Data Privacy & Security Service
As data security laws evolve to protect against the ever changing threat landscape, school districts must have appropriate resources, policies, and practices to securely manage sensitive data. The CNYRIC’s Data Privacy and Security Service (DPSS) is designed to help districts meet these demands. Participating districts will have access to leadership resources, the RICone software inventory system, facilitated communication with district Data Privacy Officers, guiding templates for policies and procedures, a training curriculum, and regular forums to learn about everything from NYSED news to the latest industry trends in data security. The DPSS core service has the ultimate goal of helping districts protect critical data, while ensuring compliance with NYS Education Law 2-D and the Parents Bill of Rights. |
The DPSS CoSer Includes
RICone Inventory ToolThis application enables districts to compile a list of their software inventory as well as linking to third-party vendor’s software privacy policies and notices, thus enabling districts to comply with the provisions of the New York State Parents’ Bill of Rights. Over 800 products are currently included in the database, and districts may submit requests for additional products. |
Digital Digests & Archived DigestsQuarterly newsletter on the topic of data privacy and security with current information, effective strategies, best practices, and leadership resources. |
D3—Digital Digest DebriefThe D3 is a comprehensive webinar on a featured topic from the Digital Digest. |
Digital BlastsTimely information as it occurs to keep districts informed of the latest developments in the field. |
Information Security Online PD for TeachersWeb-based security awareness training that follows a structured outline, including a formal assessment and printable certificate of completion. Materials are made available through the RICone initiative. |
User Group ForumsRegular forums for district data security personnel to meet and learn from security professionals, hear about the latest security/compliance news from NYSED, and share best practices around cyber security. |
Policy & ProcedureProper planning starts with proper direction and guiding documents. Districts will be provided best practice documents and templates to help support their data security planning; including documentation for: Information Security Policy, Internet Access & Security Policy, Privacy Policy, Incident Response Policy, Breach & Security Failure Notification Policy, Risk Management Plan, Disaster Recovery Plan, and Parent Bill of Rights. |
 |
Training, Network Assessment & Testing Services
These services are available for an additional fee.
KnowBe4 Security Awareness TrainingKnowBe4 is an integrated platform for security awareness training combined with simulated phishing attacks. The service integrates baseline testing using mock attacks, followed by engaging, interactive, web-based training, and continuous assessment through simulated phishing, vishing and smishing attacks to build a more resilient and secure organization. The service provides a library of security awareness training content; including interactive modules, videos, games, posters, and newsletters. Pricing is per employee/per year, and for the greatest success, should include all district employees. Support for creating email campaigns, report generation, and initial setup is provided.  |
Security Assessment & TestingThe Security Assessment & Testing service allows districts to work with third party IT companies to build a customized security program. Services include risk assessments, cybersecurity training, awareness campaigns, incident response and tabletop planning, internal/external network penetration testing, policy development and review, wireless network testing, network architecture reviews, and more. Services can be customized to meet district needs. Please note, we are currently vetting vendors and obtaining contracts for these services so some services may not be immediately available. Please contact me for more information. |
