Cyber Security Rubric and Planning Template
The District Security Rubric and Planning Grid helps set the agenda for developing a comprehensive technology security plan by clarifying the status of complex web of factors that support-- or undermine-- security, and also gives a good idea of what are the realistic next steps that you might want to take to improve your overall situation.
The District Security Rubric and Planning Grid is conceptually based on the CEO Forum’s School Technology and Readiness (STaR) Chart and contributes to the school district's goal of cyber security. By comparing the examples given for “basic”, “developing”, “adequate”, and “advanced”, the evaluator can quickly acquire a sense of how well a school district has prepared itself for potential threats to its information systems, data, people, and educational objectives. After assessing your security preparedness status, you can move on to planning security remediation with the security planning protocol.
The following tools are available for CoSN Members only.
Security Planning Template
Both the Security Rubric and Planning Template are based upon the four areas described below including Management, Technology, Business Continuity and End Users.
Security Preparedness Status
||Leadership: little participation in IT security
||Leadership: aware but little support provided
||Leadership: supports and funds security
||Leadership: aligns security with organizational mission
||Network design and IT operations: broadly vulnerable
||Network design and IT operations: security implementation incomplete
||Network design and IT operations: mostly secure
||Network design and IT operations: seamless security
||Business Continuity Plan is does not exist
||Business Continuity plan exists but does not include technology details
||Business Continuity Plan exists and is updated annually
||Business Continuity Plan exists, is detailed and is communicated with all staff
||End Users: unaware of role in security
||End Users: limited awareness and training
||End Users: improved awareness, mostly trained
||End Users: proactive participants in security