In education, we continuously strive to improve all practices to benefit our schools and communities. This process, known as "continuous improvement," involves analyzing various components to approach new initiatives systematically. This information drives our collaborative efforts and implementation planning.

Over the years, our schools have undergone numerous transformations requiring us to adapt our approach to curriculum and instruction.

We've learned that successful change happens when we establish an infrastructure, culture, and belief system that supports change as an integral part of the organization–also known as Governance.

We know that change should be embraced, systematically approached and celebrated through collaboration and strategic planning.

Applying Governance Structure to Cybersecurity

In technology, Governance structure refers to the structure, processes, and decision-making framework used to manage and oversee organizational initiatives, planning, and growth.

We've seen this before and successfully navigated it!

Consider the positive impact of the cycle of change in our communities from the past.

When planning new initiatives we educated ourselves and learned what would be the most effective way to build programs for initiatives, even when we started with little understanding.

Now apply this approach to Cybersecurity. There is no difference.

Just like past changes, we begin with:

  • Resistance driven by fear, the unknown, how will it impact me
  • Lack of trust
  • Budget, staffing, professional development

Adapting Through History

  • Education was once limited to those who could afford it and valued it. The introduction of mandatory, free education required us to develop plans for the entire school-age population. We adapted!
  • Laws like Title 9, child labor laws, segregation laws, No Child Left Behind, and ADA were developed to promote equity in education. With each law, we adapted!
  • As new standards were developed, such as Common Core, STEM, and Data-Driven Instruction we built programs, planned PD, budgeted, and moved forward.
  • We further enhanced learning with the advent of e-learning, flipped learning, and collaboration spaces that began through social networking. Our students adopted new forms of connection, informing our ideas on how to build better environments for learning.
  • When COVID-19 changed our landscape forever, we integrated technology into our instructional strategies, connecting to the world and using devices, apps, databases, access to resources, mobility, eLearning, and AI.

In all of this growth, our roles have expanded from teachers to facilitators and managers.

Our students are constantly connecting, learning and seeking information. As our approach to technology changes and the world comes to our students, we need to help them navigate safely and responsibly.

Cybersecurity is essential to this approach. As such, we need to plan and adapt as we have in the past!

Apply Continuous Improvement to Cybersecurity 

We are all involved in the planning, implementation, budgeting, staffing, and risk assessments required to keep our schools running.

Cybersecurity now needs the same attention as every high-stakes initiative a district has built a plan for and sustained.

The continuous improvement planning process we have all been a part of looks like this:

  • Assess based on State and National Standards
  • Build a districtwide team representing multiple levels and roles (similar to school improvement teams)
  • Consider a trained facilitator to assist with this process
  • Use the Plan, Do, Study, and Act method
  • Follow nationally recognized guidelines for Cybersecurity compliance such as NIST, and CIS to build your Risk Management and Cyber Resiliency program
  • Communicate
  • Evaluate

Focus on Action

The mantra I have used throughout my career is to focus on how to do it rather than spending emotional energy on why we can’t. This mindset clears the mind to be open and results-based. It allows teams to evaluate and adopt programs and opportunities requiring strategic planning and buy-in.

Almost everything we do involves technology making us vulnerable to bad actors who can compromise our data and threaten our security. The result is an abrupt stop to our ability to educate and administrate. To protect ourselves we must come together as a community to build a system with policies, procedures, protection, and the ability to recover. The process of continuous improvement is how we'll get there.

The use of technology carries accountabilities for all individuals.

Get Started With This Best Practice

You can start by using the NIST-aligned Cybersecurity Rubric to evaluate your cybersecurity practices and uncover opportunities for improvement and growth. When you understand your weakness, you know your next steps. To simplify and streamline that process use an auditing tool like ClassLink's Audit Center to organize your assessment, track your progress and keep teams informed.

About the Author

About the Cybersecurity Coalition for Education

ClassLink, ENA by Zayo, and SecurityStudio founded the Cybersecurity Coalition for Education to create a more accessible and effective approach to cybersecurity preparedness and training for schools. The coalition pioneered a groundbreaking approach to measuring and improving cybersecurity readiness, the Cybersecurity Rubric (CR) for Education. Along with the rubric, the coalition provides training and certification designed to guide schools to cybersecurity readiness.

Visit cybersecurityrubric.org to learn more.