7310: Cybersecurity Protection Measures
7310: Cybersecurity Protection Measures holly Mon, 07/22/2019 - 11:10The District will implement cybersecurity protection measures consistent with Federal, State, and District requirements. The District will take all reasonable steps to protect the online privacy of staff and students. The operation and use of СѼƵ Public School’s technology resources by staff, students, vendors, and guests shall be consistent with this policy. All staff and students shall be educated about appropriate online behavior, including interacting with other individuals online, cyberbullying awareness, and how to report inappropriate online interactions. The Superintendent or their designees are authorized and directed to establish and enforce procedures to implement this policy.
47 U.S.C. § 254, 47 C.F.R. § 54.520
7310.1: Cyber Security Protection Measures: Content Filtering
7310.1: Cyber Security Protection Measures: Content Filtering holly Mon, 07/22/2019 - 11:13I. Internet Technology Protection. The District will provide technology protection measure as required by law. Technology protection measures will filter sites containing visual depictions that are obscene, child pornography, and/or with respect to technology use by minors, harmful to minors.
II. Definitions.
A. The term “technology protection measure” means a specific technology that blocks or filters Internet access to visual depictions that are:
-
Obscene, as that term is defined in 18 U.S.C. § 1460;
-
Child pornography, as that term is defined in 18 U.S.C. § 2256; or
-
Harmful to minors.
.The term “harmful to minors” means any picture, image or graphic image file, or other visual depiction that:
-
Taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion;
-
Depicts, describes, or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and
-
Taken as a whole, lacks serious literary, artistic, political, or scientific values as to minors.
.The term “minor” means an individual who has not attained the age of 17.
D. The term “sexual act” or “sexual contact” have the meanings given such terms in 18 U.S.. § 2246.
III. Disabling Internet Filtering.
A. Requests to disable or to bypass the technology protection measures shall be made to the Executive Director for Technology who shall review said requests and Internet sites to ensure that the content is not a violation of the Children’s Internet Protection Act.
B. The Superintendent or designee is authorized to disable the technology protection measures so as to enable access for bona fide research or other lawful purposes.
IV. Internet Safety and Prevention of Inappropriate Use. The District shall take all necessary and practical measures to prevent students from accessing inappropriate material online, to prevent unlawful and/or inappropriate use of the Internet and to promote safety and security while using the District’s online network.
A.The inappropriate use of the District’s online network is prohibited.
1.Inappropriate use includes: (a) unauthorized access by minors to inappropriate matter on the Internet and World Wide Web; (b) unauthorized access, including so-called hacking and other unlawful activities; (c) the unauthorized disclosure, use, and dissemination of personal identification information regarding minors; and (d) any activity that is prohibited by State or Federal law and by District policies.
B. To the extent practical, the District shall promote the safety and security of users of the District’s online computer network when using email or other forms of electronic communications.
C. The building principal, principal’s designee, or appropriate supervisor or teacher will be responsible for monitoring student usage of the Internet to ensure compliance with this and related District rules and policies.
D. The District will provide age-appropriate training for students who use the District’s network. The training will be designed to promote the District’s commitment to:
1. The standards and acceptable use of Internet services set forth in this and related District rules and policies; and
2. Student safety with regard to safety on the Internet, appropriate behavior while online and cyberbullying awareness and response.
V. Privacy. While complying with the provisions of the Children’s Internet Protection Act, all reasonable steps shall be taken to ensure that the use of the Internet shall not abridge the right of privacy of students or staff as provided by law including, but not limited to, the Family Educational Rights and Privacy Act (FERPA).
Children’s Internet Protection Act, 47 U.S.C. § 254, 47 C.F.R. § 54.520
7310.2: Cyber Security Protection Measures: Password Creation and Management
7310.2: Cyber Security Protection Measures: Password Creation and Management jmcarson1 Mon, 02/13/2023 - 16:10To ensure security for staff and student accounts the following requirements will be followed. Staff passwords are not accessible by District Technology Staff. Staff passwords can be reset by District Technology or by the individual staff member using the portal. Student passwords are the property of the District and will be managed as such.
