My Courses
syllabus Discussion E-mail resources previous forward

Security of Student Data

School records such as grades, attendance, discipline, lesson plans, and professional development records, can all be generated, stored, and accessed through a variety of digital tools. Gradebook programs were tools that many teachers used as their first steps toward integrating computers into their practice. Later generations of these tools can be shared over a network and can combine other common management activities, such as designing lesson plans, reporting attendance records, aligning curriculum activities with required content standards, and incorporating data from large-scale student assessments.

The ease with which records may be created, stored, and distributed makes security a pressing concern for schools as they incorporate digital record keeping and communications. Student information is confidential and must be secure regardless of the format. The issue of security presents greater challenges when an electronic network includes student data and also supports communication between the school and—literally—the rest of the world.

What Is Security?

Hugh Ranalli, Vice President of Business Technology for ii3 Inc., in Toronto, Canada, has expertise in developing security for electronic networks. His systems have been deployed in the banking, education, and the pharmaceutical industries. He made the following points at a recent presentation on the topic of security fundamentals. 1

Ranalli notes that security is a general term and it may imply that there is a general solution, such as a checklist or piece of software, that can be applied to solve the problem. Instead, he suggests that security should be a deliberately cultivated mindset, one that requires a continual awareness of any issues that may compromise the integrity of a system.

Security is complex and difficult to achieve. The large number of people associated with most systems creates a large number of opportunities for the system to fail. Security holes and breaches are hard to detect and, once detected, it is almost impossible to find out how they occurred. The most common failure points are

  • administration errors that occur when adding and removing users from the system
  • bugs in the system
  • configuration errors
  • lack of auditing the system
  • lack of adequate resources spent to develop and maintain the system