Overview #
All VideoBit staff have a responsibility to remain vigilant and protect the data stored within the systems we support. In the event of a cyber security incident, VideoBit’s staff have been trained to expeditiously deal with the matter.
Any event that threatens the confidentiality, integrity or availability of the information resources we support or utilize internally should immediately be reported to management. Teachers, students, parents, and school leaders are encouraged to notify VideoBit immediately of possible breaches or improper disclosures of data by emailing us at security@videobit.io.
Incident types #
Types of cyber incidents that may threaten VideoBit are:
• Unauthorized attempts to gain access to a computer, system or the data within
• Service disruption, including Denial of Service (DoS) attack
• Unauthorized access to critical infrastructure such as servers, routers, firewalls, etc.
• Non-compliance with security or privacy protocols
• Data theft, corruption or unauthorized distribution
Documentation #
Regardless of whether it is determined there is a security threat, VideoBit will accurately document the scenario in a Cyber Security Incident Log.
All Cyber Security Incident Logs will be stored in a single location so incident information may be reviewed in the future. This report contains the following information:
- Who reported the incident
- Characteristics of the activity
- Date and time the potential incident was detected
- Nature of the incident (Unauthorized access, DDoS, Malicious Code, No Incident Occurred, etc.)
- Potential scope of impact
Communication to stakeholders #
In the event the incident involves the unauthorized access or disclosure of confidential student or teacher information, VideoBit will communicate information relevant to the incident via email as well as any additional requested information to which they have a right (e.g. specific student information, educator videos, etc.).
Best practices #
VideoBit implements practices designed to proactively reduce the risk of unauthorized access or disclosure, such as training staff with respect to legal compliance requirements, following appropriate physical security and environmental controls for technical infrastructure, and deploying digital security measures such as firewalls, malware detection and numerous other industry standard systems.