Cybersecurity Posture in Digital Educational Institutions: An Assessment Using the CyberSecurity Rubric Based on the NIST CSF 2.0

Abstract

During the pandemic and post-pandemic, the entire educational system was challenged to improve the conditions of continuity and quality of learning by adapting to remote emergency education, which forced many institutions to invest in digital educational platforms, tools for virtual classes, technological equipment, virtual material and teacher training. Cyber-attacks, which are increasing every year, pose a challenge to the education sector, mainly due to no or low cybersecurity awareness and lack of an information security management plan. This article focuses on a case study conducted to a Technical-Productive Education Center (CETPRO) that belongs to UGEL 02, and that relies on digital applications, services and devices to carry out its daily duties. The CETPRO has never developed or implemented a cybersecurity management plan that would allow it to comply with the Personal Data Protection Law (29733) and protect its digital assets. To address these concerns, the use of a cybersecurity rubric aligned to NIST CSF 2.0 is proposed and has been adjusted to assess the cybersecurity posture of any educational institution. This rubric allows for measuring the overall maturity level in the six NIST functions of Govern, Identify, Protect, Detect, Respond, and Recover. It is expected that the I.E. will be able to know the current state of its cybersecurity posture allowing it to make future decisions to implement a cybersecurity management plan and improve its maturity level.