The following two exercises ask you to consider the appropriate actions to take in the event of a data breach or personally identifiable information (PII) exposure. After reading each slide, consider your next course of action, and list the steps you'd take. Then, move to the next slide.
Data Breach or PII Exposure Exercises
Questions and Considerations for Cloud Providers
If your district is considering moving its data to a cloud provider, there are some basic questions to ask in order to determine if this host environment can safely and effectively store your sensitive data. Click the key words below to learn more.
The EDUCAUSE HEISC assessment tool was created to evaluate the maturity of higher education information security programs using as a framework the International Organization for Standardization (ISO) 27002:2013 "Information Technology Security Techniques. Code of Practice for Information Security Management."
This tool was intended for use by an institution as a whole, although a unit within an institution may also use it to help determine the maturity of its individual information security program. Unless otherwise noted, it should be completed by the chief information officer, chief information security officer or equivalent, or a designee. There are a total of 101 questions. On average it takes about 2 hours for an information security officer or equivalent familiar with their environment to complete this tool.
The self-assessment has been designed to be completed annually or at the frequency your institution feels is appropriate to track maturity. The assessment tool uses the ISO 21827:2008 framework for scoring maturing, which scales from 0 to 5, with 5 being the highest level of maturity:
0. Not Performed
1. Performed Informally
3. Well Defined
4. Quantitatively Controlled
5. Continuously Improving
Answer each question by selecting the appropriate level of maturity, 0–5. Each ISO section will be added up then averaged to provide a maturity assessment for the given section.
Texas CyberSecurity Framework
There are 40 CyberSecurity attributes that DIR is tracking under SB1597, and the linked CyberCecurity Maturity Ratings Executive Summary spreadsheet shows this tracking in a bar chart. The numbering has been randomized on purpose so feel free to share it.
For each CyberSecurity objective, update columns D through I with the agency's self-assessment as to percentage (in whole numbers) of the organization that meets the DIR standard for maturity.
Column K tabulates the entries' "points" and normalizes the 6 grade levels that reflect the maturity score for the CyberSecurity objective.
Column L converts the objectives' points to the CMMI scale.
Cybrary Information: Free Cybersecurity Training
You can improve your cyber security awareness through free educational resources.
Cyber security is quickly evolving. Keep your team a step ahead by developing their skills.
- access to Cybrary's complete course library with over 2,000+ lessons,
- learning paths for learning outside the classroom, and
- reporting tools to track course completions and site usage.
Visit Cybrary to view the complete topic catalog.