| |NOVEMBER 20258EUROPEEUROPETECHNOLOGY SOLUTIONS THAT DRIVE EDUCATION SECTORIN MY OPINION Risk assessments are fundamental to any cybersecurity program. The reason is simple: districts need to understand their risks, identify which systems and data are most important, and determine how to address those risks. Once risks have been assessed and decisions are made about how to respond to them, cybersecurity programs can be designed to manage those risks appropriately.Risk is typically calculated as a function of vulnerabilities and the likelihood that those vulnerabilities will be exploited. Vulnerabilities can be physical--such as the risk of flooding in a data center, unauthorized physical access to sensitive equipment, or fire. Others are technical or administrative, such as improper system configurations or users having unnecessary access to sensitive data and applications.The likelihood of a vulnerability being exploited ranges from the highly improbable (e.g., a comet strike) to the almost inevitable (e.g., successful phishing attacks). Other risks--such as natural disasters, power outages, cyberattacks, or user error (like accidentally sharing sensitive data via Google Docs)--fall along this spectrum. Risk, then, is a combination of vulnerabilities and the likelihood that the vulnerability will be manifested.The next critical question is which risks need to be addressed and how?It's essential to distinguish between what risks a district By Don Ringelestein, Executive Director of Technology, Yorkville CUSD #115RISK OWNERSHIP AND DECISION-MAKING INK-12 CYBERSECURITY PROGRAMS
< Page 7 | Page 9 >