Internet connectivity has been added to the classrooms of United States (U.S.) K-12 schools, but recognition of the security risks and related management responsibilities to address increased risk exposure is not apparent. Providing a sufficient level of access for K-12 students to learn through exploration and experimentation needs to be balanced with sufficient limitations to minimize the risk of technically proficient participants inflicting harm through school resources. Problems of inappropriate use such as adjusting grades, tampering with work of other students, and defacing Web sites by K-12 students are already appearing in U.S. newspapers. In addition, the growing level of Internet security incidents such as worms and malicious code puts K-12 technology infrastructure and data at risk. Each K-12 school and school district has a unique set of technical capabilities that must be balanced against the risk of misuse to establish appropriate security. Applying security risk management can allow K-12 administrators to identify areas of weak security that pose unacceptable risk and plan for needed improvements.
Carol Woody is a senior member of the technical staff, Carnegie Mellon Software Engineering Institute, where she has researched security issues for eight years. Woody holds a BS in mathematics from The College of William and Mary, MBA with distinction from Wake Forest University, and PhD in Information Systems from NOVA Southeastern University.