Securing Your Library

According to the US Department of Homeland Security (DHS), libraries are encompassed in 2 areas of Critical Infrastructure: Government Facilities and Information Technology. Under the current COVID-19 circumstances, DHS published an article titled "Identifying Critical Infrastructure During COVID-19," which classifies librarians as "essential critical infrastructure workers" in support of education. As such, it is of great importance that libraries strive to keep their information secure.

There are numerous components to holistic cybersecurity. The National Institute for Standards and Technology (NIST) maintains the Cybersecurity Framework in which 5 main functions of cybersecurity are identified:

Although these functions are not listed in serial order, the first logical step is to identify the critical assets that need to be protected and a way to manage the associated risks within the context of a public library. The image below (© 2010 Northrop Grumman) shows that there are numerous areas of cybersecurity, some of which are more pertinent to libraries than others. This may include: physical building access, staff and patron account privileges, servers, workstations / endpoints, and other information systems. Many libraries do not use public / private clouds, develop their own software applications, or conduct 24x7 operations. Perhaps the 3 most relevant components for a public library to prioritize are:

Copyright 2010 Northrop Grumman Corporation

You may want to consider the following when selecting areas of focus:

If you want to talk to a cybersecurity specialist or improve your library's cybersecurity program, please contact GPLS Information Security: