7310: Cybersecurity Protection Measures

7310: Cybersecurity Protection Measures holly Mon, 07/22/2019 - 11:10

The District will implement cybersecurity protection measures consistent with Federal, State, and District requirements.  The District will take all reasonable steps to protect the online privacy of staff and students. The operation and use of Millard Public School’s technology resources by staff, students, vendors, and guests shall be consistent with this policy. All staff and students shall be educated about appropriate online behavior, including interacting with other individuals online, cyberbullying awareness, and how to report inappropriate online interactions. The Superintendent or their designees are authorized and directed to establish and enforce procedures to implement this policy.

Date of Adoption
April 16, 2001
Date of Revision
June 7, 2004
May 7, 2012
January 20, 2020
February 6, 2023
Reaffirmed
August 21, 2006
October 16, 2006

7310.1: Cyber Security Protection Measures: Content Filtering

7310.1: Cyber Security Protection Measures: Content Filtering holly Mon, 07/22/2019 - 11:13

I. Internet Technology Protection.    The District will provide technology protection measure as required by law.  Technology protection measures will filter sites containing visual depictions that are obscene, child pornography, and/or with respect to technology use by minors, harmful to minors.

II. Definitions.

A. The term “technology protection measure” means a specific technology that blocks or filters Internet access to visual depictions that are:

  1. Obscene, as that term is defined in 18 U.S.C. § 1460;

  1. Child pornography, as that term is defined in 18 U.S.C. § 2256; or

  1. Harmful to minors.

B. The term “harmful to minors” means any picture, image or graphic image file, or other visual depiction that:

  1. Taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion;

  1. Depicts, describes, or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and

  1. Taken as a whole, lacks serious literary, artistic, political, or scientific values as to minors.

C. The term “minor” means an individual who has not attained the age of 17.

D. The term “sexual act” or “sexual contact” have the meanings given such terms in 18 U.S.C.  § 2246.

III. Disabling Internet Filtering.

A. Requests to disable or to bypass the technology protection measures shall be made to the Executive Director for Technology who shall review said requests and Internet sites to ensure that the content is not a violation of the Children’s Internet Protection Act.

B. The Superintendent or designee is authorized to disable the technology protection measures so as to enable access for bona fide research or other lawful purposes.

IV. Internet Safety and Prevention of Inappropriate Use.  The District shall take all necessary and practical measures to prevent students from accessing inappropriate material online, to prevent unlawful and/or inappropriate use of the Internet and to promote safety and security while using the District’s online network.

A. The inappropriate use of the District’s online network is prohibited.

1. Inappropriate use includes: (a) unauthorized access by minors to inappropriate matter on the Internet and World Wide Web; (b) unauthorized access, including so-called hacking and other unlawful activities; (c) the unauthorized disclosure, use, and dissemination of personal identification information regarding minors; and (d) any activity that is prohibited by State or Federal law and by District policies.

B. To the extent practical, the District shall promote the safety and security of users of the District’s online computer network when using email or other forms of electronic communications.

C. The building principal, principal’s designee, or appropriate supervisor or teacher will be responsible for monitoring student usage of the Internet to ensure compliance with this and related District rules and policies.

D. The District will provide age-appropriate training for students who use the District’s network.  The training will be designed to promote the District’s commitment to:

1. The standards and acceptable use of Internet services set forth in this and related District rules and policies; and

2. Student safety with regard to safety on the Internet, appropriate behavior while online and cyberbullying awareness and response.

V. Privacy. While complying with the provisions of the Children’s Internet Protection Act, all reasonable steps shall be taken to ensure that the use of the Internet shall not abridge the right of privacy of students or staff as provided by law including, but not limited to, the Family Educational Rights and Privacy Act (FERPA).                                                    

Date of Adoption
April 16, 2001
Date of Revision
June 7, 2004
August 21, 2006
May 7, 2012
January 20, 2020
February 6, 2023
Reaffirmed
October 16, 2006

7310.2: Cyber Security Protection Measures: Password Creation and Management

7310.2: Cyber Security Protection Measures: Password Creation and Management jmcarson1 Mon, 02/13/2023 - 16:10

To ensure security for staff and student accounts the following requirements will be followed.  Staff passwords are not accessible by District Technology Staff.  Staff passwords can be reset by District Technology or by the individual staff member using the portal. Student passwords are the property of the District and will be managed as such.

