Safety & Security

Security

Sam Rayburn ISD Safety & Security Plan

 

TEAM

 

Sam Rayburn ISD has formulated a district security team made up of administrators, principals, teachers, students, parents and community members as well as county safety personal. The team is responsible for making recommendations to the school board of education. The team will go through the safety and security audits every other year and stay vigilant as to new technologies and recommendations from Homeland Security, Texas Education Agency, The FBI, CISA, MS-ISAC Advisories, and others. 

 

UPDATES and PD

 

Sam Rayburn ISD Cybersecurity Officer keeps the district updated with policies, procedures, news, and current threats on a regular basis through email, online PD, and required Security Training. All employees are required to complete the Safety and Cybersecurity training provided by the district. Security updates include notifications from Homeland Security and their Sentinal Appliance on the latest Phishing Schemes. 

 

All students will be instructed in Cybersecurity and safety modules and must pass an Acceptable Use Policy exam for their grade level before they are able to gain access to the network. 

 

The Sam Rayburn Tech Department uses Homeland Security Alerts to block malware injected IP addresses and to blacklist malicious sites. 

 

EMERGENCY COMMUNICATION

Sam Rayburn ISD is committed to providing all stakeholders with immediate communication as required to keep all stakeholders safe and protected. The district employs several logging and notification programs for alerting the appropriate staff to cybersecurity issues, cyberbullying, and self-harm notifications. Additionally, the district employs handset radios and a desktop SchoolMessenger program. 

NOTIFICATION of BREACH

Sam Rayburn ISD will notify TEA of any data breach dealing with student information. The form for notification can be found here

ABCD BACKUP SCHEDULES

Sam Rayburn ISD utilizes multiple backup sites and schedules to protect the district's critical and private data. We schedule offsite data backups each night, weekly offsite and cloud backup, and external drive backups detached from the network and stored in a fire-safe place on a monthly schedule. Sam Rayburn ISD also employs a 3rd party backup Office 365Google Vault for email. 

NETWORK PROTECTION

Sam Rayburn ISD utilizes multiple enterprise protection services for prohibiting malware, adware, spyware, and viruses. All devices are monitored and tracked for excessive bandwidth usage and possible infection. All IDFs, MDFs, and NOC are protected by secure locations and monitored for temperature, power outages, and humidity.  All critical stations and servers are connected to UPS units to enable graceful power-down procedures. All wiring closets are connected to IP cameras for intrusion protection. 

security awarness

Security Awareness Begins with You!


Internet Safety Policy: CIPA requires the adoption and enforcement of an “Internet safety policy” covering the filtering & use of the Internet. For schools, the policy must also address “monitoring the online activities of minors.” (See Cybersecurity Policy below)


As an employee of a governmental agency, best practices require that everyone is trained in Security and Awareness procedures. You will be given awareness information as the technology department is made aware of potential security risks.

SECURITY, PRIVACY, and CRISIS MANAGEMENT for TECHNOLOGY DEPARTMENT

 

External Threat Deterrence

o    Ensure all doors and windows are in good repair and lock properly 

o    Lock overhead and receiving doors with high-quality padlocks

o    Install cameras at all access points to allow or disallow "buzz-ins" as needed 

o    Light all exterior entries with fixtures that are difficult to reach or tamper with 

o    Add surveillance cameras and motion detectors in appropriate areas  

o    Add a locked door or barrier as the first line of defense if necessary with appropriate signage according to access under CJIS laws

o    Ensure hidden areas are well protected. They are the most vulnerable areas  

o    Leverage a monitored intrusion system to help deter crime and to alert emergency personnel if a crime event occurs

o    All data transfers and backups offsite are encrypted with 256-bit data encryption procedures. 

 

Internal Threat Deterrence

o    Running background checks on potential employees before making a job offer 

o    Restrict who has access to your security system’s arm and disarm codes

o    Removing ALL personal information files and data files from the desktop

o    Restrict access to all infrastructure components (NOC, IDFs, MDFs) Post warning signs: Prosecution under CIIS Security Act.

o    If providing keys/access cards, give them only to those employees who need them for their jobs 

o    Employ an access control system – access cards are difficult to copy, cost less and are easier than keys to replace if lost or stolen 

o    Use security cameras that record to monitor areas where the money is kept and where valuable equipment is used or stored. Cameras are a strong deterrent to theft.

o    Deploy an intrusion detection system and train employees on coded phrases

o    Maintain temperature control and alert devices, temperature probes, and fire alarms

o    Deploy halogen fire suppression system for the Network Operations Center instead of a water sprinklers.

o    Access control all inventory, storerooms, maintenance equipment entrance and exit points.

o    Practice safe & exemplary backup/recovery procedures (A, B, C, D backups to different locations- each campus, UT Health Center & Cloud backup through Spanning and Region 20)

o    Require employees to run updates and scanning programs on all machines under their care

o    All faculty members are responsible for monitoring and teaching students concerning Internet Safety (CIPA & DOPPA), Student Privacy, Anytime-bullying, Acceptable Use Policies, and Ethical Use of district digital resources. 

o    The District deploys the StopIt to monitor for cyberbullying and harmful threats in emails. 

Crisis Management & Preparedness

o    Make sure all employees are trained on security, privacy, and emergency procedures, then perform regular drills 

o    Keep your emergency contact list updated 

o    Test your security systems monthly to make sure they are working properly 

o    Review your log reports weekly to look for irregularities and before too much time has passed 

o    Carefully train new employees to ensure safety and security procedures are being followed\

o    Keep critical data on offsite servers and backup storage devices. 

o    Keep employees informed of all current threats such as malware, spyware, trojans, viruses, and socially engineered SCAMS

o    Require all employees to report any suspicious behavior or unauthorized access to digital or hardware resources. 

o    Update policies regularly to stay ahead of threats and emergency procedures. 

  •  
  •  
    •