1 of 5

$School or $Department of education cyber security strategy for 2024�

By $name

Template by Identity Revive

2 of 5

Executive Summary

Endorsement requested for strategy and implementation plan for cyber security

Background:

  • Key stats for your school or department of education e.g.:
    • Number of staff and students
    • Number of resources in cloud, datacenters, SaaS
    • Number of end user devices
    • Number of high rated audit issues
    • Budget for school and projection for 2023
    • Budget for state and projection for 2023

Problem / Opportunity Statement:

  • Increased regulatory focus: fines for cyber security breaches increased from $2m to $50m or 30% of turnover for corporates. Political importance of cyber security and Federal and State levels.
  • Worse threat landscape: Optus, Medibank, LJ Hooker breaches. Australia under attack. Clare O'Neil: 100 FTE deployed (combination of AFP and ASD) for cyber defense and offensive cyber.
  • Covid has seen major ransomware attacks at schools globally. E.g., LA school district Sept 2022. Cyber attacks no longer restricted to defense and finance. Schools are an easy target.
  • Increasing digital and especially social media footprint of students, online bullying, child sex offences and grooming. Cyber security skills are life skills.
  • Cyber security skills shortage globally. Opportunity to train tomorrows cyber leaders.

Recommended Solution:

  • Comprehensive cyber security control framework and zero trust architecture aligned to regulation, Essential 8 and global good cyber practices. Iterative, agile implementation plan with student, staff and community sensitivity and engagement.

To endorse the recommended strategy and implementation plan for cyber security

$org Strategic Objective Alignment

Objectives for children / education

  • Keep children and their personal information safe from cyber breaches.
  • Protect children from cyber threats
  • Train tomorrow’s cyber leaders.
  • Support remote education.

Objectives for community

  • Protect the community’s information.
  • Be a cyber security leader and champion in the community.
  • Lead by example. Show what good looks like.

Objectives for staff

  • Protect staff information.
  • Increase efficiency and reduce the risk of downtime for ransomware and other cyber incidents.
  • Support remote education and device choice.
  • Improve productivity and make teaching securely “just work”.

3 of 5

Cyber Security within $org:

Why do we need investment right now?

.

Cloud and Digital

Cyber Security for $org

Secure.

Compliant.

Within Risk Appetite.

Regulation

Ransomware

  • Educate from anywhere.
  • Students and staff using any device.
  • Keep the students, staff and community information safe. Stop a cyber breach.
  • Recovery quickly to enable education to continue.
  • Train the cyber leaders of tomorrow.

Audits

Hybrid Education

and Working

4 of 5

Strategy: Build a Zero Trust Architecture for $org

NIST SP 800-207

Security Service Edge (SSE)

  • Role based access.
  • Adaptive and ongoing authentication and MFA based on device, location, behaviour.
  • Network and endpoint security.
  • Ongoing governance especially in Cloud and SaaS.

Zero Trust Control Plane

Secure access to anything from anywhere

SaaS

IaaS / PaaS

Central sites

Schools and other sites

Staff and Students

Anywhere. On any device.

Incident response

Privacy sensitive monitoring.

Behavioural analytics.

Contain and recover.

Student coding

Macros

Non std apps

Cyber training

5 of 5

Implementation plan: agile and iterative.

Highest real world threats. Regulation.

Audit issues

Prioritize investment (Return on Security Investment).

Pilot. Student, Staff, Community involvement.

Showcase wins. Measure value.

Feedback and Program Planning.

Key challenges:

  • Budget is hard to justify. Cyber investment vs. more books, facilities, incursions etc.
  • Teachers are already stretched.
  • Education is job number one.
  • How to effectively engage students, staff and the community?

Dynamic solutions: