What Is Considered OpSec in Cybersecurity?
Operational security is the process of identifying resources, analyzing threats and vulnerabilities, and assessing risks and countermeasures, says April Mardock, CISO and operations manager at Seattle Public Schools.
In other words, OpSec comprises the actions people take to make themselves — and their cyber landscape — more secure.
How Does OpSec Benefit K–12 Schools?
Many K–12 institutions are seriously examining and strengthening their cybersecurity posture for the first time in response to the growing volume of attacks against schools. Implementing OpSec helps schools improve their cybersecurity in many ways.
“You’ll decrease the possibility of disruptions in service for the school,” Jiggens says. “With everything from point of sale in the lunchroom and the school store to the student information systems that hold all the PII for the students in the staff, denial of that service can cause huge interruptions to the school district.”
In the digitally driven landscape of modern K–12 education, an outage can affect all parts of a school’s operations, not just teaching and learning. Transportation, food service, communications, and heating and cooling all rely on the district’s network infrastructure. Evaluating the district’s security posture, possible vulnerabilities and planned countermeasures can help IT administrators lower the district’s overall risk. This not only keeps school systems online, but also increases community and staff confidence in district leadership.
“A big focus in this region as well, right now, is getting compliance with insurance companies to get better rates and better coverage,” Jiggens says. “Insurance companies are requiring districts to achieve certain cybersecurity levels to get certain levels or tiers of insurance coverage. So, if you don’t have a lot of cybersecurity in place, you’re going to get lower payouts when you’re hit by ransomware.”