Data Security Checklist

00:00

welcome back to student data privacy fundamentals.

00:04

This lesson is the data security checklist.

00:08

In this video, you will learn the purpose of a data security checklist.

00:12

What types of threats to look for, how to analyze existing vulnerabilities and how to evaluate information assets in your organization.

00:23

Ah, thorough risk analysis of all data network systems, policies and procedures shall be conducted on an annual basis or, as requested by the superintendent, I so or designee

00:36

the data. Certain security checklist examines the types of threats that may affect the ability to manage and protect the information resource

00:45

documents any existing vulnerabilities found within each entity, which could potentially exposed the information resource to threats and evaluates the information assets and the technology associated with its collection, storage, dissemination and protection

01:03

from the combination of threats, vulnerabilities and asset values. An estimate of the risks to the confidentiality, integrity and availability of the information is determined.

01:12

The product of the risk analysis will be referred to as the risk assessment,

01:19

the risk assessment or are a shall be used to develop a plan to mitigate, identify threats and risk to an acceptable level by reducing the extent of vulnerabilities

01:32

quiz time in your own words, summarize what type of information is in the risk assessment

01:38

and what the R A is used for.

01:49

So hopefully you answered something to the effect of combining threats, vulnerabilities, asset values, toe estimate, the risks to confidentiality integrity, etcetera.

02:00

And then the product of the risk analysis is the risk assessment. So analyzing all of those risks becomes the risk assessment, and the point of that is to develop a plan to mitigate those risks and reduce the extent of vulnerabilities.

02:21

So now the data security checklist for district and provider hosted systems. This is a specific section within your data security check list. You'll want to inventory and classify all of the data on your system,

02:36

so types of potential threats would be internal, external, natural man made Elektronik and non Elektronik.

02:44

So take a second to think about those different types of threats. So a potential threat, an internal threat that could be something like a user not protecting their password or a user

03:00

accessing information that they were not authorized to access

03:05

an external threat is probably the most dangerous where you could have someone who is malicious and trying to hack your data. A natural threat could be something like a flood or fire or tornado.

03:21

And so go through the rest of those and try to kind of come up with examples that you can then addressed specifically in your policy

03:30

and then, lastly, physical security of the system so that would Onley pertain to district hosted

03:38

data security.

03:43

Next, we have the location within network, including network systems protection. So that would be your firewall, your content filter and in your policy, want to specifically state what

03:54

you're what you use for yours. So, for example, for Danette would be a brand that is a

04:03

fireballing content filter. Ah, and if your system is externally facing or only allows for district network access so again, that's a district hosted on Lee.

04:14

Then you'll want to talk about your contract terms of service and privacy policy, making sure their current meeting, district data, security requirements and legal requirements. So again, for that one that would also on Lee be provider host.

04:31

Next, you'll want to address that the provider has accurate, accurate data security measures, including data management and incident response Again provider hosted only

04:42

ability to ensure proper access controls, including password security. So, um, those air again, your specific requirements for passwords and password security in your district and making sure those are enforced.

04:57

And the authentication methods eso that is different than password requirements. So authentication methods like using active directory single sign on any district manage accounts that you might have. So if you use Google dry, for example, and then user managed accounts

05:18

next, you'll want to address the server system security patch frequency. So how often you are going to look for the need for patches and apply patches

05:29

ability to access from mobile devices? Eso Sometimes we need to access different things for mobile devices. But but how are you going to address that for from the security sampling

05:41

ability to maintain critical system event logs that would be district hosted on Lee

05:46

and then ability to receive notification for critical system events, including system compromises or a security breach?

05:56

So in today's video, we discussed the purpose of a data security checklist what types of threats to look for, how to analyze existing vulnerabilities and how to evaluate the information assets in your organization, and we talked about some specific examples and some different things that you should kind of

06:14

take and specify for your specific organization.