Skip to content
Insight Login
Contact us
(732) 507-7346
Contact us
Cyber Risk Management
Cyber Awareness Education
Cyber Maturity Assessment
Vulnerability Assessment
Penetration Testing
Business Continuity & Disaster Recovery
Virtual Cybersecurity Advisor
Customers
K-12 Schools & Higher Ed
State Governments & Local Municipalities
Government Risk Pools & Joint Insurance Funds
Small & Medium Business
Channel Partners
Resources
Free Tools
Password Strength Checker
Sample Cyber Maturity Assessment
Blog
Daily Cybersecurity Briefing
Templates, Forms, & FAQ’s
Company
About
Contact
Menu
Cyber Risk Management
Cyber Awareness Education
Cyber Maturity Assessment
Vulnerability Assessment
Penetration Testing
Business Continuity & Disaster Recovery
Virtual Cybersecurity Advisor
Customers
K-12 Schools & Higher Ed
State Governments & Local Municipalities
Government Risk Pools & Joint Insurance Funds
Small & Medium Business
Channel Partners
Resources
Free Tools
Password Strength Checker
Sample Cyber Maturity Assessment
Blog
Daily Cybersecurity Briefing
Templates, Forms, & FAQ’s
Company
About
Contact
Request Demo
RESOURCES
Sample online cyber maturity assessment
Take our free Cyber Maturity Assessment and find out your organizations weakest security areas
1. Does the institution have a configuration management database or inventory of all your applications, clients, network equipment and servers?
The organization needs to maintain and update a list of of all applications, network equipments, and servers used and clients serviced either using a spreadsheet or a database.
Yes
No
Partial
2. Does the institution perform a vulnerability scan and remediate the identified issues regularly?
The institution needs to perform regular external vulnerability scan of their network. The scan should ideally be performed monthly and all critical issues need to be resolved quickly.
Yes
No
Partial
3. Does the institution have an automated process that manages onboarding and offboarding of district employees and teaching staff?
The institution needs to employ automated Human Capital Management systems (like Frontline HCMS) to manage onboarding and offboarding of all staff, substitute teachers, and contractors.
Yes
No
Partial
1. Does the institution maintains access logs to all systems in their network?
The institution needs to maintain a record of who logs into their network and when and should be able to furnish that record in case of incident analysis.
Yes
No
Partial
2. Does the institution encrypt the Student Information System database (like Genesis, Frontline, etc.) at rest, in transit during sessions, or both?
The institution needs to determine the security of the SIS system where their student record is stored to avoid data spillage in case of a breach. A recommended way is to encrypt the student record when created and using tools (like G-suite) to transmit the data, if and when needed encrypted.
Yes
No
Partial
3. Does the institution test and validate their data backups monthly?
The institution needs to test whether data backed up can be restored and also validate the restored data for accuracy at least once a month.
Yes
No
Partial
4. Does the institution prevent student and guests from accessing critical staff only systems like Payroll and Grade marking?
The institution must restrict using firewall and other security measures any attempts from student or guest accounts access all critical staff only systems (like Payroll, Grade marking, etc.).
Yes
No
Partial
5. Do routine audit requirements for the institution require periodic network and system security penetration testing by an external organization to test their defenses?
The institution should as part of their periodic audit requirements include network and system security vulnerability scanning and penetration testing by an external organization to test both their perimeter as well an internal defenses.
Yes
No
Partial
6. Does the institution employ tools (like Microsoft LAPS) to uniquely create and manage local administrative/root passwords for all devices?
The institution must employ tools to create and manage local adiminsitrative accounts and root passwords for all devices.
Yes
No
Partial
7. Does the institution protect access and changes to payroll deposits with MFA and/or using VPN or other security measures, including via an in-person control?
The institution must protect the payroll system access and changes using MFA, VPN, other security controls including in-person controls.
Yes
No
Partial
8. Does the institution require all staff to attend or be informed of Security Awareness Trainings for cyber-security principles, including but not limited to Phishing, Ransomware, and evolving cyber attacks?
The institution needs to mandate all staff to attend an annual cyber security awareness training where they can recognize and learn to avoid falling prey to phishing, spoofing, or ransomware attempts.
Yes
No
Partial
1. Does the institution prohibit their users from putting sensitive files on personal cloud accounts (like iCloud or Dropbox)?
The institution must not allow any sensitive or district related files to be stored in personal cloud accounts. They should monitor the movement of such files and restrict transfer to non authorized cloud storage using policy or by technology means.
Yes
No
Partial
2. Does the institution regularly review and investigate outbound/egress cyber alarms (like data loss prevention alarms, etc)?
The institution needs to filter and review SIEM logs and alerts for critical alarms regularly. They need to filter out the false positives and focus on the actual alarms related to data migrations from inside their network to outside.
Yes
No
Partial
3. Have the institution audited its users and groups for unexpected permission in the last 6 months?
The institution needs to perform periodic audit of unexpected privilege escalation for their staff and groups, peferably every quarter.
Yes
No
Partial
1. Does the institution or the district have an incident response plan that has been tested which covers cybersecurity incidents?
The institution must either have their own cybersecurity incident response plan or use the one developed by their district. This plan must be tested periodically for relevance and updates.
Yes
No
Partial
2. Does the institution or the district IT staff know who they must report cyber incidents to and under what timeframe?
The institution or the district IT staff must know the requirements for whom to report cyber incidents to and under specific timeframe based on the criticality of the incident.
Yes
No
Partial
3. Has the institution disaster recovery plan been updated within the past 6-months?
The institution must review and update to their disaster recovery plan ideally every 6-months or as circumstances demand (change in network topology, servers, staff).
Yes
No
Partial
1. Has the institution documented and tested the priority order/criticality and dependencies of IT systems they would need to restore in the event of a cyber incident?
The institution needs to define, document and test the prioritized ordered list of IT systems based on criticality that needs to be recovered in the event of a cyber incident.
Yes
No
Partial
2. Does the institution share lessons learned with other cybersecurity peer groups or with other institutions in district meetings?
The institution needs to share lessons learned from cyber incident detection, response, mitigation, and recovery with other peer groups and other district members. Shared knowledge is both positive and powerful.
Yes
No
Partial
Name
Email
Phone Number
Organization
SUBMIT
