Cybersecurity
Single Hero Image interior pages
Keeping students and staff safe online
Add an extra layer of protection to your existing technology services. Whether you need a comprehensive cybersecurity program or training for employees and students, we have you covered. The San Diego County Office of Education (SDCOE) offers trained and certified experts with experience in safe internet practices and secure installation of systems and networks.
How We Can Help
- Vulnerability assessment, penetration testing, and remediation services to help detect, identify, and analyze current network, server, and / or endpoint vulnerabilities and threats
- Cybersecurity framework implementation
- Setup and configuration guidance for firewalls, secure networks, and domain management
- Security policy review and recommendations (board policies, administrative regulations, internal guidelines, etc.)
- Post-incident Services: Cyber incident response and digital forensics
Get in Touch
- Email: securinginfo@sdcoe.net
- Phone: 858-298-2211
- View the Cybersecurity brochure
Events (Upcoming/Recorded)
- 2023 National Summit on K-12 School Safety and Security
- 2023 Red Herring Conference
- 2022 MFA Conference
2023 National Summit on K-12 School Safety and Security
2023 Red Herring Conference
Red Herring Conference
May 4 - 5, 2023
As an IT professional in K-12 education, the importance of your role has become increasingly evident in today's digital landscape, where cyberattacks and data breaches are a common occurrence. To stay ahead of these threats, join us at the 2023 Red Herring Conference, where you will have the opportunity to participate in interactive training, hands-on labs, and learn best practices to reduce the threat of cyber incidents.
You will also have the chance to gain valuable insights from the SDCOE Cybersecurity team and other K-12 local educational agencies as they share experiences, and real-world use cases and solutions. Additionally, you will learn about anti-phishing playbooks that can help your organization take a people-centric, behavior-based approach to incident prevention and reduction.
Join us May 4 and 5 from 8 a.m. to 12:30 p.m. to take an active role in protecting your school district, charter school, or county office from cyber incidents.
Registration Instructions
Create a Sched account
(if you don't already have one)
Sign up for a free account with your email here: https://redherring2023.sched.com/signup
Register for the Conference
Use the link in step one to complete the registration form, then click on Register Now.
Pick your preferred sessions!
For each time slot, click the desired session so a checkbox appears. In addition to all-attendee sessions you can select Padawan (beginner) or Jedi Council (experienced RH user) sessions. Or mix and match!
Complete your Profile (this is the Way)
Click Edit Profile and complete. We recommend that you enable "Make my profile & schedule public" to network with others. Click Save Settings. If desired, upload a photo (we won't share it with the empire)
DONE!
Speakers
SSA Nick Arico
National Security Cyber Supervisory Special Agent
FBI
Brad Bookser
Director of Information Technology
Sage Oak Charter Schools
Kip Boyle
Founder/Chief Information Security Officer
Cyber Risk Opportunities
Jennifer Cohen
Director of Cyber & Governance
Hub International
Ivan Constantino
Web Developer/Programmer
SDCOE
Claudia Cruz
Information Technology Systems Administrator
Los Gatos Union School District
Adam Doty
Director of Data Processing & Network Services
Riverside County Office of Education
Dr. Francisco Escobedo, Ed.D.
Board Member
State Board of Education (SBE)
Stuart LeBlanc
Cybersecurity Architect
SDCOE
Amy Liang
Director of Technology, Assessment, and Accountability
Los Gatos Union School District
Burt Lo
Chief Technology Officer
Stanislaus County Office of Education
Terry Loftus
Chief Information Officer/Assistant Superintendent
SDCOE
Travis McElvany
Executive Vice President/Risk Manager/Global Broker
Hub International
Danny Pasawongse
Executive Director of Technology Infrastructure and Operations
SDCOE
Casey Powers
Assistant Vice President, Cyber and E&O
Chubb Insurance
Uyen Quach
Senior Manager, Integrated Apps & Systems
SDCOE
Carlos Salazar
Director of Technology and Innovation
King-Chavez Neighborhood of Schools
Haison Tran
Application Architect
SDCOE
Brandon Schut
Career & Educational Technology Coach
Stanislaus County Office of Education
Vong Sopha
Cybersecurity Analyst
SDCOE
Francisco Tamayo
Senior Director of Cybersecurity & Digital Privacy
SDCOE
Ruben Sandoval
Cybersecurity Analyst
SDCOE
2022 MFA Conference
MFA Conference
Oct. 27 - 28, 2022
San Diego County school districts and charter schools are facing cyberattacks of increasing frequency and complexity. One of the most powerful actions an organization can do to defend their data is to research, implement, and maintain multi-factor authentication (MFA). As stewards of vast amounts of sensitive student, staff and community data, the implementation of MFA will advance our collective efforts around data security and privacy.
