Information Security and Data Privacy

The MDE and educators across Mississippi school districts are committed to ensuring the confidentiality of student data while enabling that information to be used appropriately to improve student outcomes.

K12 Security Advisory Guidance for Improving Cyber Security in Mississippi School Districts

Information Security, or Cybersecurity is a dynamic, ever-evolving field.  The days of a school district addressing its data security concerns through the purchase of fireproof cabinets have given way to fighting daily online attacks from overseas parties.  The emergence of new threats is happening in a world where near-instant access to student and district information is expected not only by school employees, but also by numerous stakeholders.  Layer into this the need to attend to regulatory issues such as the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA), and the complexities of school districts’ cybersecurity status can seem overwhelming.

Mississippi school district personnel wrestling with cyber security challenges have expressed their desire for guidance from the Mississippi Department of Education (MDE).  In response, and in cooperation with district technology directors, MDE’s Office of Technology and Strategic Services (OTSS) is creating a series of guidance webinars and documentation to advise district administrators, technology directors, and staff on these issues and support them as they develop and/or revise their district’s cybersecurity plan.

Introduction

• MDE K12 Security Guidance Introduction Webinar: A discussion with Greg Mallette (CISA) and Dr. Tracy Daniel-Hardy
• Please click here to download a copy of the slide deck

Framework of Guidance to Districts

The guidance given to district in three parts:

To Know: What do districts need to know about their current cybersecurity state to understand their level of risk and to determine next steps?

To Know

The recording from the webinar are available in three parts.

• To Know “Webinar Recording Part 1- with Greg Millette and Shelly Hollis” – a discussion about assessments and how they help districts “To Know”.
• 5 Minute “Discussion on Vulnerability Scans with Dr. Tracy” – a Technology Director’s take on using CISA assessments.
• To Know “Webinar Recording – with Technology Coordinators Part 2” – a discussion with other Technology Directors on what “To Know”.
• Please click here to download a copy of the slide deck.
• Click here to download the “To Know” Guidance document for districts.

“To Do: The Mitigation Feedback Loop”

• To Do: A Discussion with Bobby Freeman – a discussion with Bobby Freeman the director of Mississippi Cyber Unit about the State and Local Government Grant for 2022-2023.
• To Do: The Mitigation Feedback Loop – a webinar about the next chapter on the mitigation process districts should use to build into a cybersecurity plan.
• Please click here to download a copy of the slide deck.
• Click here to download the “To Do: The Mitigation Feedback Loop” document for districts.

“To Do: Policies and Procedures”

• A Discussion with Steven Smith on K12 Privacy Policies.
• To Do: Policies and Procedures

To Do: Once the current state is understood, what do districts need to do in order to improve their cybersecurity posture?

1. Develop Policies and Procedures
2. Training for TC
3. Training for Staff

“To Become”

To Become: As an improvement plan is defined and implemented, how do districts alter their approach to cybersecurity issues to become nimble in handling incidents and proactively aware of emerging threats?

Districts that fully engage in the guidance provided should find themselves with a better understanding of their cybersecurity outlook and insurable.

OTSS will follow the outline below in releasing guidance over the next few months.  Regular updates and refinements to content as changes in the cyber security landscape may dictate will be released as they occur.

1. Become Supportive: Buy-In from Supt & Administration.
2. Become Ready – Have PLANs Cybersecurity Incidents.
3. Become Proactive, including future risks, emerging tech/strategies.
4. Become Insured – not necessarily the end goal but to be insurable should be A goal of all school districts.

Additional Resources

• The Family Educational Rights and Privacy Act (FERPA): Link to this law and associated training materials
• FERPA 101 for Local Education Agencies: FERPA training for districts and schools
• Privacy and Education Technology: Protecting student privacy while using new instructional technology
• The Protection of Pupil Rights Amendment (PPRA): Link to this law and associated guidance
• Student Data Privacy Consortium: Addressing “day-to-day, real-world multi-faceted issues faced each day by privacy stewards”
• Student Data Privacy Resources, Training and FAQs from the US Department of Education
• What is Student Data?: Understanding the basics of student data from The Data Quality Campaign