The Greenville School District still seems to be reeling from the fallout over confidential student data. The Greenville News announced that the district is implementing a training session for administrators regarding data security.
Greenville County Schools unveiled a new computer security awareness program to trustees Tuesday. Superintendent Phinnize Fisher described the program as a professional development and training tool. She said the district has been using the program to train its principals and staffers to help them keep up with their data, laptops and so forth…
…Fisher said the program unveiled Tuesday isn’t related to the disposal of computers in any way.
GreenvilleOnline.com -Local News-School staff trained on computer security – (12/13/2006)
There was another shorter article in the paper Monday regarding this new training session. I don’t remember the exact wording, but it alluded to content in the training that would address exactly what the district’s technology staff should handle. It sounded more like a CYA statement worked into the training.
I’m not knocking the inclusion of material like this in training, and I think it’s probably a good idea. I get this all the time. Someone gets upset over something they feel is wrong and somehow it involves a computer or the network. Therefore I get a phone or e-mail call assigning blame to either me or someone on my staff. It doesn’t matter if it is only peripherally associated with technology or if the real parties to blame aren’t anywhere around, I usually have to deal with it.
In the wake of this, I’ve been reviewing our district’s data policies. My tech team and I will be creating some new guidelines and instructions for administrators (again) about handling sensitive data. Problems like this can’t be solved with technology alone. There will always be a human element – someone who copies information to a thumb drive then leaves it lying around. You also can’t solve this by restrictions. You can’t limit a staffer’s access to information if they need it to complete their job, and it would certainly be foolish to ban thumb drives, floppies, etc. You must rely on policies and hope that you have hired professionals who will be mindful of such things.
Of course, there always be human factor,but we can make this human factor less by information security awareness training!
http://www.infosecuritylab.com