Initial Assessment: Assessments conducted in each of the past three years, including four (4) external assessments, have identified a need for increased scrutiny of the district network and data security posture. The District takes information security seriously and has a mature Information Security Officer (ISO) organization providing oversight and security vulnerability monitoring and remediation direction. Currently, the district network architecture standards appear to be inconsistent with network security best practices. The current district firewall infrastructure does not meet industry standard minimum requirements for enterprise-grade and purpose-built security appliance firewalls. Additionally, gaps in network access control (wired and wireless networking) and in the use of data loss prevention tools affect the district security posture. Finally, successful phishing and successful spear-phishing attempts at accessing district network resources are clear indicators of a need for additional end-user security awareness training.
Indicators of Success: