K-12 improving cybersecurity, lags behind other sectors


The K-12 education sector is improving its cybersecurity capabilities over time, but it lags behind other sectors in terms of cybersecurity program maturity, says a study issued Monday.

K-12 organizations have limited internal resources for confronting sophisticated threats, with nearly a fifth of K-12 schools committing less than 1% of their information technology budget on cybersecurity, says the study by the Greenbush, New York-based Center for Internet Security, a nonprofit that focuses on critical infrastructure cybersecurity in the United States, and the Multistate Information Sharing & Analysis Center. 

The center is funded by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and a CIS division.

The report says the sector’s top security concerns are a lack of sufficient funding, the increasing sophistication of threats, a lack of documented processes and of a cybersecurity strategy, and the inadequate availability of cybersecurity professionals.

The study says areas where K-12 schools are generally performing well are in identity management and access control; awareness and training; and in their business environment, in terms of how their missions, objectives, stakeholders and activities are understood and prioritized.

The study says areas where K-12 schools are generally performing poorly, based on the Gaithersburg, Maryland-based National Institute of Standards and Technology’s cybersecurity framework, are in protective technologies, supply chain risk management and data security.

Among recommended actions are encrypting data on removable media, establishing and maintaining a data recovery process, and conducting threat modeling, the report says.

 

 

admin

admin

Leave a Reply

Your email address will not be published. Required fields are marked *