Miami-Dade County keeps finger on pulse of threat landscape
In the Miami-Dade County Public Schools, the fourth largest school system in the U.S. with an enrollment of more than 356,000 students, network security has always been of paramount importance.
“We strive to keep our finger on the pulse of the threat landscape to continually refine our approach and to strengthen security protocols,” said Deborah Karcher, chief information officer for the school system. By many measures, Miami-Dade has its finger in the right place.
The school district was one of only seven school systems so far to earn the Consortium for School Networking’s new Trusted Learning Environment Seal for its commitment to ensure the privacy and security of student data.
Selected from nearly 90 school district applicants nationwide, Miami-Dade was chosen for demonstrating effective practices on several dimensions:
- Leadership, including collaboration with stakeholders.
- Business practices, including establishing acquisition vetting processes and contracts that address compliance with laws while supporting innovation.
- Data security, including performing regular audits of data privacy and security practices.
- Professional development, including requiring school staff to conduct privacy and security training.
- Classroom procedures, to ensure transparency while advancing curricular goals.
EdScoop recently spoke to members of Miami-Dade’s information security team about how their efforts helped them earn the CoSN seal. Participating in the discussion were Karcher, CIO for IT services; Paul Smith, district director for data security and technical services; Eddie McAuliff, chief information security officer for security and technical services; and Sharon Dixon, supervisor for long range planning, client and business services.
EdScoop: What motivated your district to pursue the seal?
Karcher: It was an opportunity for us to talk about what we have done as a district in terms of security. We wanted to see where we stood in terms of other school districts and how we compared.
What challenges did you face before you embarked on this project?
Karcher: The challenge is [trying] to maintain an educational environment as opposed to a Wi-Fi café. We want [students] to use our Internet but we want them to use it safely.
McAuliff: On any given day, we could have close to 400,000 connected devices to our network at any time, which introduces a lot of potential entry points or vectors where somebody could do something inappropriate or exploit vulnerability. Trying to stay a step ahead of our students is probably one of the biggest challenges.
Smith: In any industry but especially in education, [the challenge] is how to provide a learning environment where you expect to be free and do whatever you want and keep it secure as well. We have to try to make it as transparent as possible but sometimes the two different goals conflict. If we wanted to, we can be so stringent that we can almost ensure that nothing gets through but then the learning environment suffers. So we try to maintain a balance [between] what is acceptable in the learning environment and how far can we push that boundary for security.
What steps did you take to accomplish this and what resources were required to do it?
Karcher: With all the school districts, there are never enough resources. So we went for the seal with whatever resources we had and pulled it altogether with [support from] the different groups who assist or augment the security group.
McAuliffe: It’s a collaborative effort among different departments in the district. [For example] some of the stuff that helped us qualify for seal is based on policies, which we received instruction on.
Dixon: We have standards and procedures in place, and we meet regularly with [people from other departments] areas to make sure that they’re up to date on what’s current.
What lessons did you and your team learn?
Karcher: [The CoSN effort] shored up or validated our reasons for wanting to do other things that weren’t being done — for instance, getting additional tools to help us find out more about where the threats are coming from [and doing] penetration tests. [Also] keeping our security awareness at a heightened level needs to be something that we do all the time [along with] digital citizenship to remind our students and parents that the threat may not just malware but bullying and other types of things that can happen on the Web.
How do you feel this will help elevate your district’s reputation?
Karcher: We were just kind of baselining ourselves with [CoSN but] now we’re really going to use it to say that we have not a perfect system but a very, very sound and safe system. A lot of parents have a genuine concern about the Internet and the safety and security of students’ information. We can use this to help validate [our security practices] and make the community feel better about what’s happening here at Miami-Dade.
What tips or advice might you offer other school districts?
Karcher: I think the pillars that CoSN established — leadership, business, data security, professional development and classroom — are important. Not one particular thing is going to take care of the other things that you don’t do. There isn’t any magic bullet. Security needs to be taken seriously and it needs leadership behind it to [ensure] your employees and students follow security guidelines.