The San Diego County Office of Education (SDCOE), in collaboration with Nth Generation, hosted a two-day conference Oct. 27 and 28, 2022, to engage with all participating districts and to help them in advancing MFA implementation. As you all may know, cybersecurity insurance companies are making MFA a requirement for next year and now is the time to enable MFA.
All registered participants received a swag bag with a workbook, which includes a project charter, project execution plan, communication plan, and more.
Implementing MFA satisfies many of the requirements for the following Center for Internet Security controls:
- 5.2 - Use Unique Passwords
- 6.3 - Require MFA for Externally Exposed Applications
- 6.4 - Require MFA for Remote Network Access
- 6.5 - Require MFA for Administrative Access
- 14.3 - Train Workforce Members on Authentication Best Practices
More to Explore
- Available Products and Services
- Red Herring Phishing Awareness Program
- Cybersecurity and JPA
- Resource Library
- Video Library
Available Products and Services
Awareness
Monthly Themed Flyers and Articles
Easy-to-read, eye-catching flyers and articles that can be used each month to communicate tips about security and privacy.
Live Presentation and Demo: Data Security
A one-hour presentation which includes a real-time hacking that provides not only a powerful message on the importance of security, but does so by leveraging quick tips and interactive participation between presenters and the audience.
Live Presentation: Data Privacy
A 1.5 hour presentation on the latest (student) data privacy risks and protective measures that can be taken in an ever evolving data-driven world.
Live Presentation: Social Media Safety
A one-hour presentation which provides an overview of the risks related to the use of social media and how both children and adults can take steps to protect themselves while using the latest applications.
Procedures
General and Technical
Leverage these procedure templates as a starting point towards security / privacy compliance and best practices in your school or district.
General Audience Procedures
- Antivirus
- Bring your own device
- Clean desk
- End user phishing
- FERPA compliance
- ID and secure personally identifiable information (PII)
- Minimum access
- Mobile device
- Passwords
- Removable media
- Social engineering
- Social networking
- Software installation (with and without) admin rights
- Travel security
- Wireless infrastructure
- Workstation security
Technical Audience Procedures
- Acceptable use of technology
- Acceptable encryption
- PCI-DSS
- Protection of computerized PII
- Wireless infrastructure
- Email use
- Virtual server security
Training
Train-the-Trainer Program: Data Security, Hacking Demo, Data Privacy, and Social Media Safety
Cybersecurity awareness programs are a proven method to stop the threat of cyberattacks. This program provides the materials, subject matter experts, and initial hands-on preparation which enables districts to implement and maintain their own cybersecurity awareness programs.
SDCOE's CoSN Trusted Learning Environment (TLE) Cohort Program
The TLE Seal Program is the only all-encompassing program addressing school system student data privacy and security. It provides system leaders the guidance needed to put effective privacy practices in place, and signal that they are taking measurable steps to assure the protection of student information.
Vulnerability Assessment
Interview-Based Assessments
- Cloud services
- Baseline hardening: Server and client side
- Patch management
- Security policies
- Viruses and worms
Onsite Assessments
- Penetration testing
- Physical security of the data center / work environment
- Unsafe software apps
- Vulnerability scanning
Red Herring Phishing Awareness Program
Red Herring is a system that sends simulated phishing emails and tracks the actions taken by the targeted users. It was developed by the San Diego County Office of Education in order to promote cybersecurity awareness amongst their users. It also enabled the County Office to identify users who were in need of additional cybersecurity awareness training on ways to identify phishing messages.
Red Herring Features
- A full-featured phishing training and analytics platform.
- Easy to use: With minimal training, a phishing campaign can be created using the existing library of templates.
- Customizable: Users can create their own custom email and landing page templates.
- Synchronize users from Azure, Active Directory and Google G-suite.
- Fully supported by the SDCOE CyberSecurity team.
- Created for K-12, by K-12 professionals.
Phishing Awareness Videos
- Red Herring Introduction
- Red Herring Marketing Video
- Phishing
- Cybersecurity Phishing Awareness – Red Herring
Documents
Support
Cybersecurity and JPA
Cyber liability insurance protects school districts in the event of cyberattacks or data breaches. The insurance covers the costs schools could face in the wake of ransomware attacks and other cybersecurity dilemmas.
