Cybersecurity
Securing Your Library
According to the US Department of Homeland Security (DHS), libraries are encompassed in 2 areas of Critical Infrastructure: Government Facilities and Information Technology. Under the current COVID-19 circumstances, DHS published an article titled "Identifying Critical Infrastructure During COVID-19," which classifies librarians as "essential critical infrastructure workers" in support of education. As such, it is of great importance that libraries strive to keep their information secure.
There are numerous components to holistic cybersecurity. The National Institute for Standards and Technology (NIST) maintains the Cybersecurity Framework in which 5 main functions of cybersecurity are identified:
Identify -- Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, Supply Chain Risk Management
Protect -- Identity Management and Access Control, Awareness and Training, Data Security, Information Protection Processes and Procedures, Maintenance, Protective Technology
Detect -- Anomalies and Events, Security Continuous Monitoring, Detection Processes
Respond -- Response Planning, Communications, Analysis, Mitigation, Improvements
Recover -- Recovery Planning, Improvements, Communications
Although these functions are not listed in serial order, the first logical step is to identify the critical assets that need to be protected and a way to manage the associated risks within the context of a public library. The image below (© 2010 Northrop Grumman) shows that there are numerous areas of cybersecurity, some of which are more pertinent to libraries than others. This may include: physical building access, staff and patron account privileges, servers, workstations / endpoints, and other information systems. Many libraries do not use public / private clouds, develop their own software applications, or conduct 24x7 operations. Perhaps the 3 most relevant components for a public library to prioritize are:
Endpoint Security
Network Security
Awareness and Training
Copyright 2010 Northrop Grumman Corporation
You may want to consider the following when selecting areas of focus:
Practicality
Ease of implementation
Cost
If you want to talk to a cybersecurity specialist or improve your library's cybersecurity program, please contact GPLS Information Security: infosec@georgialibraries.org.