Page 22 - The Edge - Fall 2018
P. 22
Response Plan Can Ease Pain copy of the plan to each core response member, scheduling
Continued from page 21 meetings to walk through the CIRP with the team, discussing
collaboration processes for gathering and dissemination of
information, ensuring all participants understand their role in
Sanders said the focus should be on “what if?” “What will the plan and that they have the tools necessary to successfully
we do?” Sanders said. “Who are the team members? Make participate.
sure everybody knows what their responsibilities are. Try to “Make sure you have a person assigned to take notes and
minimize chaos.” document issues and concerns as they arise,” LeSueur said. He
The Workbook spells out the responsibility of the incident listed some possible cyber incidents:
response team. “It should provide immediate, effective, and A Denial of Service attack: An unknown attacker is preventing
skillful response to unexpected incidents with information authorized users to access your network and resources.
security implications,” Sanders said. “That would include Ransomware Attack: An unknown attacker has been able
the response to incidents that negatively impact the to compromise your network and encrypt critical files used by
confidentiality, integrity, or availability of the district’s your district.
systems or data.” Network Outage: A backhoe working near your school has
It’s important to know what kind of data is on each of accidentally dug up your network circuit and cut the link. Your
your systems. Sanders posed some questions: “Who is the district has no connectivity. An Intergovernmental Agency Providing:
data owner? IT is not the data owner. The CFO is. Who is Data Breach: The Superintendent has been notified by an
communicating? IT? Probably not. The Superintendent? Or is outside organization that sensitive data has been exposed on
there a Director of Communications?” the internet. • Over 40 Years of Cooperative
LeSueur of The Trust cautioned: “Do not get stuck thinking Unks summed up, noting that cyber attacks are on the rise Contract Experience
this is an IT problem. It is not. It’s an organizational problem. for school districts, and a CIRP can be very helpful because
Get everyone to accept the importance of having a cyber in the moments following discovery of an incident, it can • Arizona Compliance
incident plan. You need sponsorship from leaders.” be difficult to identify who is in charge and what should be
He also said, “Don’t get caught in a situation where someone done. • Strength of Volume Purchasing
tells you, ‘OK, do it.’ This isn’t a go do it me – it’s a go do it we. In addition, having a CIRP can help prevent data loss as well
You want organizational buy-in to get the plan up and running.” as significant fines and costly public backlash. • Reduction of Administrative
LeSueur mentioned possible incidents, such as if the “You don’t want your Superintendent on the nightly news
internet goes out or an application becomes unresponsive. talking about what happened,” she said. “The Trust has Time and Expense
“Think through the roles of the people who are going to be cybersecurity and risk-management experts and resources to
part of that team,” he said. “A CIRP is necessary because it can assist you with your cybersecurity programs.” • Highly Vetted Vendors
turn chaos into structure. A CIRP provides a documented,
step-by-step process to manage through an incident. The David Sanders can be reached at: dbsanders@mpsaz.org or (480) 472-0005. • Expert Contract Management
Trust can help you get through it by turning chaos into • Audit & Procurement Teams Assisting
proactive action.” Ted LeSueur can be reached at: tlesueur@the-trust.org or (602) 222-3841.
LeSueur recommended having one-on-one conversations in Price Verification
with each team member, providing a hard copy and electronic Ruth A. Unks can be reached at: ruthunks@yahoo.com or (602) 290-7403.
22 THE EDGE | FALL 2018 Kingman 928-753-6945 | Phoenix 602-277-4290 | Tucson 520-888-9664 | www.mesc.org
