Digital Security

  1. Digital security provides the necessary precautions to best guarantee safety and security. This needs to be addressed in terms of student learning, as well as in terms of protecting students, employees, resources and the organization. While there are numerous technical strategies used to achieve effective digital security, fundamental to this end is a need for leadership to guide technical implementations through policy.

    A digital security policy is a critical element in developing a comprehensive security strategy (Alberta Education, 1999a, p.7). More often than not, security is compromised due to people’s actions rather than a failure of technologies. Such policy provides an understanding of ownership of responsibility, a vehicle for high-level consideration of security issues and a means of ensuring all members in the organization (students and employees) understand steps to best ensure safety and security.

    An important initial step is to understand what and who is being secured. In a school system, one of the primary concerns must be the students within the school authority. Even in small school authorities, one will often find students under protection - either with legally protected identities or whose identities need to be protected. Access to these students, their personal information or even knowledge of their location poses security risks to them and possibly their family. Protection of their digital information is critical to their protection.

  2. Access to students on the whole is a security consideration somewhat unique to school systems. While some organizations may disregard communications into the organization as an employee or client matter, this is not the case in education. In loco parentis (educator’s obligation to act as a natural parent) indicates that school authorities have, and always have had, a security responsibility. Policy is needed to guide personnel and students to enable digital citizenship learning, yet offer security.

  3. Additionally, computing systems and software must be protected. This includes protection of networks, servers, appliances, desktops, laptops, hand-held devices and any other active electronics device. This must occur for several reasons:

    • School authorities must ensure protection of data from those who have no rights to the data;
    • School authorities must ensure protection of the hardware itself;
    • School authorities must ensure protection of software; and
    • School authorities must ensure protection of devices from infiltration so it does not become a staging area for other illegal or illicit action.
  4. Finally, school authorities must protect the people within the school authority, as well as the school authority itself. This includes protecting employees’ private information, protecting their identity and protecting the storage and transport of their information. Frequently, personnel need guidance as part of policy implementation. Incorporating education to meet the policy objectives is often necessary. Policy can offer both rights and responsibilities. Additionally, the school authority itself needs protection. Its reputation and representation can be at risk. This is accomplished by securing information and by ensuring processes are established to provide direction in how the school authority is represented. Living in the 21st Century with ubiquitous connections world-wide heightens aspects of security considerations.

Document Actions