KAM WAI MING Principal of HKSKH Bishop Hall Secondary School Chairman of Hong Kong Association for Computer Education
The roles of school management and technical
support staff on implementing information and
network security measures
Security VS Convenience
Building a Cyber-Secure Culture
• Mindset
• Given the prevalence of cyber attacks, we need to stay alert and prepared.
• Leadership
• Set overall direction, establish priorities, maintain influence, and mitigate risks
• School IT Team should model good personal security habits based on guidelines
• Training and Awareness
• Awareness training programs build an
understanding of risks and provide specific steps for mitigating them.
Managing and Maintaining Cyber-security in School
• Policies and Procedures
• Infrastructure and Technology
• Education and Training
• Standards and Inspection
Policies and Procedures
• Include cyber risks in the school risk management process
• Nominate right person responsible for cyber security issues
• Systematic and regular review of cyber security policies, at least on an annual basis
• Ensure policies and procedures that incorporate cyber security concerns are in place
• Establish a routine reporting process for cyber risks within the school _
• Maintenance, Monitoring, and Analysis of audit logs
• Record cyber security incidents and actions taken
Infrastructure and Technology
• Secure configurations for hardware and software on mobile devices, laptops, workstations, and servers
• Ensure that appropriate filtering and monitoring is in place.
• Inventory of Authorized and Unauthorized Devices
• Managing user privileges
• Malware prevention
• Patch system software and application software
• Data Recovery Capability _
• Limitation and Control of Network Ports, Protocols, and Services
• Data Protection
ISP LINE A ISP LINE B ISP LINE C
Firewall Outbound Bandwidth Management
Wi-Fi Network and Existing School Network (Model 1)
Teacher
Wifi Network School existing Network
VLAN 2 VLAN 1
Student Wifi Network Guest
Wifi Network
VLAN 3
ISP LINE A
Wifi Network
ISP LINE B
School existing Network
Wi-Fi Network and Existing
School Network (Model 2)
ISP LINE A ISP LINE B ISP LINE C
Firewall Outbound Bandwidth Management
Wi-Fi Network and Existing School Network (Model 3)
Wifi Network School existing Network
VLAN 1 VLAN 2
Wifi Access Control
• Password login and password change regularly
• Bandwidth15Mbps/15Mbps
• Disconnect after 2hours
SSID :
BHSS_GUEST
• Student account login
• Bandwidth15Mbps/20Mbps
• Need to relogin after 3 days disconnect
SSID :
BHSS_STUDENT
• Teacher account login
• Bandwidth 40Mbps/40Mbps
• Need to relogin after 3 days disconnect
SSID :
BHSS_TEACHER
• MAC-based authentication
• Bandwidth20Mbps/30Mbps
SSID : elearning
Mobile device management
Device Enrollment Program (IOS) / Zero Touch Enrollment (Android)
• Force the device to enroll with SimpleMDM
• Select which SimpleMDM group devices should initially join
• Disable users ability to un-enroll from SimpleMDM manually
• Place device in supervised mode
• Skip passcode setup, location services, restoring from
backup, signing in to Apple ID and iCloud, Apple Pay setup
Education and Training
• Ensure the whole school community is aware of what is
appropriate online behaviour and understand the sanctions for misuse.
• For teachers :
Implement regular training for all members of staff
• For TSS :
Refresh knowledge and skill at regular intervals to enable them to keep up-to-date with current research,
legislation and trends
Education and Training
• For students :
- Ensure that appropriate cyber security education is embedded throughout the curriculum; promoting the
responsible use of technology and empowering students to keep themselves and others safe online
- Actively engage with events to promote positive online behavior
• For parents :
Ensure that online safety is promoted to parents through a variety of channels and approaches
http://medialiteracy.hk/
https://www.hkace.org.hk/
Standards and Inspection
• Evaluate the delivery and impact of the settings security policy and practice
• Review any reported online safety incidents to inform and improve future areas of teaching, training and
policy development
• Regular Vulnerability Assessment and Remediation