Category Archives: Safety & Security

Scott McLeod: Legal and Ethical Issues

Posted on by

Here’s Part II of my recent conversation with Professor Scott McLeod from the University of Minnesota. I had quite a bit of feedback on Part I of our conversation on data-drive decision making so I hope you will enjoy this talk about legal and ethical issues facing educational technology leaders. I won’t repeat all of the background information about Scott in this post, but it’s important to emphasize that he is a lawyer in addition to a professor of educational policy. So while you shouldn’t take anything you hear as official legal advice, you can be sure that Scott knows what he’s talking about.

Of all the interesting things that Scott shares, the most useful for me is the notion that we don’t need to put ourselves in the endless cycle of inventing new policies, rules, and regulations to deal with every new piece of technology that our students bring to school. If fact, it’s just the opposite. I think schools are in a much stronger position when they apply the old, tried and true policies. Kids already know that they shouldn’t bully, disrupt class, interfere with their colleagues’ learning, etc. Camera phones, MP3 players, Web sites, and all of the other technologies that can cause trouble occasionally are just the latest verse to a really old tune.

The more we set technology apart from the rest of school life by making all sorts of special rules about it, the more marginalized technology becomes with respect to the curriculum and the more likely it is that students will view the rules as yet another reason that school is irrelevant. Does your high school ban iPods or other MP3 players from the hallways during passing time? I know of some that do. Have you walked down the sidewalk of a major metropolitan area lately? Those aren’t cotton balls in everyone’s ears.

Download: STP-ScottMcLeod-2 (20.5 MB, 44:48)

Technorati Tags: | |

Social engineering still works

Posted on by

Bruce Schneier blogged today about a recent CNN story describing how Treasury Department inspectors posing as computer technicians were able to convince 35 out of 100 IRS employees to divulge their network login and password. This is yet another data point that points to employees as the primary weak link in most company or school security systems.

Even though divulging passwords in expressly prohibited by IRS rules, some of the employees who gave up the goods did so because they wanted to be as helpful as possible to the IT staff. If you are currently considering the purchase of some new high-tech security system, put down the checkbook until you’ve done some serious training with your employees.

Cyber Security help from CoSN

Posted on by

I am participating in (and blogging during) an online presentation from Steve Miller and Chris Seiberling who are describing a project from CoSN called “Cyber Security For The Digital District.” The Web site has some really interesting resources for technology leaders who are trying to move their organizations forward with respect security issues. Of particular interest to me is their Cyber Security Checklist which attempts to provide a basic analysis of your school district’s security situation and the Security Planning Grid which is a rubric that can be used for a self-assessment.

The presenters have found, not surprisingly, that most school districts are not adequately prepared for security problems. They emphasize the importance of comprehensive security planning and annual testing of that plan in simulated crises. This is great information and a handy site if you need help getting your superintendent’s attention about security concerns. Frankly, I’m surprised there aren’t more security problems at schools. It is so easy to access key systems and data through social engineering and other low-tech methods. I’ve said it before, and it bears repeating, that security is as much a personnel problem as it is a technical one. Kevin Mitnick had pretty much the same message in a recent presentation.

Update: I should mention that this online presentation was sponsored by the School Technology Leadership Initiative. Good stuff.

A simple security breach

Posted on by

The Houston Chronicle is reporting on a recent security breach at Clements High involving a keystroke logger and an enterprising young student hoping to sell final exam answers. The incident is not very shocking. What surprises me is the inadequate attention paid to security issues like this one. Easy access to cheap devices like the one used in this incident and the lack of physical security in most teachers’ offices and computer labs make this kind of attack ridiculously easy to perpetrate. There’s no easy answer either, but training school staff on security basics, locking doors, and better supervision in lab environments will go a long way. Remember folks, security is a process, not a product.