Guide to Student Data Privacy

An excellent list of helpful references and resources for student data privacy from Data Quality Campaign compiled by EdSurge.

If you’re looking for more background information on the issue, check out the resources over at the Data Quality Campaign (DQC), a nonpartisan national advocacy nonprofit which aims to build productive conversations around how data is used in education to improve student achievement. In its resources section, DQC offers a range of tools to help you thoroughly understand why companies and districts collect student data—and what follow up questions you should be asking. Here are a few of the DQC’s resources that we’ve found most useful

Cyber Kill Chain

Lockheed Martin's Cyber Kill Chain

Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a
successful intrusion. An evolution in the goals and sophistication of computer network intrusions has rendered these approaches insucient for certain actors. A new class of threats, appropriately dubbed the Advanced Persistent Threat” (APT), represents well-resourced and trained adversaries that conduct multi-year intrusion campaigns targeting highly sensitive economic, proprietary, or national security information. These adversaries accomplish their goals using advanced tools and techniques designed to defeat most conventional computer network defense mechanisms. Network defense techniques which leverage knowledge about these adversaries can create an intelligence feedback loop, enabling defenders to establish a state of information superiority which decreases the adversary’s likelihood of success with each subsequent intrusion attempt. Using a kill chain model to
describe phases of intrusions, mapping adversary kill chain indicators to defender courses of action, identifying patterns that link individual intrusions into broader campaigns, and understanding the iterative nature of intelligence gathering form the basis of intelligence-driven computer network defense (CND). Institutionalization of this approach reduces the likelihood of adversary success, informs network defense investment and resource prioritization, and yields relevant metrics of performance and e ectiveness. The evolution of advanced persistent threats necessitates an intelligence-based model because in this model the defenders mitigate not just vulnerability, but the threat component of risk, too.

Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains