Change display time — Currently: Mountain Daylight Time (MDT) (Event time)

The New Heightened Cybersecurity Leadership Imperative: A National Standard Demands Greater Governance

,
Colorado Convention Center, 607

Listen and learn: Panel
Recorded Session
Save to My Favorites

Presenters

Photo
Rich Boettner
Chief Technology Officer
Hilliard City Schools
@boettnerri
Rich has been the Chief Technology Officer for Hilliard City Schools since 2010, previously serving 10 years as Instructional Technology Coordinator and 10 years as a teacher in music, technology, and gifted education. He led a One2One rollout for 16,500 students and received the WOSU Distinguished District Award for technology integration in 2019. Recognized as Innovator of the Month by the Technological Horizons in Education Journal, Rich has presented at numerous national conferences and helped develop Ohio's Blended Learning Standards. He holds a bachelor’s degree in K-12 music education from Ohio State and a master’s in educational administration from Ashland University.
Photo
Robert Dickson
Chief Information Officer
Wichita Public Schools
@showmerob
@showmerob
I'm the CIO of Wichita Public Schools, Kansas's largest district, leading Information Systems and Technology for 50,000 students in 94 schools. I won the 2021 Orbie KC CIO of the Year award and founded Education Imagine Academy, a 2021-22 Microsoft Showcase School. I also launched an esports program with Wichita State University and a Digital Literacy and Citizenship initiative. I'm among the 2024 District Administration’s Top 100 Influencers in Education. I aim to empower students with 21st-century skills.
Photo
Dr. Stacy Hawthorne
Executive Director
EdTech Leaders Alliance
@StacyHaw
Learn21’s Chief Academic Officer, Dr. Stacy Hawthorne, has over a decade of experience designing, implementing, and supporting digital learning. In recognition of her work in the field she was recognized by CoSN with an Impact 30 Award in 2023. She has experience as a teacher, online school director, district technology leader, and on the industry side of education. Stacy serves as an ISTE Community Leader and on CoSN’s Driving K-12 Innovation Advisory Board.
Photo
Frankie Jackson
Cybersecurity Coalition for Education
K-12 Independent CTO, Project Director
@Frankie Jackson
Frankie Jackson is a nationally recognized CTO in K-12, leading education technology initiatives for 25+ years at the state and national levels, working in large districts with students between 25K-116K. She is a senior Cybersecurity Coalition for Education advisor and a certified course instructor for CoSN and the American School Business Officials. Serving as an independent, trusted technology thought partner working at the state and national levels, she authors CTO instructional content, offers aspiring CTOs mentorship, and is an international subject matter expert in EdTech leadership. More information is here: https://www.frankiejackson.net/curriculum-vitae.html
Photo
Sean Whelan
Director of Technology
Garfield Heights City SD
@SeanWhelanTech
Sean Whelan is currently the Director of Technology at Garfield Heights City Schools. He is a 25-year educator and has attained the CoSN Certified Educational Technology Leader (CETL) Certification. In 1998, Sean started his career as a third-grade teacher at West Geauga Local Schools holding multiple technology supplementals. He spent a year as a Technology Integration Specialist before moving into the position of Director of Technology in 2014. For 4 years, he held the position of Director of Technology and Operations, overseeing technology, facilities, transportation and food service before leaving the district for expanded opportunities at Garfield Heights.

Session description

Cybersecurity is EdTech leader's #1 priority. We must address this challenge and provide a path for improvement at the highest levels of leadership. The new NIST cybersecurity governance functional domain, released in 2024, interlaces cybersecurity, focusing on the people, processes, technology, and planning needed to increase leadership, oversight, and expectations.

Purpose & objective

The purpose of this presentation, with a designated moderator facilitating a discussion with the nation’s foremost experts in cybersecurity measurement and improvement, is to demonstrate successful methods of cybersecurity improvement. We must address the cybersecurity challenges and provide a path for improvement at the highest levels of leadership. Panelists will present their cybersecurity improvement approaches, showing evidence of success by focusing on the people, processes, technology, and planning needed to increase leadership, oversight, and expectations.

