Before implementing the framework’s five pillars — identify, protect, detect, respond and recover — school districts should form a team of stakeholders to execute and oversee the work. Cybersecurity responsibility should be collective, not the sole function of one person. These five pillars offer a clear, continuous model for all school districts.
Districts must first identify the assets in their organization, which extend beyond devices to include personnel, systems and facilities. As part of this step, districts should gather all the policies, processes and procedures used to manage and inform their cybersecurity risk, then conduct a risk assessment to fully understand the organization’s vulnerability, encompassing supply chain risks.
Second, protect the organization by granting access only to authorized users. Guarantee that policies clearly specify which authorized individuals can access relevant data structures and safeguard the confidentiality, integrity and availability of information. Use an identity management and authentication tool to ensure appropriate staff have access to authorized activities and transactions. Awareness, education and financial resources are crucial for safeguarding information.
Third, detect anomalies through dedicated staff monitoring and verification of protective measures.
Fourth, prepare to respond to a compromise by promptly notifying relevant parties and containing the situation. Know, in advance, who internally and externally should be notified immediately. Ensure structures are in place to prevent the expansion of the event and to mitigate the effects. Provide a safe space, free of blame, to discuss lessons learned for improvement.
Finally, establish and maintain recovery procedures to ensure system restoration. Encourage a blame-free discussion for improvement, involving internal and external stakeholders, and learn from any mistakes.
