Good, Better, Best Journey to Cybersecurity Maturity

Charles Franklin, Assistant Superintendent of Technology services and Information services, Cypress-Fairbanks ISD

Approaching Cybersecurity: Good, Better, Best

In today’s education landscape, cybersecurity isn’t just an IT concern—it’s a district-wide imperative. From safeguarding sensitive student data to maintaining uninterrupted operations, school systems are increasingly being targeted by cyberattacks. With limited budgets, competing priorities and complex technology environments, how can K–12 institutions build strong, sustainable cybersecurity programs? One practical strategy is the “Good, Better, Best” approach. It’s a tiered framework that helps school leaders assess where they are, set realistic goals and make incremental improvements without overwhelming resources. Whether your district is just starting its cybersecurity journey or striving to reach a highly mature model, GBB provides a roadmap that scales.

Good: Establishing a Solid Foundation

The ‘Good’ level represents the foundational tools and processes that every organization should have in place to protect against basic security threats. These are the minimum requirements to establish a secure environment.

Tools:

• Endpoint Protection Platform (EPP): Protects individual devices from threats like malware and ransomware.

• Firewall: Monitors and controls network traffic based on security rules.

• Intrusion Detection System (IDS) / Intrusion Prevention System (IPS): Detects and potentially prevents identified threats.

• Security Information and Event Management (SIEM): Collects, analyzes and correlates security data.

• Patch Management: Ensures software vulnerabilities are addressed by applying the latest patches.

• Multi-Factor Authentication (MFA): Adds an extra layer of security by requiring more than one form of verification.

• Data Loss Prevention (DLP): Monitors and protects sensitive data from unauthorized access.

• Vulnerability Scanner: Identifies security weaknesses in systems and applications.

“It's about knowing where you are, making informed decisions and building sustainable systems over time. By aligning resources, leadership and strategy, school districts can build cybersecurity programs that are not just reactive but resilient”

Processes:

• Patch Management: Regular scanning for vulnerabilities, patch deployment and verification.

• Incident Response Plan: Steps to be taken in the event of a security incident, including detection, containment and recovery.

• Disaster Recovery Plan (DRP): Procedures for recovering IT systems and data after a disruptive event.

• Business Continuity Plan (BCP): Strategy for maintaining business operations during and after a disruptive event.

• Security Awareness Training: Educating employees about security best practices and potential threats.

• Access Control Management: Managing user access to systems and data based on roles and responsibilities.

Better: Growth and Maturity

The ‘Better’ level signifies more mature and robust security tools and processes. Districts can move into more sophisticated solutions once the foundational elements are in place. The level integrates automation, broader coverage and deeper insights.

Tools:

• Extended Detection and Response (XDR): Provides integrated threat detection and response across multiple security layers.

• Security Orchestration, Automation and Response (SOAR): Automates repetitive security tasks and orchestrates responses to threats

• Advanced Threat Protection (ATP): Enhanced threat detection capabilities and automated response actions

• Cloud Security Posture Management (CSPM): Monitors and manages security configurations in cloud environments.

• Threat Intelligence Platform (TIP): Aggregates and analyzes intelligence on potential threats.

• Application Security Testing (AST): Identifies vulnerabilities in applications through testing.

Processes:

• Advanced Incident Response Plan: Integration with threat intelligence and advanced tools.

• Automated Patch Management: Automated approach to managing and deploying patches.

• Continuous Vulnerability Assessment: Ongoing assessment of vulnerabilities and risks.

• Crisis Management Plan: Managing high-impact incidents affecting multiple business areas.

• Playbooks for Specific Scenarios: Detailed procedures for handling specific types of security incidents.

• Business Impact Analysis (BIA): Identifying and evaluating the impact of potential disruptions to business operations.

Best: Future State and Proven Capabilities

The ‘Best’ level represents the pinnacle of security maturity, where organizations have achieved advanced, proven and highly effective security capabilities. At this stage, your Cybersecurity efforts are proactive, predictive and deeply integrated into your operations. You’re not just defending against threats—you’re anticipating them.

Tools:

• Managed Detection and Response (MDR): 24/7 threat monitoring and response services.

• Managed Security Service Provider (MSSP): Outsourced monitoring and management of security devices.

• Automated Threat Hunting: AI and machine learning to detect and investigate suspicious activities.

• Threat Detection and Response (TDR) Solutions: In-depth analysis and response capabilities for advanced threats.

• Security Analytics Platforms: Advanced analytics and insights from large volumes of security data. Examples include Sumo Logic and Elastic Security.

• Zero Trust Architecture Solutions: Security model based on the principle of never trust, always verify.

• Security Operations Center (SOC): Enhances SOC operations with predictive analytics and automated incident response.

Processes:

• Threat Intelligence and Threat Hunting: Proactively identifying and analyzing potential threats.

• Automated Incident Response: Automation of response actions to security incidents.

• Advanced Disaster Recovery Testing: Comprehensive testing of disaster recovery plans.

• Continuous Improvement Programs: Ongoing efforts to refine and enhance security processes.

• Zero Trust Implementation: Security model based on strict access controls and monitoring for anomalies.

Final Thought: Progress Over Perfection

Cybersecurity is an ongoing journey. The Good, Better, Best approach offers a flexible framework to assess, prioritize and mature your district’s posture. The goal isn’t to jump from “Good” to “Best.” It's about knowing where you are, making informed decisions and building sustainable systems over time. By aligning resources, leadership and strategy, school districts can build cybersecurity programs that are not just reactive but resilient.

Disaster Recovery

Firewall

Predictive Analytics

Machine Learning

Business Continuity

Event Management