Unit 9 Lab Recommend IT Security Policies to Help Mitigate Risk
1. Which IT assets did you prioritize as critical to administrative or student computing?
I prioritize the file servers and the teachers’ notebook as critical to administrative and student computing.
2. List your top five (5) risk exposures for which you believe this school should have specific risk mitigation strategies.
- No firewall
- Unauthorized access to school computers
- Open connections on the WLAN.
- The principals traveling notebook can carry a virus
- wireless access ...view middle of the document...
This includes students, teachers, physical access, layout of the school and property, security measures as defined by FERPA, HIPAA, etc. A password policy needs to be in place that stresses complexity, minimum length (recommendations) and recycling or expiring passwords. This could be accomplished with a minimum length of 8 characters, one being a capital letter, one being a number, and one being a special character. Physical security should be setup in a way that there are locked, secured doors to all entrances of the school (roof, side, non-viewed storage or work areas, etc.)
4. True or False. FERPA compliance law is about protecting the primary data of students including personal information, grades, and transcripts. The law itself defines a privacy requirement but it does not specifically address security controls and security countermeasures.
5. Given that student privacy data is typically housed within administrative computers, systems, and databases, what can you do to mitigate the risk exposure that student or someone on the student or school’s network can access these systems?
A multilayered strategy combats new threats and can reduce costs while keeping students safe.