Information Security and Data Privacy

The MDE and educators across Mississippi school districts are committed to ensuring the confidentiality of student data while enabling that information to be used appropriately to improve student outcomes.

K12 Security Advisory Guidance for Improving Cyber Security in Mississippi School Districts

Information Security, or Cybersecurity is a dynamic, ever-evolving field. The days of a school district addressing its data security concerns through the purchase of fireproof cabinets have given way to fighting daily online attacks from overseas parties. The emergence of new threats is happening in a world where near-instant access to student and district information is expected not only by school employees, but also by numerous stakeholders. Layer into this the need to attend to regulatory issues such as the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA), and the complexities of school districts’ cybersecurity status can seem overwhelming.

Mississippi school district personnel wrestling with cyber security challenges have expressed their desire for guidance from the Mississippi Department of Education (MDE). In response, and in cooperation with district technology directors, MDE’s Office of Technology and Strategic Services (OTSS) is creating a series of guidance webinars and documentation to advise district administrators, technology directors, and staff on these issues and support them as they develop and/or revise their district’s cybersecurity plan.

MAY 2023: Introduction

The Guidance program launched on May 31, 2023:

Webinar

MDE K12 Security Guidance Introduction Webinar: A discussion with Greg Mallette (CISA) and Dr. Tracy Daniel-Hardy

slide deck Please click here to download a copy of the slide deck

Framework of Guidance to Districts

The guidance given to district in three parts:

To Know: What do districts need to know about their current cybersecurity state to understand their level of risk and to determine next steps?

June 2023: “To Know”

“To Know” event took place on June 28, 2023. The recording from the webinar are available in three parts.

webinar1

To Know “Webinar Recording Part 1- with Greg Millette and Shelly Hollis” - a discussion about assessments and how they help districts “To Know”.

webinar2

5 Minute “Discussion on Vulnerability Scans with Dr. Tracy” - a Technology Director’s take on using CISA assessments.

webinar3

To Know “Webinar Recording – with Technology Coordinators Part 2” - a discussion with other Technology Directors on what “To Know”.

deck Please click here to download a copy of the slide deck

to know Click here to download the “To Know” Guidance document for districts.

September 2023: “To Do: The Mitigation Feedback Loop”

“To Do: The Mitigation Feedback Loop” event took place on September 22, 2023.

	To Do: A Discussion with Bobby Freeman - a discussion with Bobby Freeman the director of Mississippi Cyber Unit about the State and Local Government Grant for 2022-2023.
	To Do: The Mitigation Feedback Loop - a webinar about the next chapter on the mitigation process districts should use to build into a cybersecurity plan.
	Please click here to download a copy of the slide deck.
	Click here to download the “To Do: The Mitigation Feedback Loop” document for districts.

November 2023: “To Do: Policies and Procedures”

	A Discussion with Steven Smith on K12 Privacy Policies.
	To Do: Policies and Procedures

October-December: “To Do”

To Do: Once the current state is understood, what do districts need to do in order to improve their cybersecurity posture?

Develop Policies and Procedures (Oct)
Training for TC (Nov)
Training for Staff (Dec)

January 2024: “To Become”

To Become: As an improvement plan is defined and implemented, how do districts alter their approach to cybersecurity issues to become nimble in handling incidents and proactively aware of emerging threats?

Districts that fully engage in the guidance provided should find themselves with a better understanding of their cybersecurity outlook and insurable.

OTSS will follow the outline below in releasing guidance over the next few months. Regular updates and refinements to content as changes in the cyber security landscape may dictate will be released as they occur.

Become Supportive: Buy-In from Supt & Administration.
Become Ready – Have PLANs Cybersecurity Incidents.
Become Proactive, including future risks, emerging tech/strategies.
Become Insured – not necessarily the end goal but to be insurable should be A goal of all school districts.

February 2024: Final Release

Issuing Final Guidance Document
Lessons Learned
Recommendations for Next Steps

Additional Resources

The Family Educational Rights and Privacy Act (FERPA): Link to this law and associated training materials
FERPA 101 for Local Education Agencies: FERPA training for districts and schools
Privacy and Education Technology: Protecting student privacy while using new instructional technology
The Protection of Pupil Rights Amendment (PPRA): Link to this law and associated guidance
Student Data Privacy Consortium: Addressing “day-to-day, real-world multi-faceted issues faced each day by privacy stewards”
Student Data Privacy Resources, Training and FAQs from the US Department of Education
What is Student Data?: Understanding the basics of student data from The Data Quality Campaign

Skip to Content

Community

Family

Educators

Administrators