More [+]

Outline

The outline of the presentation will focus on content and activities centered around setting up cybersecurity governance to establish and monitor the organization’s cybersecurity risk management strategy, expectations, and policy.

The specific tactics used to engage the audience include panelists topics centered around these content areas, allocating approximately 8 minutes for each.

Organizational Context: The organization’s mission is understood and informs cybersecurity risk management. Internal and external stakeholders are determined, and their needs and expectations regarding cybersecurity risk management are understood. Expectations and legal, regulatory, and contractual requirements surrounding the organization’s cybersecurity risk management decisions are understood.

Risk Management Strategy - The organization’s priorities, constraints, risk tolerance, need statements, and assumptions are established, communicated, and used to support operational risk decisions. Senior leaders agree on cybersecurity objectives and use them for measuring and managing risk and performance. A strategic direction that describes appropriate risk response options is established and communicated. Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties.

Cybersecurity Supply Chain Risk Management - Organizational stakeholders identify, establish, manage, monitor, and improve cybersecurity supply chain risk management processes. Policies and procedures require provenance records for all acquired technology products and services. Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle. Leaders require periodic risk reporting about how acquired components are proven untampered and authentic.

Roles, Responsibilities, and Authorities - Cybersecurity roles, responsibilities, and authorities are established and communicated to foster accountability, performance assessment, and continuous improvement. Organizational leadership is responsible and accountable for cybersecurity risk and encourages a risk-aware, ethical, and continually improving culture. Leaders (e.g., directors) agree on their roles and responsibilities in developing, implementing, and assessing the organization’s cybersecurity strategy. The Leader’s expectations are shared, and the cybersecurity risk strategy is monitored.

Policies, Processes, and Procedures - Policies, processes, and procedures for managing cybersecurity risks are established based on organizational context, cybersecurity strategy, and priorities and are communicated and enforced. Personnel must acknowledge the receipt of policies when first hired, annually, and whenever a policy is updated. Policies are updated to reflect changes in technology (e.g., adoption of artificial intelligence) and changes to the business (e.g., acquisition of a new business, new contract requirements).

Oversight - Results of organization-wide cybersecurity risk management activities and performance are used to inform, improve, and adjust the risk management strategy. Measurements are collected about how well the risk management strategy and risk results are helping leaders make decisions and achieve organizational objectives. Key performance indicators (KPIs) are reviewed to ensure that organization-wide policies and procedures achieve goals. Metrics on cybersecurity risk management with senior leadership are collected and communicated.

More [+]

Supporting research

Supporting research will include ten years of the U.S. Department of Commerce, NIST, Cybersecurity Framework and their journey to achieve cybersecurity improvement (https://www.nist.gov/cyberframework), with our focus being solely on how that applies to K-12 Education.

More [+]

Session specifications

Topic:
Leadership
Grade level:
PK-12
Skill level:
Beginner
Audience:
Chief technology officers/superintendents/school board members, Curriculum/district specialists, Technology coordinators/facilitators
Attendee devices:
Devices useful
Attendee device specification:
Laptop: Chromebook, Mac, PC
Tablet: Android, iOS, Windows
Subject area:
Career and technical education, Not applicable
ISTE Standards:
For Education Leaders:
Visionary Planner
  • Engage education stakeholders in developing and adopting a shared vision for using technology to improve student success, informed by the learning sciences.
  • Build on the shared vision by collaboratively creating a strategic plan that articulates how technology will be used to enhance learning.
  • Share lessons learned, best practices, challenges and the impact of learning with technology with other education leaders who want to learn from this work.

People also viewed

Game-Based Learning for Multilingual Learners
Live from ISTE 2024… It's the ISTE Standards for Students Game Show!
Project-Based Learning with Virtual Reality!