Discussions

 View Only
  • 1.  Honest Security

    ATLIS Member
    Posted 03-08-2022 09:35 AM
      |   view attached
    So I have been geeking out a lot while listening to the MacAdmins Podcast in the car. I consider it to be like swimming in the deep end of the pool... I'm often treading water, just trying to stay afloat and understand all that is discussed.

    In a recent episode, they had Jason Meller on who is the CEO of Kolide. He was talking about a guide that he had written, with the input of others, that talks about "endpoint security, and device management that doesn't erode your values." It focuses on five tenets:

    THE TENETS OF HONEST SECURITY
    1. The values your organization stands behind should be well-represented in your security program.
    2. A positive working relationship between the end-user and the security team is incredibly valuable and worth fostering.
    3. This relationship is built on a foundation of trust that is demonstrated through informed consent and transparency.
    4. The security team should anticipate and expect that end-users use their company-owned devices for personal activities and design their detection capabilities with this in mind.
    5. End-users are capable of making rational and informed decisions about security risks when educated and honestly motivated.

    The podcast and the guide got me thinking about how we all "teach" about the security of our devices to our end-users... faculty, staff, administration, and students alike. While the tool they have developed at Kolide requires SLACK, which would rule it out for us, the underlying guide and philosophy was something that I was very interested in and thought valuable to share.

    I recently reached out to Jason to get his thoughts on his work and how his work might apply to schools directly. I will be happy to share what he says if I hear back from him. In the meantime, I hope you get something from the guide and if you have an hour to spare the podcast too.
    #TeachingandLearning
    #ITSystemsandSupport
    #CybersafetyandDataSecurity

    ------------------------------
    William Stites
    Director of Technology
    Montclair Kimberley Academy
    ------------------------------

    Attachment(s)

    pdf
    Honest-Security.pdf   1.78 MB 1 version


  • 2.  RE: Honest Security

    Staff
    Posted 03-08-2022 10:58 AM
    Thanks for sharing, Bill! I haven't had the chance to listen to the podcast yet, but I did look through the attached resource. I appreciate the approach of coming to the conversation from a place of honesty and upholding empathy as a value. It's important to understand the end user's experiences and any pain points they may have. This article also went into educating users on surveillance and the access that the IT team has on enrolled devices. I agree that most users are probably oblivious to this capability by IT, while we don't want to be big brother, they also need to understand school-owned machines are not personal devices and come with a different set of expectations. I think there is definitely some grace that we can offer users in this as well, so it's about finding a good balance while maintaining safety.

    Another takeaway from the article was utilizing team motivation. In a school setting, maybe this would look like reporting how different departments are doing on security training (in a positive way). For example, at a faculty meeting or in an update email, celebrate that the English department had lowered their rates by x% or whatever. 

    I'm curious about what the community has been doing for cyber security training. What's working well?

    ------------------------------
    Dr. Ashley Cross
    Director of Membership +
    Access Points Community Manager
    www.theatlis.org
    888-502-8547
    ------------------------------



  • 3.  RE: Honest Security

    ATLIS Member
    Posted 03-09-2022 12:06 PM
    Thanks Bill! As always, really great information. Would love to hear more, including any reply you get from Jason.

    Take care,

    ------------------------------
    Allyn Wenzel
    Director of Technology
    Stevenson School
    ------------------------------



  • 4.  RE: Honest Security

    Posted 03-09-2022 01:15 PM
    Thanks, Bill.
    Adding to my list.

    #mac_admin
    #podcast
    ​​

    ------------------------------
    Jennifer Lamkins, Ed.D.
    Coordinator of Member and Technology Support Services
    she/her
    Northwest Association of Independent Schools
    5001 California Ave. SW (Ste. 112), Seattle, WA 98136
    Office: 206-323-6137
    Direct: 206-323-7005
    jlamkins@nwais.org
    ------------------------------



  • 5.  RE: Honest Security

    ATLIS Member
    Posted 03-10-2022 09:22 AM

    Really great post, Bill! I was thinking about this not that long ago. The"coming from a place of honesty " aspect is key. As Ashley pointed out, I think that most end users aren't fully aware of what we can see on or about school-owned/managed devices. That being said, I have no problem telling anyone what we can or cannot do and then I explain the situations under which that would even come up. Kids always seemed to think that anytime they didn't see me, I was reading through their emails. It takes work to build that trust with any group so they understand what's in place and how it's used. Pulling back the curtain and making sure that these tools are not in place to be big brother is essential. I will definitely use these 5 tenets!


    Matt



    ------------------------------
    Matthew Norko
    Director of Technology
    Foxcroft School
    ------------------------------



  • 6.  RE: Honest Security

    Posted 03-10-2022 06:57 PM
    Every year with both students and employees I remind them of monitoring that happens on the device, network, email, and web level. I also simultaneously say that I don't look at it since I have way more important things to do. Unless someone comes to me from admin with a reason to look. There are definitely students who think I am constantly reading their email and Teams chat. I try to be as upfront as possible and will answer any questions asked.

    ------------------------------
    Brian Hoyt
    French American School of Puget Sound
    ------------------------------



  • 7.  RE: Honest Security

    ATLIS Member
    Posted 03-10-2022 07:05 PM
    @Brian Hoyt So this is GREAT! I would always tell people that if I were Big Brother, you have nothing to worry about!

    You make a good point in that the logging and monitoring we do are usually used in response to an issue. Be interesting to see what else they could tell us and how easily... if we had the time and tools. ​

    ------------------------------
    William Stites
    Director of Technology
    Montclair Kimberley Academy
    ------------------------------



  • 8.  RE: Honest Security

    Board Member
    Posted 10 days ago
     Bill, I'm also a podcast junkie!  

    Thank you for sharing your insights with this community. We are all better leaders and decision makers because of it. The concept of honest security resonates especially when we know that our biggest and most cost effective defense to threats are educated, well informed employees.  They are our security defense team. 

    I look forward to what you learn from Jason. 
    --

    Denise Musselwhite

    Chief Information Officer 

    Trinity Preparatory School
    5700 Trinity Prep Lane | Winter Park, FL 32792

    321-282-2507 | trinityprep.org

    Facebook | Twitter | Instagram| LinkedIn

    Book a Meeting with Me

    Click here to visit TPS Tech Resource Site Available 7:30 am - 4:00 pm M-F (except School Holidays and weekends)


    Confidentiality Notice: The information contained in this e-mail, including any attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error please contact the sender and permanently delete the e-mail and any attachments.
    CAUTION: This is an EXTERNAL email. Do not click links or open attachments unless you recognize the sender and know the content is safe.