Case Study: Premier Collegiate School
You are the new director for Information Technology at PremierCollegiateSchool. The school teaches grade 7 through grade 12 with 300 students and 30 staff members and faculty. Each of the 10 administrative staff members has a dedicated desktop computer. The school’s principal has a notebook computer that she takes home and when traveling to conduct both school business and personal tasks. She maintains a Facebook account and has opened a MySpace account to monitor the activities of the students who also have such accounts. The teachers have 10 computers that they share in the teacher’s lounge to record grades and do all work associated with conducting their assigned classes (daily lesson plans, research, handouts, tests, quizzes, and final exams).
The school has two file servers. One is for administration business and the other serves student computing needs. The administration server has dedicated storage for each of the teachers and both hardwired access and wireless Local Area Network (LAN) access throughout the school. The student server has applications the students might need for their schoolwork, and provides wireless access for student-owned laptop computers. All students are required to have a laptop computer with wireless access. In addition, the school has a dedicated computer lab with 25 desktop computers for the students to use in computer science classes.
In your Lab Report file, list the risk elements at the school.
The following risk elements are apparent at the school:
Principal conducting business and personal tasks on same computer
Shared teacher computers – what levels of control/access are applied?
File Servers – levels of control/access are applied?
Network – can any systems be connected or is approval needed?
Wireless – can be an insecure connection method. Is authentication and transmission of information encrypted?
The school’s principal has requested that you prepare an IT asset list and a high-level prioritization or ranking of the IT assets given the function and purpose for administrative or student computing requirements. Fill in the table as follows:
Family Educational Rights and Privacy Act (FERPA)
Based on your experience and knowledge of schools, create a comprehensive asset list. Keep in mind that assets include more than just physical objects you can hold. Do not forget that assets include electronic information, such as student records, lesson plans, test banks, and so on. Assets also include key personnel, such as knowledgeable instructors and important administrators.
Determine the importance of each asset to the school function by ranking its placement on the list (starting with 1 as the most important, 2 as the second most important, and so on).
Using Figure 1 that follows the table, identify which of the seven domains of a typical IT infrastructure each asset resides in. The data, systems, or applications may have student privacy data elements.
Perform a high-level FERPA compliance assessment identifying where student privacy data resides and assessing the security controls protecting that data.
Prioritize each asset by assigning it a Critical, Major, or Minor classification
List three recommendations for IT security policies to help mitigate the risk exposures in the school’s IT infrastructure
Which IT assets did you prioritize as critical to administrative or student computing?
List your top five (5) risk exposures for which you believe this school should have specific risk-mitigation strategies.
Given the potential risks that you identified, what IT security policies would you recommend that the school create to help mitigate each of the identified risk exposures you listed in question #2?
True or false: FERPA compliance law is about protecting students’ privacy data, including personal information, grades, and transcripts. The law itself defines a privacy requirement but it does not specifically address security controls and security countermeasures.
Given that student privacy data is typically housed within administrative computers, systems, and databases, what can you do to mitigate the risk exposure that a student or someone on the student or school’s network can access these systems?
For a school under FERPA compliance law, do you think the administrative computing or student computing network infrastructure is more important from a business and delivery of education perspective?
The school monitors the use of student social networking on Facebook™, MySpace™, and Twitter™. What should the school define and implement if it wants to define acceptable and unacceptable use of school IT assets, Internet, e-mail, and use of personal laptop computers on the school’s network?
We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.Read more
The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.Read more
The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.Read more
By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.Read more