Search
Member Login

Cyber Threats: Incident Response Planning and Security Testing

Schools and districts put protections in place to prevent cybersecurity attacks or breaches. While preventative measures are imperative for protecting sensitive data and personally identifiable information, technology changes so fast that no defense mechanisms are always 100% effective. The Wisconsin Department of Public Instruction, in following NNT’s CIS Controls, has some recommendations for school and district leaders in building an incident response plan.

The main goal of incident response is to identify threats to a school or district, respond to those threats to prevent or minimize damage, and stop the threats and recover as quickly as possible. An effective documented plan will include the right investigative procedures, reporting, data collection, management responsibility, legal protocols, and communications strategy to allow a school or district to successfully detect and respond to an attack.

When developing an incident response plan include sources for protections and detections, a list of who should be called to help, and how to communicate information to leadership, employees, stakeholders, and all others affected by the incident. Make sure to review and update this plan annually or when there is a significant change that might impact the safeguards in place.

After defining a course of action, a school or district’s incident response team, or a third-party, should engage in periodic security testing. Regularly testing a school or district controls (i.e., people, processes, technology) by simulating the objectives and actions of an attacker will help identify gaps in security and assess their resiliency. Perform such tests on an annual basis or more frequently if possible.

Some additional resources that might be helpful in developing an incident response plan and security testing are as follows:

Council of Registered Security Testers (CREST) Cyber Security Incident Response Guide –https://www.crest-approved.org/wp-content/uploads/2014/11/CSIR-Procurement-Guide.pdf.

OWASP Penetration Testing Methodologies –https://www.owasp.org/index.php/Penetration_testing_methodologies

PCI Security Standards Council –https://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf.

For more information, please contact Ed Snow with the DPI’s Instructional Technology Services Team or visit https://dpi.wi.gov/cyber-security for resources and cyber/data announcements.