Guiding Questions. Districts must ask themselves three questions before making ECSE purchases. If a district is unsure if an expenditure is allowable, they should contact the Fiscal Oversight Special Education Finance contact prior to making the purchase. The answer to this question should be yes. The district requires teachers, supplies, and equipment for the program to exist. However, some items are not necessary for the program to exist. For instance, a district would not need a washing machine in order to provide ECSE services.
Guiding Questions. What are the tangible or intangible entities of value for the party (client) that could potentially be harmed by a cyber-incident? Here we should pay special attention to confidentiality, integrity or availability of data or services that the party is responsible for or dependent upon.
Guiding Questions. Which malicious actors could want to perform a cyber-attack? Here we should consider all possible motives and intentions, including financial gain, revenge or grudges, political or religious agendas, espionage, or simply fun and a desire to prove one's ability. Which non-malicious actors could potentially initiate cyber-incidents through, for example, neglect or lack of competence?
Guiding Questions. Departmental Equity Recruitment, Hiring and Retention of VOM Staff Equity
Guiding Questions. What incidents could directly harm the identified assets? What incidents could result from a successful attack?
Guiding Questions. How can we reduce the vulnerabilities? How can we reduce the consequence of the incidents? How can we reduce the likelihood that the threats will initiate an attack? Are there other ways to reduce the likelihood of threat scenarios and incidents?
Guiding Questions. What types of attack can a threat initiate? Where are the interfaces between the target system and cyberspace, and how can attacks be launched through these interfaces?
Guiding Questions. What observable events at the network layer could give useful information about the likelihood/frequency of attacks? (Network-layer indicators.) This question should be asked for each identified threat scenario and incident. What observable events at the application layer could give useful information about the likelihood/frequency of successful or unsuccessful attacks? (Application-layer indicators.) This question should be asked for each identified threat scenario and incident. What information can we get from vulnerability scanners or security tests? (Test result indicators). This question should be asked for each identified vulnerability. What do we otherwise know about the threats, vulnerabilities, threat scenarios, incidents or assets that could help us assess the level of cyber-risk? (Business configuration indicators.) These questions should be asked for each element of the risk model.
Guiding Questions. What makes it possible for an attack to succeed? Where are the weaknesses in our defence mechanisms?
Guiding Questions. ▪ What does the syllabus state regarding attendance/participation? ▪ What stated learning outcomes or objectives require participation? ▪ Is attendance factored in as part of the final course grade? If yes, what percentage of the grade? ▪ Is there classroom interaction between the instructor and students, and/or among students? ▪ Does the course rely on student participation as a method for learning? ▪ Is there content only offered in class or is there an impact on the educational of other students? ▪ Are assignments used as class content when they are due?