Staff Password Requirements:
1. Initial passwords are created by the District. Staff are expected to change this password during their onboarding process.
2. Passwords must be a minimum of fifteen characters long.
3. Staff will be required to reset their password if alerted by the Technology Division that their account or password is compromised. Staff failing to comply with this measure will have their password reset by the Technology Division which may suspend that staff member’s access to systems.
Student Password Requirements:
1. Passwords are created by the District and shared with students.
2. To change a student password the building administrator will make a request with the Technology Division.
3. Changes to student passwords will be communicated to СѼƵ.
4. In the event that a student account or password is compromised the student password will be reset by the Technology Division.
7310.3: Cyber Security Protection Measures: Multi-factor Authentication (MFA)
7310.3: Cyber Security Protection Measures: Multi-factor Authentication (MFA) jmcarson1 Mon, 02/13/2023 - 16:09Multi-Factor Authentication (MFA) is a security feature that requires a user to validate their identity using something you know (e.g., user name and password) and something you have (e.g., your phone/fob) to access a District computer system or resource. Staff members will be assigned to one of the following levels based on their job function:
MFA Levels
Level III (High)
MFA at the device level (login into the computer), MPS portal, and any services not available through the portal that can implement MFA through DUO.
Level II (Medium)
MPS portal and other online services not available through the portal that can implement MFA through DUO.
Level I (Minimum)
MPS portal only. Staff will only be required to MFA into the MPS portal. The portal allows access to the most widely used web-based services of staff.
Level 0 (No MFA)
Users are not required to utilize MFA to access to any systems. Level 0 users do not have email access outside the MPS domain.
7310.4: Cyber Security Protection Measures: Disaster Recovery
7310.4: Cyber Security Protection Measures: Disaster Recovery jmcarson1 Mon, 02/13/2023 - 16:08The Superintendent or their designee will identify critical business assets, and define the systems and activities needed to ensure their continuity in a physical or cybersecurity disaster.
7310.5: Cyber Security Protection Measures: Data Encryption & Retention
7310.5: Cyber Security Protection Measures: Data Encryption & Retention jmcarson1 Mon, 02/13/2023 - 16:07The Superintendent or their designee will define when encryption will be used on District systems and equipment, what encryption technologies or algorithms are acceptable, and the length of time encrypted data will be retained.
7310.6: Cyber Security Protection Measures: Email
7310.6: Cyber Security Protection Measures: Email jmcarson1 Mon, 02/13/2023 - 16:04Email is essential for СѼƵ. Due to its potential to introduce security threat(s) to our network and systems, staff and students are expected to use common sense when sending and receiving emails using СѼƵ Public School accounts. The District will administer and secure the СѼƵ Public School’s email system so that it allows staff and students to be productive while at the same time working to prevent email-related security incidents.
The Superintendent or their designee will implement procedures and systems necessary to meet the requirement of this rule.
7310.7: Cyber Security Protection Measures: Physical Network Infrastructure Security
7310.7: Cyber Security Protection Measures: Physical Network Infrastructure Security jmcarson1 Mon, 02/13/2023 - 16:00Physical network security measures will be established by the Superintendent or their designee. Physical security measures will prevent access by unauthorized personnel to our Main Distribution Facilities (MDFs), Intermediate Distribution Facilities (IDFs), and other network locations.
Access to MDFs, IDFs, and other network locations will be controlled by the СѼƵ Technology Division. The storing of any non-network or non-technical equipment, without authorization by the Technology Division, is prohibited in these areas.
The use of MDFs, IDFs, and other network locations for any other school purpose is prohibited unless authorized by the Superintendent, Chief Financial Officer, Executive Director of Technology, or the District Technology Manager.
7310.8: Cyber Security Protection Measures: Virtual Private Network (VPN) Remote Access
7310.8: Cyber Security Protection Measures: Virtual Private Network (VPN) Remote Access jmcarson1 Mon, 02/13/2023 - 15:57The Superintendent or their designee will define rules for connecting to the СѼƵ Public School’s network and systems from outside our Wide Area Network (WAN) using VPN connections. They will also specify what remote authentication methods can be used and what other security measures are necessary for access.