Staff Password Requirements:
1.    Initial passwords are created by the District. Staff are expected to change this password during their onboarding process.
2.    Passwords must be a minimum of fifteen characters long.
3.    Staff will be required to reset their password if alerted by the Technology Division that their account or password is compromised. Staff failing to comply with this measure will have their password reset by the Technology Division which may suspend that staff member’s access to systems.

Student Password Requirements:
1.    Passwords are created by the District and shared with students.
2.    To change a student password the building administrator will make a request with the Technology Division.
3.    Changes to student passwords will be communicated to the school.
4.    In the event that a student account or password is compromised the student password will be reset by the Technology Division.
 

Date of Adoption
February 6, 2023

7310.3: Cyber Security Protection Measures: Multi-factor Authentication (MFA)

7310.3: Cyber Security Protection Measures: Multi-factor Authentication (MFA) jmcarson1 Mon, 02/13/2023 - 16:09

Multi-Factor Authentication (MFA) is a security feature that requires a user to validate their identity using something you know (e.g., user name and password) and something you have (e.g., your phone/fob) to access a District computer system or resource. Staff members will be assigned to one of the following levels based on their job function:

MFA Levels
Level III (High)

MFA at the device level (login into the computer), MPS portal, and any services not available through the portal that can implement MFA through DUO.

Level II (Medium)
MPS portal and other online services not available through the portal that can implement MFA through DUO.

Level I (Minimum)
MPS portal only. Staff will only be required to MFA into the MPS portal. The portal allows access to the most widely used web-based services of staff.

Level 0 (No MFA)
Users are not required to utilize MFA to access to any systems. Level 0 users do not have email access outside the MPS domain.
 

Date of Adoption
February 6, 2023

7310.4: Cyber Security Protection Measures: Disaster Recovery

7310.4: Cyber Security Protection Measures: Disaster Recovery jmcarson1 Mon, 02/13/2023 - 16:08

The Superintendent or their designee will identify critical business assets, and define the systems and activities needed to ensure their continuity in a physical or cybersecurity disaster.

Date of Adoption
February 6, 2023

7310.5: Cyber Security Protection Measures: Data Encryption & Retention

7310.5: Cyber Security Protection Measures: Data Encryption & Retention jmcarson1 Mon, 02/13/2023 - 16:07

The Superintendent or their designee will define when encryption will be used on District systems and equipment, what encryption technologies or algorithms are acceptable, and the length of time encrypted data will be retained.

Date of Adoption
February 6, 2023

7310.6: Cyber Security Protection Measures: Email

7310.6: Cyber Security Protection Measures: Email jmcarson1 Mon, 02/13/2023 - 16:04

Email is essential for Millard Public Schools. Due to its potential to introduce security threat(s) to our network and systems, staff and students are expected to use common sense when sending and receiving emails using Millard Public School accounts.  The District will administer and secure the Millard Public School’s email system so that it allows staff and students to be productive while at the same time working to prevent email-related security incidents.  

The Superintendent or their designee will implement procedures and systems necessary to meet the requirement of this rule.
 

Date of Adoption
February 6, 2023

7310.7: Cyber Security Protection Measures: Physical Network Infrastructure Security

7310.7: Cyber Security Protection Measures: Physical Network Infrastructure Security jmcarson1 Mon, 02/13/2023 - 16:00

Physical network security measures will be established by the Superintendent or their designee. Physical security measures will prevent access by unauthorized personnel to our Main Distribution Facilities (MDFs), Intermediate Distribution Facilities (IDFs), and other network locations.


Access to MDFs, IDFs, and other network locations will be controlled by the Millard Public Schools Technology Division. The storing of any non-network or non-technical equipment, without authorization by the Technology Division, is prohibited in these areas.


The use of MDFs, IDFs, and other network locations for any other school purpose is prohibited unless authorized by the Superintendent, Chief Financial Officer, Executive Director of Technology, or the District Technology Manager.

Date of Adoption
February 6, 2023

7310.8: Cyber Security Protection Measures: Virtual Private Network (VPN) Remote Access

7310.8: Cyber Security Protection Measures: Virtual Private Network (VPN) Remote Access jmcarson1 Mon, 02/13/2023 - 15:57

The Superintendent or their designee will define rules for connecting to the Millard Public School’s network and systems from outside our Wide Area Network (WAN) using VPN connections. They will also specify what remote authentication methods can be used and what other security measures are necessary for access.

Date of Adoption
February 6, 2023