|
|
 |
|
main contact
Julie Nester
Sr. Manager, Prop & Liab Prgm
JPA Funds
Linda Vista Campus
julie.nester@sdcoe.net
858-295-6956
Resource Library
Awareness
- Article: 10 Commandments of Password Management (PDF)
- Article: Cyberbullying and Social Media (PDF)
- Article: Digital DNA and Identity Theft (PDF)
- Article: How to Protect Against Ransomware (PDF)
- Article: Identity Theft Protection Tips (PDF)
- Article: Mobile Device Security (PDF)
- Article: Social Media, Education and Data Privacy (PDF)
- Article: Sometimes (Free) WiFi Can be Costly (PDF)
- Article: USB Flashdrive Security (PDF)
- How-To Guide: Attach Emails As Attachments (PDF)
- How-To Guide: Clear Browser Cookies (PDF)
- How-To Guide: Clear Browser Cookies & Cache on Mobile Devices (PDF)
- How-To Guide: How to Clear Cache (PDF)
- How-To Guide: Reset Home Router Password (PDF)
Awareness Online Training
- Be Internet Awesome (ages 7-12 withgoogle.com)
- Cybersecurity Awareness Training (amazon.com)
- Phishing Awareness Training (withgoogle.com)
Guidelines
- Data Handling Best Practices (PDF)
- Software Security Updates (PDF)
- Template: Acceptable Encryption Standard (DOC)
- Template: Acceptable Use of Tech Procedure (DOC)
- Template: Bring Your Own Device Procedure (DOC)
- Template : Clean Desk (DOC)
- Template: Desktop Anti-Virus Procedure (DOC)
- Template: Email Use Procedure (DOC)
- Template: End User Phishing Procedure (DOC)
- Template: FERPA Compliance procedure (DOC)
- Template: Identifying and Securing Personally Identifiable Information V1 (CSP012) (DOC)
- Template: Minimum Access Procedure (DOC)
- Template: Mobile Device Encryption Procedure (DOC)
- Template: Removable Media Procedure (DOC)
- Template: Social Engineering Avoidance Procedure (DOC)
- Template: Social Networking Procedure (DOC)
- Template: Software Installation For Administrators Procedure (DOC)
- Template: Password Procedure (DOC)
- Template: PCI-DSS Procedure (DOC)
- Template: Protection of Computerized Personal Information Procedure (DOC)
- Template: Software Installation For Non-Administrators Procedure V1 (CSP016) (DOC)
- Template: Travel Procedure (DOC)
- Template: Virtual Machine Security Procedure (DOC)
- Template: Virtual Server Security Procedure (DOC)
- Template: Wireless Infrastructure Procedure (DOC)
- Template: Wireless Infrastructure Standard (DOC)
- Template: Workstation Security Procedure (DOC)
Procedures
- SDCOE Bring Your Own Device Procedure (PDF)
- SDCOE Email Use Procedure (PDF)
- SDCOE Mobile Device Encryption Procedure (PDF)
- SDCOE Password Procedures (PDF)
- SDCOE Removable Media Procedure (PDF)
- SDCOE Virtual Machine Security Procedure (PDF)
Recommended Reading
- 2024 Cyber Security Report (checkpoint.com)
- K-12 Digital Infrastructure Brief: Defensible and Resilient (tech.ed.gov)
- Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023 (cybsafe.com)
- Partnering to Safeguard K-12 Organizations (cisa.gov)
- The State of Ransomware in Education 2023 (sophos.com)
Student/Teacher Resources
- Cyber.org
- Cyber Spacers (game)
- Connect Safely - Smart Socializing Starts Here
- FBI - Safe Online Surfing (game)
- NetSmartz Kids
- National Cybersecurity Alliance - Stay Safe Online
- PBS - CyberChase (game)
- Stop Bullying Now! What Kids Can Do
External Links
- Center for Internet Security (CIS)
- Cybersecurity & Infrastructure Security Agency (CISA)
- Cybersecurity for K-12 Education (CISA)
- K12 Security Information eXchange (K12 SIX)
- National Cybersecurity Alliance (staysafeonline.org)
- Online Toolkit: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats (CISA)
- Privacy Technical Assistance Center (U.S. Department of Education)
Video Library
SDCOE Awareness Videos
- Internet Scams
- Lock your Workstation
- Mobile Device Security
- Ransomware
- Passwords
- Personally Identifiable Information (PII)
- Phishing
- Phishing, Vishing and Smishing
- Safe Browsing
- Secure Our World (cisa.gov)
- Security in the Classroom
- Social Engineering
Recommended Awareness Videos
- CSEN: Cyber Security Entertainment Network (staysafeonline.org)
- Kubikle - a comedy series about cybersecurity (staysafeonline.org)
- Phishing vs smishing vs vishing (Google)
- Recognize and Report Phishing (CISA)
- Secure Our World: Simple Steps to Protect Your Family (CISA)
- Security Awareness: Email and Phishing (SANS)
- We Can Secure Our World (CISA)