Comprehensive Defensive Audit: Cyber Attacks in School Systems
VerifiedAdded on 2024/05/31
|14
|3361
|261
Report
AI Summary
This report presents a defensive audit focused on cybersecurity vulnerabilities within school systems, highlighting the increasing threats and risks associated with technology adoption in schools. It identifies key vulnerabilities, including risks related to compromised information, financial fraud, and standardized test administration. The report details the slow adoption of cybersecurity practices and negligence in considering cyber threats as primary factors contributing to these vulnerabilities. Furthermore, it proposes several remedies to safeguard school systems, such as implementing a data risk management regime, ensuring protected configurations for hardware and software, enhancing network security through firewalls and website filtering, managing student and teacher privileges, and promoting cybersecurity education and awareness among students and staff. This comprehensive analysis aims to provide actionable insights for schools to strengthen their cybersecurity defenses and protect sensitive information.
Defensive Audit
1
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Cyber Attacks in schools system..................................................................................................3
Vulnerabilities................................................................................................................................6
Remedies to safeguard from the above........................................................................................9
References.....................................................................................................................................14
2
Cyber Attacks in schools system..................................................................................................3
Vulnerabilities................................................................................................................................6
Remedies to safeguard from the above........................................................................................9
References.....................................................................................................................................14
2
Cyber Attacks in the schools system
The adoption of the technology has eased many processes but has also lead to many threats
associated with it. The hurry of installation of technology but not appropriate measures regarding
the safeguard of data and other attacks have also made the schools vulnerable to the cyber-
attacks and risks. It could be seen that there have been many cyber-attacks and even the schools
have not been left by them. There has been the adoption of the technology in mostly all the
public schools but the management of the risk involved has not been assessed by the school
which has resulted in the vulnerability (Herold, 2017). One of the risks that have emerged due to
the same is the risk of the students. The security of the student lies with the technology that has
been implemented by the school which can be breached by the hackers. There have been a
subsequent increase in the cyber-attacks which has led to increasing in the cost and time as well.
There are various incidents in which the sensitive information of the students, as well as the
teachers, have been compromised. There have been scams through the various E-Mails resulting
in the fraudulent tax returns (Herold, 2017). The risk and threat have increased with the times
which need to be identified by the schools.
There are various reasons which have resulted in the exposure to the risk which are:-
There is slow adoption of the cybersecurity practices
3
The adoption of the technology has eased many processes but has also lead to many threats
associated with it. The hurry of installation of technology but not appropriate measures regarding
the safeguard of data and other attacks have also made the schools vulnerable to the cyber-
attacks and risks. It could be seen that there have been many cyber-attacks and even the schools
have not been left by them. There has been the adoption of the technology in mostly all the
public schools but the management of the risk involved has not been assessed by the school
which has resulted in the vulnerability (Herold, 2017). One of the risks that have emerged due to
the same is the risk of the students. The security of the student lies with the technology that has
been implemented by the school which can be breached by the hackers. There have been a
subsequent increase in the cyber-attacks which has led to increasing in the cost and time as well.
There are various incidents in which the sensitive information of the students, as well as the
teachers, have been compromised. There have been scams through the various E-Mails resulting
in the fraudulent tax returns (Herold, 2017). The risk and threat have increased with the times
which need to be identified by the schools.
There are various reasons which have resulted in the exposure to the risk which are:-
There is slow adoption of the cybersecurity practices
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
(Figure – Response to the cybersecurity practices)
(Source – Herold, 2017)
Negligence regarding considering it as a threat
4
(Source – Herold, 2017)
Negligence regarding considering it as a threat
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
(Figure – Negligence regarding considering it as a threat)
(Source - Herold, 2017)
It was determined that there have been chances of stealing the information related to the payroll
and other data in order to steal the money. There are ways through which they steal the data or
locking them up so that there can be ransom taken to unlock it.
5
(Source - Herold, 2017)
It was determined that there have been chances of stealing the information related to the payroll
and other data in order to steal the money. There are ways through which they steal the data or
locking them up so that there can be ransom taken to unlock it.
