Dec 07 2020

5 Questions Your Cybersecurity Assessment Must Answer

A thorough outside assessment is a critical step in any security strategy. Here’s what every K–12 IT leader should learn from one.

1. Where Are Our Processes Not Working?

Good security is a marathon, not a sprint. The way to win the race is by implementing solid security controls with repeatable processes, and consistently maintaining them. Make sure the assessor isn’t focusing on finding that single server with an expired certificate. The assessor should look for places where you’re making repeated errors.

2. Are We Handling Identity and Access Management Correctly?

Patching, audits, event management — it’s all important. But a huge number of data breaches track back to poor IAM practices. Ask for a detailed look at your IAM procedures, tools and management. An independent assessment here targets your No. 1 vulnerability: people.


3. Where Is Our Architecture Obsolete?

Security is constantly changing. Most schools are outdated when it comes to application and network architectures. New approaches such as microsegmentation are old ideas but recently have become the standard in data center design. Find areas where the security ground has shifted, then reconsider and redesign if appropriate.

4. What Can We Do Ourselves After the Assessment?

A big chunk of the value of most assessments comes from the experienced person who inter-prets the output of some automated tools. That interpretation is what you’re paying for, so make sure there’s a knowledge transfer from the assessor to your team to ensure that you un-derstand how to keep yourself safe between regular assessments, which you should continue to get.

5. Is This the Forest or the Trees?

Any assessment has to poke deep into the details — so, yes, that security vulnerability in your maintenance scheduling application is important. But much more valuable is knowing the big picture: Where are you doing a good job, and where do you need to improve your security posture and practices? Listen carefully to what the assessor has to say here.

MORE ON EDTECH: How to protect school systems from ransomware attacks.

Shutter2U/ Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT