A Service Learning Project of Information Security Risk Assessment for K12 School Corporations
Dazhi Yang, Melissa Dark, Purdue University, United States
Society for Information Technology & Teacher Education International Conference, in Phoenix, AZ, USA ISBN 978-1-880094-55-6 Publisher: Association for the Advancement of Computing in Education (AACE), Chesapeake, VA
Abstract: This paper reports a service learning project of an information security risk assessment in a K12 school corporation. The project team constructed a customized risk assessment process in the selected school corporation. The team evaluated the information technology systems' implementations, related policies and regulations surrounding the technology and implementations, as well as common procedures adopted for the school corporation's information technology operations. Although the technical aspect of this project focused on one asset of the school corporation's information systems: the student database, the school corporation can extend the applied process to other assets as well. This report mainly discusses how threats and vulnerabilities of the systems and the systems' implementations can be determined, how risks can be quantified, and how recommendations on areas of improvement can be derived. Following the customized risk assessment process, K12 Schools and corporations could conduct the regular risk assessment on their own.
Yang, D. & Dark, M. (2005). A Service Learning Project of Information Security Risk Assessment for K12 School Corporations. In C. Crawford, R. Carlsen, I. Gibson, K. McFerrin, J. Price, R. Weber & D. Willis (Eds.), Proceedings of SITE 2005--Society for Information Technology & Teacher Education International Conference (pp. 1672-1677). Phoenix, AZ, USA: Association for the Advancement of Computing in Education (AACE).