framework Resources Alignment for K-12" is organized around five key concepts — identify, protect, detect, respond and recover, with descriptions of various subcategories listed below each, along with a variety of resources, most of which are free. For example, under the "protect" category, if a viewer clicks on the "protective technology" subcategory, a link appears for another CoSN page — “three things you can do in less than three hours of work to significantly reduce cybersecurity risk.” The three steps noted and explained on that page include emphasizing backups, eliminating the use of print spoolers and updating firewall rules.

Not every resource is linked to CoSN. For example, under the "identify" category and the "risk management strategy" subtopic, one of the links connects the user to a paper from the U.S. Department of Education.

CoSN's new resource expands upon previous efforts to incorporate NIST (National Institute of Standards and Technology) guidelines into K-12 cybersecurity measures. During the International Society for Technology in Education conference in June, for example, representatives from the Cybersecurity Coalition for Education outlined a rubric they created that allows school leaders assess their cybersecurity capabilities and become certified cybersecurity evaluators.

While NIST’s standards are compatible with the needs of school districts, better explanations and more specific guidance was necessary to give educators and K-12 IT professionals the tools to protect student and employee data, said Amy McLaughlin, CoSN cybersecurity project director.

“NIST’s [guide] is 100 pages,” she said. “With that you have some sort of a framework, but it still seems like you have to make your own version of the wheel. We were able to provide more direction, provide templates and a step-by-step process for talking to stakeholders.”
McLaughlin, who spent about four months on this project, said those who visit the website will be pleasantly surprised to learn how much they can do to improve their district’s cybersecurity without spending money. And while the website suggests some tools based on the size of the school and other particulars, it is brand-agnostic and does not show favoritism to any companies.

She also noted that CoSN’s framework is a live site that will be updated regularly, with an article on building a “cybersecurity culture” to be added by year’s end. McLaughlin stressed that this resource, while considered a guide with multiple steps, does not require viewers to follow the concepts or topics in any order.

“We tried hard to be expansive, but we don’t want anyone to feel overwhelmed when they look at it,” she said. “If your district doesn’t have anything in place yet, start with risk assessment. The only thing you can do wrong is to do nothing.”