Basic Tool Kit for Cybersecurity in Education Management Information Systems

Hariharan, Anand; Yamamichi, Masatake

The increased reliance on online schooling modalities calls for provision of sufficient security in education management information systems (EMIS).

education information and communications technology education sector development

Authors

Hariharan, Anand, Yamamichi, Masatake

DOI: http://dx.doi.org/10.22617/WPS240301-2

Dimensions: 8.5x11

ISSN: 2789-0619(print) 2789-0627(electronic)

Published in: Philippines

SKU: WPS240301-2

pages: 98

Contents 5
Tables and Figures 7
Foreword 8
Acknowledgments 9
Abbreviations 10
Executive Summary 11
Part 1: What is Cybersecurity in Education Management Information Systems? 15
I. Introduction 17
A. Purpose and Scope of the Tool Kit 17
B. Structure of the Tool Kit and How to Use It 18
C. Case Scenario for EMIS 19
D. Current Security Posture of EMIS 20
II. Key Cybersecurity Attributes and Their Relevance to Education Management Information Systems 22
III. Standards and Frameworks for the Tool Kit 23
IV. Integration with National Enterprise Architecture 24
Part 2: The Whys and Hows of Cybersecurity 27
V. Guiding Principles for Cybersecurity in Education Management Information Systems 29
VI. Data Dimensions in Education Management Information Systems 32
A. Data Classification Including Guidelines on Personal Data Classification 33
B. Data Life Cycle in Terms of Collection, Storage, Processing, and Disposal 37
C. Quick Reference Checklist—Data 44
VII. People and Organization Dimension to Enable Cybersecurity in Education Management Information Systems 44
A. Leadership and Role Separation between Governance and Operations 45
B. Skill Sets Needed for the EMIS Security Team 47
C. Organizing the Cybersecurity Teams—Red Teaming 49
D. Training, Communication, and Behavior of EMIS Users and Staff 50
E. Quick Reference Checklist—People and Organization 52
VIII. Process Dimension to Enable Cybersecurity in Education Management Information Systems 52
A. System Design Processes for EMIS Security 53
B. Processes Related to EMIS Security Operations 58
C. Managing Insider Threats and Malicious Actors 61
D. Quick Reference Checklist—Process 63
IX. Technology Dimension to Enable Cybersecurity in Education Management Information Systems 64
A. Essential Security Products in EMIS Network and Suggested Deployment 64
B. Cybersecurity Considerations in Technology Acquisition for EMIS 69
C. Managing Life Cycle and Provenance Differences 71
D. Quick Reference Checklist—Technology 72
X. Governance Dimension to Enable Cybersecurity in Education Management Information System Implementation 73
A. Risk Management Plan 73
B. Governance of Outsourcing Contracts 78
C. Key Metrics for Monitoring and Evaluation 82
D. Quick Reference Checklist—Governance 84
XI. Phased Implementation Approach 85
A. Indicative Resourcing for the Three Implementation Phases and Associated Human Resource Costs 91
B. Indicative Capital and Operating Expenditures with Respect to Cybersecurity Tools and Technologies 92
Appendixes 94
A. Questionnaire for Cybersecurity Assessment 94
B. Impact of Weaknesses in Data Life Cycle Management 95
C. Cybersecurity Considerations for EMIS System Integrator Selection 97

Basic Tool Kit for Cybersecurity in Education Management Information Systems

Authors

Table of Contents

Related Topics

Share artifact

Add to list

Citation

Full-page Screenshot