Safe, secure, resilient, and accessible education system infrastructure, both physical and digital, is an essential factor for success. Yet, the digital infrastructure in the nation's K-12 schools is increasingly under threat from malicious cyber actors. This fact sheet: (1) describes the most common types of cyber threats currently facing school…

The Cybersecurity Ambassador Program provides professional skills training for emerging cybersecurity professionals remotely. The goal is to reach out to underrepresented populations who may use Federal Work-Study (FWS) or grant sponsored internships to participate. Cybersecurity Ambassadors (CAs) develop skills that will serve them well as…

This Information Technology Specialist Resource List provides resources on understanding the role of information technology specialists in supporting school safety before, during, and after an emergency. Resources are organized into the following categories: (1) Cybersecurity and Cyber Safety Considerations for Schools and Districts; (2)…

This is the second in a series of five briefs published by the U.S. Department of Education Office of Educational Technology on the key considerations facing educational leaders as they work to build and sustain core digital infrastructure for learning. These briefs offer recommendations to complement the fundamental infrastructure considerations…

The objective of this audit was to determine whether the U.S. Department of Education's (Department) overall information technology (IT) security programs and practices were effective as they relate to Federal information security requirements. In fiscal year (FY) 2020, the focus of the audit was solely on Departmental Systems. This year the focus…

The paper discusses the use of "Productive Disciplinary Engagement" (PDE) for a curricular project that features a technology-based alternate reality game (ARG) with the objective of teaching undergraduate students about the collaborative nature of STEM careers. Much of the PDE research uses PDE as either a design-principle or as an…

The purpose of this document is to provide timely and useful best practice information to help education agencies proactively prepare for, appropriately mitigate, and responsibly recover from a cybersecurity incident. This resource reflects lessons learned by the education community and provides recommendations that will help agencies protect…

Schools (public and nonpublic) and school districts face a myriad of challenging hazards and threats. In addition to natural hazards, technological hazards, and biological hazards, they now have to prepare for human-caused cyber threats. These incidents can be accidental or deliberate and disrupt education and critical operations; expose sensitive…

The ability to securely connect to virtual systems is an important element within a safe and supportive learning environment. This is particularly the case within institutions of higher education (IHEs), where students are increasingly learning in digital formats; faculty, staff, and visitors are constantly accessing and sharing information…

Many entrepreneurs and small business owners lack disaster recovery plans, which minimize business disruptions caused by failures of critical technical systems. Typically, technology is not the main focus for a small business owner, as most of their time is spent focused on business operations. This case study demonstrates that when a business…

A qualitative research study was conducted to identify, describe, and understand the perceptions of administrators of public school districts in northeast Tennessee regarding school safety. Using a semi-structured interview process, the researcher identified emerging themes regarding the factors most associated with safe school districts, the…

This case study follows the security breach that affected Target at the end of 2013 and resulted in the loss of financial data for over 70 million customers. The case provides an overview of the company and describes the reasons that led to one of the biggest security breaches in history. It offers a discussion on Target's vendor management…

Developing nations have been slow to develop and implement cybersecurity strategies despite a growing threat to governance and public security arising from an increased dependency on Internet-connected systems in the developing world and rising cybercrime. Using a neorealist theoretical framework that draws from Gilpin and Waltz, this qualitative…

School system leaders never know when disaster may strike. Having a plan in place to protect vital data and systems is crucial. School system leaders need to be actively involved in crisis preparedness, planned response, and recovery to ensure student and staff safety and to make certain that all important operations, services, processes, and…

School business administrators have long recognized the need for a workable data recovery plan regardless of cause. Yet many have not reassessed their current data backup and recovery capabilities, perhaps because they have not experienced a catastrophic failure. There are three reasons school business administrators may not realize or recognize…