Cyber-bullying is the use of electronic information and communication devices to willfully harm either a person or persons through the medium of electronic text, photos, or videos.

Online activities and technologies often used by students engaged in Cyber-bullying include but are not limited to social networking sites, chat rooms and discussion groups, instant messaging, text messaging, computers, cell phones and personal digital devices, digital cameras, cell phone cameras, and web cams. As new technologies emerge, they too may be included with the above forms of electronic communication.

You are not permitted to create, post or transfer any discriminatory, confidential, threatening, libelous, obscene or slanderous comments about Stepinac, its employees, students, parents, or community members.

Cyber-bullying creates a hostile, disruptive environment on the school campus and is a violation of a student’s right to be safe and secure.

十大彩票网赌平台
Cybersecurity Incident Response Plan (CIRP)

Version: 2.1 | Last Updated: 12/04/25

1. Introduction

This Cybersecurity Incident Response Plan (CIRP) outlines the procedures for detecting, responding to, and recovering from cybersecurity incidents that may affect the operations, data, or systems of 十大彩票网赌平台. The goal of the Plan is to minimize disruption, protect student and staff data, and safely restore normal operations as quickly as possible.

2. Scope

This plan applies to all systems and data owned or managed by 十大彩票网赌平台, either on premises or in the cloud. These include (but are not limited to):

• On-site Windows Servers (Active Directory, RADIUS, and file sharing)
• Windows Workstations and Laptops (staff computers)
• Rediker / Admin Plus (Student Information System)
• Meraki Network (firewalls, switches, and Wi-Fi access points)
• Google Workspace (email, cloud storage, and collaboration tools)
• Microsoft Entra and 365 (cloud Active Directory, apps and collaboration tools)
• YourSix (cloud-based security camera system)
  

3. Incident Response Team (IRT)

4. Incident Categories

Incidents are classified into four levels:

Level 1 – Low Severity

Minor disruptions with minimal impact.
Examples include:

• Malware/virus detected for single user and quarantined/removed automatically
• Unauthorized access attempts (not successful)
• Account sharing
• Account lockouts

Level 2 – Medium Severity

Limited system outages or suspicious behavior requiring investigation.
Examples include:

• Widespread malware or viruses which can be abated by anti-virus software
• Attempted ransomware attack automatically thwarted by security software
• Password compromises of single user via data leak or phishing attack with no known account access
• Lost laptop/smartphone, but no data compromised
• Hacking or denial of service attacks attempted with little to no impact on operations

Level 3 – High Severity

Significant operational impact, data access concerns, or widespread malware.
Examples include:

• Widespread instances of a new computer virus not handled by anti-virus software
• Successful unauthorized access of single user account
• Possible breach of personally identifiable information (PII)
• Hacking or denial of service attack attempted with some impact on operations
• Successful ransomware attack on single user device
• Some risk of negative financial or public relations impact

​​​​​​​Level 4 – Critical Severity

Confirmed data breach, ransomware, or incidents impacting safety, finances, or personal information. Examples include:

• Confirmed breach of personally identifiable information (PII)
• Successful hacking or denial of service attack with significant operations impact
• Successful ransomware attack with significant operations impact
• Significant risk of negative financial or public relations impact

5. Incident Response Phases

Phase 1: Preparation

• Maintain up-to-date antivirus, firewalls, and backups
• Conduct regular staff cybersecurity training (e.g., phishing awareness, password management)
• Review access controls regularly
• Ensure all critical data is backed up and tested quarterly

Phase 2: Identification

• Meraki: Review Meraki Dashboard for intrusion, firewall, or malware alerts
• Windows Workstations & Server: Monitor Event Viewer logs, anti-virus & DNS Console/Logs/Alerts
• Microsoft Entra/365: Check Admin Console/Logs/Alerts for suspicious login activity and settings changes
• Google Workspace: Check Admin Console/Logs/Alerts for suspicious login activity, settings changes, or inbound/outbound email
• User Reports: Encourage staff/students to report suspicious activity

Phase 3: Containment

• Network Isolation: Disconnect affected devices from network (either physically or via Meraki Dashboard); Anti-virus & Ransomware Agent may also quarantine devices
• Disable Compromised Accounts: Lock accounts in Google Workspace and Active Directory
• Restrict Access: Block malicious IPs and/or domains
• Preserve Evidence: Store system logs and other diagnostic data

Phase 4: Remediation/Recovery

• Remove malware or unauthorized access tools (via anti-virus/anti-ransomware software or manually)
• Wipe and restore systems from verified clean backups as needed
• Patch exploited vulnerabilities
• Reset compromised passwords and re-apply MFA if necessary
• Monitor for recurrence
• Validate systems through full system diagnostic and review before reopening access.
• Gradually reconnect affected devices

Phase 5: Post-incident Review

• Conduct Incident Review Meeting to debrief and assess response effectiveness
• Document incident details, timeline, root cause and lessons learned
• Update policies, training and CIRP accordingly

6. Communication and Notification

Internal

• Notify Incident Response Team (IRT) immediately
• IRT will inform administration of severity and potential impact as soon as possible
• Notify affected staff or departments as appropriate
• Use alternative communication methods if email is compromised

External:

• After confirming incident details, notify parents, students, and staff if personal data may be affected
• Coordinate with legal counsel regarding reporting requirements and notification laws
• Only designated persons may speak publicly regarding the incident

7. Definitions

• Critical Systems: Systems essential for school operations, such as student information systems (SIS), Wi-Fi and wired network, email, file servers, and the VOIP phone system.
• Cyber Incident: Any event that threatens the confidentiality, integrity, or availability of school data or systems (e.g., malware infection, phishing, data breach, unauthorized access).
• Data Breach: Unauthorized access to or disclosure of personal or sensitive information (e.g., student records, staff HR files).
• Personally Identifiable Information (PII): For the purpose of meeting security breach notification requirements, PII is defined as a person’s first name or first initial and last name in combination with one or more of the following data elements: (1) Address, (2) Email, (3) Telephone number, (4) Date of birth, (5) Personal identification numbers – such as social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account numbers, and/or credit card numbers, (6) Medical and/or health insurance information.