We bring a multi-disciplinary (technical/legal) approach to help schools implement, measure, and maintain a multi-disciplinary security architecture
Platform available through Nassau BOCES (CoSer 602.066/566)
With the adoption of Part 121 of New York State Ed Law Section 2-D, school districts are now required to meet a set of standards around school data security and privacy, including:
- Protection of personally identifiable information (PII)
- Publication of a school data security and privacy Parents’ Bill of Rights
- Adoption of a data security and privacy policy
- Application of the NIST Cybersecurity Framework
- Compliance with third-party contractor agreements for use of products and/or services
- Delivery of annual privacy and security awareness training to all employees
- Disclosure of a complaint process
- Following reporting and notification procedures in the event of unauthorized disclosure
- Appointment of a Data Protection Officer to oversee implementation of Ed Law 2-D requirements
These are all good things. Student data is a target, and Ed Law 2-D, Part 121 demands schools meet the above requirements by conducting an assessment and developing a gap analysis.
BUT…IS THE CHECKLIST ENOUGH?
We bring a multi-disciplinary (technical/legal) approach to help schools implement, measure, and maintain a multi-disciplinary security architecture
Platform available through Nassau BOCES (CoSer 602.066/566)
With the adoption of Part 121 of New York State Ed Law Section 2-D, school districts are now required to meet a set of standards around school data security and privacy, including:
- Protection of personally identifiable information (PII)
- Publication of a school data security and privacy Parents’ Bill of Rights
- Adoption of a data security and privacy policy
- Application of the NIST Cybersecurity Framework
- Compliance with third-party contractor agreements for use of products and/or services
- Delivery of annual privacy and security awareness training to all employees
- Disclosure of a complaint process
- Following reporting and notification procedures in the event of unauthorized disclosure
- Appointment of a Data Protection Officer to oversee implementation of Ed Law 2-D requirements
These are all good things. Student data is a target, and Ed Law 2-D, Part 121 demands schools meet the above requirements by conducting an assessment and developing a gap analysis.
BUT…IS THE CHECKLIST ENOUGH?
If the work being done is strictly administrative and designed to meet certain standards by certain dates, the answer is a resounding no.
Data security is a journey, not a destination. Education and training, the principle of least privilege, and individual responsibility must be an ongoing priority
Garnet River is already helping other districts meet and surpass the standards. We can help your district do the same—even if a private or out of state school.
At Garnet River, we help school school districts navigate this journey. Some need to comply with NYS Ed Law. Some are required to do so by insurance companies. Others simply value the data security of their students and staff and do not want to be on the wrong end of a breach. Regardless of your situation, we emphasize the basics, but we complement them with a strong information security program, technical tools, and sound policy…all while mapping progress and remediating issues along the way.
OFFERINGS
Cybersecurity Platform
- NIST Framework
- Assessment Scoring
- Gap Analysis
- Threat Feed
- Visual Reports
- Remediation Support
General Services
- Security Architecture
- CISOaaS
- Policies & Procedures
- Security Scanning
- Vulnerability Analysis
- MS-ISAC Set-up
- Tabletop Exercises
Products
- Yubico (MFA Devices)
- Software Catalog
- Albert Security Operations Center (SOC)
OUR PROCESS
Step 1: Measure
Step 2: Identify
Step 3: Document
Step 4: Act