5
There are various vulnerabilities with the cyber-attack at the school being as follows:-
Vulnerabilities
A. Risk regarding information accessed or compromised
The risk of information leak has become a very big threat to the schools of personal students and
teachers as well as the sensitive information regarding the school. There are chances of stolen of
information as well along with the revealing of the same. The loss of sensitive information can
affect the educational institution in the monetary term as well as in terms of security. The
negligence regarding the importance of safeguard against these threats has resulted in the
disclosure of over 11 Million records from 2005 to 2013 in the 695 breach (Alao, 2013). The
information if compromised can be a risk to the employees as there have been cases where there
was the wrong filing of the return on behalf of employees. Columbia Falls, Mont. School has
also been attacked where there was stolen of sensitive information of around 2100 students
which used the same server as other (Herold, 2017). There was even case of threating after the
stealing of the information by sending messages to do violence against their children by Dark
overlord hackers. There was the demand for heavy ransom from the parents in the lieu of
safeguarding the children. The hacking was such that they were even able to describe the official
which was standing outside the school for the security purpose and exact situation by hacking
internet-connected security camera systems.
6
Vulnerabilities
A. Risk regarding information accessed or compromised
The risk of information leak has become a very big threat to the schools of personal students and
teachers as well as the sensitive information regarding the school. There are chances of stolen of
information as well along with the revealing of the same. The loss of sensitive information can
affect the educational institution in the monetary term as well as in terms of security. The
negligence regarding the importance of safeguard against these threats has resulted in the
disclosure of over 11 Million records from 2005 to 2013 in the 695 breach (Alao, 2013). The
information if compromised can be a risk to the employees as there have been cases where there
was the wrong filing of the return on behalf of employees. Columbia Falls, Mont. School has
also been attacked where there was stolen of sensitive information of around 2100 students
which used the same server as other (Herold, 2017). There was even case of threating after the
stealing of the information by sending messages to do violence against their children by Dark
overlord hackers. There was the demand for heavy ransom from the parents in the lieu of
safeguarding the children. The hacking was such that they were even able to describe the official
which was standing outside the school for the security purpose and exact situation by hacking
internet-connected security camera systems.
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
B. Fraud during financial statements
The management of the finance is also vulnerable to the cyber-attacks which are based on the
network. There are chances of a regular threat to the financial statements or the transactions that
are being carried out by the schools online. There are various functions that are being carried out
on the network by the company such as management of the cash and securities. There was a high
generation of revenue from the public elementary schools more than the cash flow of Apple. The
management of the cash and securities on the network which is prone to hacker risk. The
transaction related to the salary as well as the pensions of the employees were being paid by the
company through the network. Once there was theft of around $2.8Million from Duanesburg
Central School hackers electronically. The large budgets of school are the targets of the hacker.
The financial statements loss not only affects the trust of the community but also lead to
incurring heavy losses to the organization. The vulnerability has also been increased due to the
technology outdated of the school system. The bug in the system as affected the organization in
the non-monetary business. The losses have been very much with the increase in the theft and
stolen cases through hacking.
7
The management of the finance is also vulnerable to the cyber-attacks which are based on the
network. There are chances of a regular threat to the financial statements or the transactions that
are being carried out by the schools online. There are various functions that are being carried out
on the network by the company such as management of the cash and securities. There was a high
generation of revenue from the public elementary schools more than the cash flow of Apple. The
management of the cash and securities on the network which is prone to hacker risk. The
transaction related to the salary as well as the pensions of the employees were being paid by the
company through the network. Once there was theft of around $2.8Million from Duanesburg
Central School hackers electronically. The large budgets of school are the targets of the hacker.
The financial statements loss not only affects the trust of the community but also lead to
incurring heavy losses to the organization. The vulnerability has also been increased due to the
technology outdated of the school system. The bug in the system as affected the organization in
the non-monetary business. The losses have been very much with the increase in the theft and
stolen cases through hacking.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
C. The risk for standardized Administration of Test
There is a various test conducted to determine the performance of the students such as the
standardized Administration test. These tests are being conducted online called as Smarter
Balanced Assessment Consortium and Partnership. The ability and the aptitude of the students
can be determined with the help of this test. Since the process is online there is a risk of hacking
also (Herold, 2017). The hackers have not even left the test also there have been hacking to stop
the test also. There have been instances such as Swedesbro-Woolwich School where due to
hacking the elementary school test was prevented by the attack and ransomware attack. The
attacks are not only confined to the Elementary school test but also to test such as Florida
Standardised Assessments. These attacks not only affect the school efficiency by wasting time
but also result in involvement of extra cost to the schools.
8
There is a various test conducted to determine the performance of the students such as the
standardized Administration test. These tests are being conducted online called as Smarter
Balanced Assessment Consortium and Partnership. The ability and the aptitude of the students
can be determined with the help of this test. Since the process is online there is a risk of hacking
also (Herold, 2017). The hackers have not even left the test also there have been hacking to stop
the test also. There have been instances such as Swedesbro-Woolwich School where due to
hacking the elementary school test was prevented by the attack and ransomware attack. The
attacks are not only confined to the Elementary school test but also to test such as Florida
Standardised Assessments. These attacks not only affect the school efficiency by wasting time
but also result in involvement of extra cost to the schools.
