Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

K-12 improving cybersecurity, lags behind other sectors

Reprints
K-12 education cyber

The K-12 education sector is improving its cybersecurity capabilities over time, but it lags behind other sectors in terms of cybersecurity program maturity, says a study issued Monday.

K-12 organizations have limited internal resources for confronting sophisticated threats, with nearly a fifth of K-12 schools committing less than 1% of their information technology budget on cybersecurity, says the study by the Greenbush, New York-based Center for Internet Security, a nonprofit that focuses on critical infrastructure cybersecurity in the United States, and the Multistate Information Sharing & Analysis Center. 

The center is funded by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and a CIS division.

The report says the sector’s top security concerns are a lack of sufficient funding, the increasing sophistication of threats, a lack of documented processes and of a cybersecurity strategy, and the inadequate availability of cybersecurity professionals.

The study says areas where K-12 schools are generally performing well are in identity management and access control; awareness and training; and in their business environment, in terms of how their missions, objectives, stakeholders and activities are understood and prioritized.

The study says areas where K-12 schools are generally performing poorly, based on the Gaithersburg, Maryland-based National Institute of Standards and Technology’s cybersecurity framework, are in protective technologies, supply chain risk management and data security.

Among recommended actions are encrypting data on removable media, establishing and maintaining a data recovery process, and conducting threat modeling, the report says.