The COVID-19 pandemic forced schools across the nation to increase their reliance on IT to deliver educational instruction to students. This amplified the vulnerability of K-12 schools to potentially serious cyberattacks. The US Government Accountability Office (GAO) was asked to review cybersecurity in K-12 schools. The objectives of this report…

A cybersecurity incident is an event that actually or potentially jeopardizes a system or the information it holds. When a student's personal information is disclosed, it can lead to physical, emotional, and financial harm. Organizations are vulnerable to data security risks, including over 17,000 public school districts and approximately 98,000…

"Data security" describes the protections in place to prevent unauthorized access to or acquisition of personal student and staff information. A school district's data security measures might include keeping student and staff personal data in locked filing cabinets, and limiting access to those filing cabinets to people within the school…

The purpose of this document is to provide timely and useful best practice information to help education agencies proactively prepare for, appropriately mitigate, and responsibly recover from a cybersecurity incident. This resource reflects lessons learned by the education community and provides recommendations that will help agencies protect…

The Inspector General Act of 1978 (Public Law 95-452), as amended, requires that the Inspector General report semiannually to the Congress on the activities of the Office of Inspector General (OIG) during the 6-month periods ending March 31 and September 30. This Semiannual Report presents the activities and accomplishments of the U.S. Department…

When the COVID-19 pandemic forced the closure of schools across the nation, many K-12 schools moved from in-person to remote education, increasing their dependence on IT and making them potentially more vulnerable to cyberattacks. Education Facilities, including K-12 schools, is one of the nation's critical infrastructure subsectors. Several…

Given the transition from paper-and-pencil to computer administration, policymakers must update test security laws and policies to reflect the new threats to administration. There will likely always be a need for paper-and-pencil test administration security laws and policies, given that paper test copies may be needed as an accommodation or may…

A principle responsibility of a board member is to understand the environment in which his or her institution operates. Today, that environment includes a host of legal risks that every institution of higher education must be prepared to assess and proactively address. Colleges and universities work to contain and manage those risks through such…

Surveys of New England employers, college academic officers, and graduates find that many consider today's college graduates inadequately prepared for the world of work. In 2017, the New England Board of Higher Education convened the Commission on Higher Education & Employability, under the leadership of Rhode Island Governor Gina M. Raimondo.…

Education leaders are re-examining acceptable use policies in light of the increasing use of highly mobile information technologies. While acceptable use policies were developed to manage and control behaviour, a digital citizenship policy takes a more comprehensive approach by recognizing the important role of education in preparing digital…

Whilst the association of risk with schools is predominately a negative one, fostering images of potential dangers, this paper draws upon a socio-cultural counter-discourse to explore the perceived benefits of certain risk taking activities within educational establishments. Using research data on school Internet "misuse" it is argued…