8
Remedies to safeguard from the above
i) Data risk management regime
The risk management is very much important for the school to stop the threats. The threats can
be stopped with the management of the usage that is being done, response with respect to the
incident as well as risk management. There must be promotion of the Adequate Usage Policy
between the students, parents and other people of the school. The risk management will not only
helps in safeguarding from any risk involved but also in making non-vulnerable to attacks if
anything happened. The important of the usage of the data is there to have an effective analysis
of any threat if there (Ion, 2017). The upgrade of system is not only sufficient for the safeguard
but also regular check along with the responses is equally important for the benefit of the
schools. The data risk management is an overall check of the usage as well as any changes if any
are being determined. The regular analysis lead to better understanding of any threat if are being
carried regarding the data. This will help in safeguarding of the personal information that are
being stored in network of the students, teachers etc. through regular usage strategy and proper
response in case an unfavourable situation.
ii) Protected configuration
There must be effective management of the hardware and software that are being installed as per
the appropriate guidelines of the protected configuration along with the management of the IT-
related Inventory. The implementation is an important process as the strategy cannot result in
same. The implementation of the project must be effective and efficient along with the changes if
any are required so that there can be utmost security with respect to protected configuration. The
system must be upgraded timely as and when they are required at various circumstances so that
any attempt of the cyber-crime can be detected and taken care off (Ion, 2017). The advancement
in technologies has been rapid making it important that the changes in the software and hardware
are latest and current versions. The fixing of bugs is important with the time therefore making
the system updated regularly as per current technology. There must be proper configuration in
the devices and hardware that are being used by the schools and also in the systems which are
being used by the teachers or students so that not even accidentally they are prone to the risk of
9
i) Data risk management regime
The risk management is very much important for the school to stop the threats. The threats can
be stopped with the management of the usage that is being done, response with respect to the
incident as well as risk management. There must be promotion of the Adequate Usage Policy
between the students, parents and other people of the school. The risk management will not only
helps in safeguarding from any risk involved but also in making non-vulnerable to attacks if
anything happened. The important of the usage of the data is there to have an effective analysis
of any threat if there (Ion, 2017). The upgrade of system is not only sufficient for the safeguard
but also regular check along with the responses is equally important for the benefit of the
schools. The data risk management is an overall check of the usage as well as any changes if any
are being determined. The regular analysis lead to better understanding of any threat if are being
carried regarding the data. This will help in safeguarding of the personal information that are
being stored in network of the students, teachers etc. through regular usage strategy and proper
response in case an unfavourable situation.
ii) Protected configuration
There must be effective management of the hardware and software that are being installed as per
the appropriate guidelines of the protected configuration along with the management of the IT-
related Inventory. The implementation is an important process as the strategy cannot result in
same. The implementation of the project must be effective and efficient along with the changes if
any are required so that there can be utmost security with respect to protected configuration. The
system must be upgraded timely as and when they are required at various circumstances so that
any attempt of the cyber-crime can be detected and taken care off (Ion, 2017). The advancement
in technologies has been rapid making it important that the changes in the software and hardware
are latest and current versions. The fixing of bugs is important with the time therefore making
the system updated regularly as per current technology. There must be proper configuration in
the devices and hardware that are being used by the schools and also in the systems which are
being used by the teachers or students so that not even accidentally they are prone to the risk of
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
breach. The hardware and software must be looked or configured in a way that there are no
chances of redirecting to any services resulting in the breach of security.
iii) Security of Network
The security can be done with the help of installing of firewalls in the system and hardware. The
breach of security is being done if any malicious sides are visited therefore making it important
for the schools and to have check over the websites that are being visited by the students,
teachers etc. The websites that are being visited must be filtered so that there are no chances of
any breach of security through it. The installation of software such as the antivirus in the system
and hardware can restrict the user to visit any malicious material that can harm the security of the
schools (Ion, 2017). The Firewall will act as a guard for the people while using the internet
services. There must be strong passwords in case of Wireless networks and must be regularly
changed so that there is no breaking and any person who is not allowed to use the network are
not able to open it through unsanctioned devices or any other way. There must be awareness
about the usage of the data on the systems but it is important that there is regular surveillance of
the data that is being surfed and activities that are being carried out by the person using the
services.
