Proactive Cybersecurity Strategies for K-12 School Districts
Tactical planning steps school districts can take to help prevent and mitigate the costly ramifications of cyberattacks.
This cybersecurity overview contains strategies and tactics school districts should consider implementing as part of their cybersecurity posture. This list is not exhaustive and is not intended to serve as the playbook for preventing cyberattacks; rather, we hope it serves as a helpful guide for districts crafting or reviewing their own cybersecurity policies and incident response plans.
The NIST Cybersecurity Framework is comprised of five major Functions, each of which builds on and interacts with the others. This guide focuses on Functions One and Two as critical, proactive measures that will help school districts prevent cyberattacks from occurring, potentially mitigate long-term financial loss, and help ensure business and learning continuity.
The National Institute of Standards and Technology’s (NIST) mission is to “promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.”
In 2013, NIST was tasked by an Executive Order to develop a Cybersecurity Framework which has been adopted as the basis for most cybersecurity strategies across the public and private sectors today. The Cybersecurity Framework is continuously reviewed by and updated with input from stakeholders in government, academia, and industry.
NIST’s Five Functions
The following Five Functions are defined as follows in NIST’s Cybersecurity Framework
Assists in developing an organizational understanding to managing cybersecurity risk. Understanding the context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with risk management strategy and organization needs.
Outlines appropriate safeguards to ensure delivery of critical infrastructure services. The Protection Function supports the ability to limit or contain the impact of a potential cybersecurity event.
Defines the appropriate activities to identify the occurrent of a cybersecurity event. The Detect Function enables timely discover of cybersecurity events.
Includes appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident.
Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident.