The content in this preview is based on the last saved version of your email - any changes made to your email that have not been saved will not be shown in this preview.

Email not displaying properly? Click here to view as Webpage!

Directors Update

PROMINENT TOPICS

This is the last installment of the newsletter for 2024-25, but we’ll be back in September to coincide with the start of the new school year! But before we look forward, let’s first look back at some of the most critical points discussed over the past year:  


  • Earlier in the year, a New York State Education Department (NYSED) memo related to the “Additional Google Services” (not covered through the Erie 1 BOCES-negotiated RIC Contract Consortium DPA) caused some concern among districts. The RICs and Erie1 BOCES worked together to create guidance for school districts to support compliance that accommodated some use of these tools, but did so without sharing student data. BOCES Model Schools also put together some instructional resources
  • Utilizing resources from the National Institute of Standards and Technology, the Cybersecurity and Infrastructure Security Agency, and the Department of Homeland Security, the CNYRIC developed a memo for superintendents to utilize with School Boards on Mitigating Business Email Compromise and Phishing by Reducing Online Staff Directory Information.
  • Over the winter, the CNYRIC, in conjunction with Cloudflare support, elevated the protection level of its Distributed Denial of Service (DDoS) solution to include full Layer 3 and Layer 4 advanced protection. The full protection level provides access to the entire range of Cloudflare's DDoS mitigation capabilities.
  • To assist schools in effectively monitoring student daily attendance, the CNYRIC’s Educational Data Services Department updated the Standardized Daily Attendance - MP Tallies Report in SchoolTool based upon feedback from districts. This reformatted report now includes attendance for alternately-enrolled students, and also identifies those students absent on the current day. The Excel export of this analysis has also been enhanced to include a worksheet with student attendance data and adult family contact information. Additionally, addresses provide additional fields and data in a user-friendly format for generating attendance letters via a mail merge.

PROVIDE LEADERSHIP, ASSISTANCE, AND RESOURCES TO ENHANCE DISTRICTS’ DATA ECOSYSTEMS IN SUPPORT OF LOCAL, REGIONAL, AND STATE PRIORITIES

New CNYRIC Assistant Director Dr. Reneé Burgess, Ed.D. is leading the development of a Regionalization Dashboard, in collaboration with the Educational Data Services team. This dashboard will present various types of publicly available data (emphasizing our component districts) to aid district decision-makers in areas such as attendance, enrollment, and assessments. Quantitative data from across New York State will be included, with many local districts already voluntarily contributing.


The dashboard will serve as a central location for these data sets, offering brief explanations through text, audio, and video to illustrate their potential uses. The primary goal is to help districts identify needs that could be addressed through shared services, while also providing resources and data for developing a “Portrait of a Graduate.” More information about the dashboard and its objectives will be shared later this summer, and the administration is incredibly enthusiastic about this initiative.

PROVIDE LEADERSHIP, ASSISTANCE, AND RESOURCES TO ENHANCE DISTRICTS’ SECURITY POSTURE IN SUPPORT OF LOCAL, REGIONAL, AND STATE PRIORITIES

As you may have heard, NYSED Chief Privacy Officer Louise DeCandia will be retiring at the end of June. This month's "DPO Download" podcast sat down with Louise for a candid look back at her impactful tenure. Listen in as Louise speaks about the initial challenges she faced. Hear her reflections on the ever-evolving data privacy and security landscape. Discover which initiatives she believes have had the most impact, and the relationships she was able to establish with all the stakeholders.

PROVIDE LEADERSHIP, ASSISTANCE, AND RESOURCES TO ENHANCE DISTRICTS’ TECHNOLOGY ECOSYSTEMS IN SUPPORT OF LOCAL, REGIONAL, AND STATE PRIORITIES

Directors of technology and facilities came together at the May 30 CNYRIC Tech Collaborative meeting, with the goal of fostering a more collegial and effective working relationship. Recognizing the interdependence of these teams within districts, the meeting provided an opportunity to learn more about each department's respective roles, discuss more seamless project collaboration, identify shared interdepartmental challenges, and share successful examples of what's worked to date. Special thanks to Fayetteville-Manlius’s Matt Dean (IT) and Geoff Brown (facilities), who were willing to speak to the specifics of how this interdependence works in their district. 

IN THIS SECTION, WE WILL PROVIDE SOME QUESTIONS TO CONSIDER WHEN DISCUSSING TECHNOLOGY WITH YOUR DIRECTOR OF TECHNOLOGY.

June’s focus will be on vulnerability management:


Q: "Do we have a clearly defined and regularly-updated vulnerability management program that aligns with CISA Cybersecurity Performance Goals (CPGs) and the NIST Cybersecurity Framework (CSF)? Can you provide a summary of our current CPG implementation status, specifically regarding vulnerability identification, prioritization, and remediation?"



Q: "What is our established patching cadence for critical systems and applications, particularly those exposed to the internet or containing sensitive student/staff data? How do we ensure timely remediation of vulnerabilities, especially those identified as ‘high’ or ‘critical’ severity?"


Q: "Beyond automated scanning, what manual or third-party assessments (e.g., penetration testing, external audits) do we conduct to identify vulnerabilities that automated tools might miss? How frequently are these conducted, and how are their findings integrated into our overall vulnerability management strategy?"


Q: "How do we track and report on our progress in reducing the overall attack surface and vulnerability exposure? What metrics can we use to demonstrate the effectiveness of our vulnerability management efforts to the school board and other stakeholders?"


Q: "What resources (budget, staffing, training) are needed to mature our vulnerability management program further in alignment with evolving threats and CPGs? Are there any significant gaps or challenges we face in consistently identifying and remediating vulnerabilities across our diverse school environment?"

Central New York Regional Information Center | 6075 E. Molloy Rd. | Syracuse, NY 13221 US

Unsubscribe | Update Profile | Constant Contact Data Notice

Constant Contact