iv) Management of privileges of students and teachers
There must be monitoring of the systems that are being used by the students on regular basis
along with the privileges to use the same. The system privileges are useful so that there can be
effective use of the services as well as the risk involved of breach is minimised that can happen
accidentally or deliberately. The management of the privileges is important so that there are no
websites visits that can harm the system of the schools. There must be management passwords
and PIN’s with effective and efficient policies which are strong and hard to break with regular
change in them (Ion, 2017). The accounts are prepared as per the requirement but once they are
of no use they must be delayed or suspended with the immediate effect so that there can be no
misappropriate use of those accounts. There must be any manual system or robotic system to
delete or manage these accounts that are being prepared so that they are not mishandled by any
10
chances of redirecting to any services resulting in the breach of security.
iii) Security of Network
The security can be done with the help of installing of firewalls in the system and hardware. The
breach of security is being done if any malicious sides are visited therefore making it important
for the schools and to have check over the websites that are being visited by the students,
teachers etc. The websites that are being visited must be filtered so that there are no chances of
any breach of security through it. The installation of software such as the antivirus in the system
and hardware can restrict the user to visit any malicious material that can harm the security of the
schools (Ion, 2017). The Firewall will act as a guard for the people while using the internet
services. There must be strong passwords in case of Wireless networks and must be regularly
changed so that there is no breaking and any person who is not allowed to use the network are
not able to open it through unsanctioned devices or any other way. There must be awareness
about the usage of the data on the systems but it is important that there is regular surveillance of
the data that is being surfed and activities that are being carried out by the person using the
services.
iv) Management of privileges of students and teachers
There must be monitoring of the systems that are being used by the students on regular basis
along with the privileges to use the same. The system privileges are useful so that there can be
effective use of the services as well as the risk involved of breach is minimised that can happen
accidentally or deliberately. The management of the privileges is important so that there are no
websites visits that can harm the system of the schools. There must be management passwords
and PIN’s with effective and efficient policies which are strong and hard to break with regular
change in them (Ion, 2017). The accounts are prepared as per the requirement but once they are
of no use they must be delayed or suspended with the immediate effect so that there can be no
misappropriate use of those accounts. There must be any manual system or robotic system to
delete or manage these accounts that are being prepared so that they are not mishandled by any
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
unauthorised persons. There must be effective use of the software and hardware to manage these
accounts that are no longer required with regular changes in them to be updated and as per the
current scenarios.
v) Education and awareness of students and staff
The malware or theft issues are only possible if the students and staff are aware about the same
or else there are chances of any theft. They must be provided with adequate knowledge and their
responsibility in order to safeguard in case of any security breach. There must be preparation of
policy depending upon the usage of students and teachers and proper training must be provided
in order to guide them of the malicious acts. These policies must be regularly updated and
changed as per the changes in the environment (Ion, 2017). There must be effective security
done at the time of providing of network other than the school such as in remote place so that
there is no chance of breach along with defining of the data that is being used by the person.
Since the most of the usage is being done by the students and teachers it is important that they
are made aware about these acts. They must be made understood the effect that these attacks
have any reason to have a proper access and filtering of the traffic. In case there is some
inappropriate act conducted by any teachers or students they must also be strictly handled and
penalties must be imposed on the person responsible for the same. The system must be
maintained that the students and teachers are not involving in any traffic which is not suitable by
understanding it as a responsibility instead of doing it due to fear of penalties.
vi) Management of Incidents
There must be an effective and efficient IT System in the schools to tackle if there are any
incidents. There must be proper strategy, plans and procedure to determine the cyber-attack and
bust it. The handling of the issues can be possible with classifying, monitoring and reporting of
any incidents of occur. The IT department must focus on minimising the risk that is involved in
the incidents and if any effect has been correct it and bring back to normal (Ion, 2017). There
must be analysis of the breaches in case of any incidents occur and the reason for the same or
identification of the bugs must be done by the IT Staff so that it does not occur again. The reason
11
accounts that are no longer required with regular changes in them to be updated and as per the
current scenarios.
v) Education and awareness of students and staff
The malware or theft issues are only possible if the students and staff are aware about the same
or else there are chances of any theft. They must be provided with adequate knowledge and their
responsibility in order to safeguard in case of any security breach. There must be preparation of
policy depending upon the usage of students and teachers and proper training must be provided
in order to guide them of the malicious acts. These policies must be regularly updated and
changed as per the changes in the environment (Ion, 2017). There must be effective security
done at the time of providing of network other than the school such as in remote place so that
there is no chance of breach along with defining of the data that is being used by the person.
