Skip to main content

NCDPI K-12 Cybersecurity Program

Announcements

  • The NCDPI K-12 Cybersecurity Program proudly announces our participation in Cybersecurity Awareness Month 2023 for PSUs of North Carolina this October.  NCDPI, in alignment with CISA and NCA, will promote four key cybersecurity behaviors that provide the basis for #CybersecurityAwarenessMonth resources, events and presentations:.
    • Use Strong Passwords and Password Manager
    • Turn On Multi Factor Authentication
    • Look Out for Phishing Attacks
    • Update Your Software
  • Stay tuned this upcoming month for a wide variety of Cybersecurity Awareness Month 2023 events for your PSU to attend, including the launch of the new K-12 Cybersecurity Webinar Series.  Additional resources and information will be shared each week, but please visit our website for additional details: https://sci.fi.ncsu.edu/cybersecurity/cybersecurity-awareness-month-2023/.


Overview

The K-12 Cybersecurity Program was founded and is funded by NCDPI to increase the cybersecurity posture for the PSUs

In 2021, NCDPI established the K-12 Cybersecurity Program with a purpose of organizing and aligning business and technical cybersecurity functions holistically across the state so that PSU and NCDPI stakeholders have greater visibility into the people, processes, and technologies deployed and have a measurable way to determine whether those efforts are sufficient and correct for current and future needs.

The goal is to help all PSUs achieve basic cyber hygiene!

PSUs can find more details about the FREE current services and resources provided by the program below:

In addition, the K-12 Cybersecurity Program has several partners with related services and resources available to the PSU community:

  • NCLGISA IT Strike Team
  • North Carolina National Guard
  • NCDPI NC Digital Learning Plan – Framework for growth and continuous improvement in the area of Digital Teaching and Learning for NCDPI, public school units and schools across the state. View data, action steps and metrics for the state’s Digital Learning Initiative.
  • NCDPI Third Party Data Integration – The North Carolina Department of Public Instruction is implementing new data security standards for any system that receives student information from a statewide system. This new policy is effective January 1, 2024.

Management

The K-12 Cybersecurity Program is composed of cross-functional heterogeneous teams to work on tasks and deliverables of the projects. These teams will adapt and evolve over time, but identifying key members will be extremely important to getting the project started with good momentum. The teams should include representatives from all organizations that will interface with the Cybersecurity Program.

  • Cybersecurity Executive Committee (CEC)
    • The purpose of the executive committee is to provide the priority and policy advisory for the project and ensure the alignment of state agency and legislative requirements.
  • Cybersecurity Core Teams (CCT)
    • The core set of teams and organizations that collectively work together as part of the NCDPI K-12 Cybersecurity Program in providing the umbrella of cybersecurity services and resources for the PSUs
      NCDPI, Friday Institute, MCNC, NCJCTF, NCDIT
  • Cybersecurity Advisory Council (CAC)
    • The CAC consists of PSU cybersecurity leaders who meet monthly to discuss relevant threats, updates, and innovations. Overall focusing on supporting PSUs and NCDPI in improving the K-12 cybersecurity posture.

Key Program Contact
NCDPI K-12 Cybersecurity Team
k12cybersecteam@dpi.nc.gov

Strategy – Framework

NCDPI has aligned the K-12 Cybersecurity Program strategy with the
NIST Cybersecurity Framework (CSF) and its 5 Core Functions

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

NCDPI will support a variety of countermeasures, composed of people, processes, and technologies, across the 5 functions of the CSF to reduce cybersecurity risks to PSU assets.

Strategy – Controls

Since the inception of the K-12 Cybersecurity program, NCDPI has leveraged the Center for Internet Security (CIS) Critical Security Controls as a guide for specific and actionable ways to thwart the most common attacks, with the goal of supporting PSUs to achieve CIS implementation group 1 level. The CIS Controls are a relatively short list of high-priority, effective defensive actions that provide a starting point for enterprises seeking to improve their cyber defense. NCDPI also leverages applicable Security and Privacy Controls from NIST NIST SP 800-53r5 to support the program purpose and vision.

Key Program Outreach and Engagements