Since the most of the usage is being done by the students and teachers it is important that they
are made aware about these acts. They must be made understood the effect that these attacks
have any reason to have a proper access and filtering of the traffic. In case there is some
inappropriate act conducted by any teachers or students they must also be strictly handled and
penalties must be imposed on the person responsible for the same. The system must be
maintained that the students and teachers are not involving in any traffic which is not suitable by
understanding it as a responsibility instead of doing it due to fear of penalties.
vi) Management of Incidents
There must be an effective and efficient IT System in the schools to tackle if there are any
incidents. There must be proper strategy, plans and procedure to determine the cyber-attack and
bust it. The handling of the issues can be possible with classifying, monitoring and reporting of
any incidents of occur. The IT department must focus on minimising the risk that is involved in
the incidents and if any effect has been correct it and bring back to normal (Ion, 2017). There
must be analysis of the breaches in case of any incidents occur and the reason for the same or
identification of the bugs must be done by the IT Staff so that it does not occur again. The reason
11
for the attack must be carefully studied and steps must be overcome them. There are various
reason that can be reason for the cyber-attacks such as outdated system, no availability of any
firewall etc. The changes must be made effectively and efficiently as per the requirement of the
schools. The students and teachers must be made aware about the responsibility along with the
changes in the user policy and usage policy. The training can be provided to the students and
teachers through the classes and seminars to make them aware about the same.
vii) Prevention from Malware
Malware can be defined as the software that are designed so that there can be made damage to
the systems and information is being stolen or any other damage is being done. It is important to
stop these malware so that there can prevention from any theft of the sensitive data or locking up
of the same. The prevention of the malware is also important so that there is smooth working and
time is being saved (Ion, 2017). There are instances where there is also demand for the
ransomware for non-releasing of the data in public therefore making it important to stop these
malware. There must be installation of software that can prevent these malware to come in the
system and affects the same. The establishment of the tools so that there can be filtering while
using of the network. It is important to check the links or websites through which there are
chances of such malware and must be blocked.
viii) Appropriate Monitoring
The monitoring plays an important role in the prevention of any malware or the cyber-attacks.
There must be checking of all the data that is being carried out by the students and children. The
monitoring of the activities will help in analysing of any inappropriate activities if being carried
out by students and teachers and take immediate steps in case of any incidents and also
safeguarding the data. There must be chart of event log so that there can be identification of any
unauthorised access of the network or system (Ion, 2017). There must be setting up of alarms and
alerts in order to determine if an attack has been done and to respond it in an appropriate way.
There must be management of the data and information in such a way that they are being stored
in an appropriate way because of the high collection of the data by the systems. The monitoring
must be such that they are also able to detect any malicious or illegal activity that is being carried
12
reason that can be reason for the cyber-attacks such as outdated system, no availability of any
firewall etc. The changes must be made effectively and efficiently as per the requirement of the
schools. The students and teachers must be made aware about the responsibility along with the
changes in the user policy and usage policy. The training can be provided to the students and
teachers through the classes and seminars to make them aware about the same.
vii) Prevention from Malware
Malware can be defined as the software that are designed so that there can be made damage to
the systems and information is being stolen or any other damage is being done. It is important to
stop these malware so that there can prevention from any theft of the sensitive data or locking up
of the same. The prevention of the malware is also important so that there is smooth working and
time is being saved (Ion, 2017). There are instances where there is also demand for the
ransomware for non-releasing of the data in public therefore making it important to stop these
malware. There must be installation of software that can prevent these malware to come in the
system and affects the same. The establishment of the tools so that there can be filtering while
using of the network. It is important to check the links or websites through which there are
chances of such malware and must be blocked.
viii) Appropriate Monitoring
The monitoring plays an important role in the prevention of any malware or the cyber-attacks.
There must be checking of all the data that is being carried out by the students and children. The
monitoring of the activities will help in analysing of any inappropriate activities if being carried
out by students and teachers and take immediate steps in case of any incidents and also
safeguarding the data. There must be chart of event log so that there can be identification of any
unauthorised access of the network or system (Ion, 2017). There must be setting up of alarms and
alerts in order to determine if an attack has been done and to respond it in an appropriate way.
There must be management of the data and information in such a way that they are being stored
in an appropriate way because of the high collection of the data by the systems. The monitoring
must be such that they are also able to detect any malicious or illegal activity that is being carried
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 14
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.