Information Security in Education/Security Policies for Mobile Devices

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Information Security in Education

 This box: view  talk  edit 

Contents/Introduction ·· School Hacking ·· Legal Issues ·· Security Awareness ·· Administrator Awareness ·· Cryptography ·· Security Regulations ·· Password Security ·· Professional Development ·· Network Defenses ·· Mobile Devices ·· Malicious Software ·· Case Studies

Security Policies for Mobile Devices


Introduction[edit | edit source]

Target Audience This information is intended for K-12 administrators. In addition, it may be helpful to faculty, central administration and parents.

In today's society, almost everyone has some type of mobile device. Mobile devices consist of but are not limited to cell phones, personal digital assistants (PDAs), smartphones, iPods, Palms, game consoles, and handheld computers. The Pew Internet Project (2009) [1] showed seventy-nine percent of fifteen year olds owned cell phones in 2009. In addition, eighty-two percent of sixteen year olds and eighty-three percent of seventeen year olds owned cell phones.

Mobile devices have become a part of everyday life for this generation. Cell phones complement the short-burst, casual, multitasking style of today's "Digital Native" learners (Prensky, 2005). [2] Digital natives were born into technology. Technology has always played an important role in their lives. They use technology for entertainment, communication and collaboration in social settings. As we progress into the 21st century, educators need to recognize this emphasis on technology. This page will address the risks and benefits of using mobile devices in the K-12 setting. If your district or institution is planning to use mobile devices, you may find the AUP suggestions and sample policies useful to begin this process.

The Benefits of Mobile Devices in Education[edit | edit source]

There are many reasons why a district or institution might want to use mobile devices in the classroom. As stated above in the introduction, most students own a mobile device. Although they are not allowed in most schools throughout the country, studies show that up to 90% of students still possess these devices throughout the school day [3].

Shortages are seen in technology staffing and most districts are unable to supply every student with a laptop. Ironically, most of these students are carrying mobile devices in their pockets that have the same capabilities as a laptop. If students were able to use these devices within the educational setting, districts would save a great deal of money. Laptops and iPods cost money, of course, but so do textbooks; some can run a couple hundred dollars each. And because there is so much free educational material online, high-tech can sometimes mean low-cost (Martin,R. & Brouwer, C., 2009) [4]. Textbooks purchases are costly and books become outdated within a few years. Some districts are claiming textbook free zones and replacing these purchases with laptops and iPods. Access to the Internet and World Wide Web (WWW) assure immediate updates and free the district of textbook bias.


Students can download a number of applications (apps) on their mobile devices. Companies like Apple [5] offer educational apps that can be used in the classroom to enrich instruction. Apple is currently researching the educational benefits of these mobile devices in the K-12 environment. They are using iWork, iPads, and iPods to see the effects on student achievement. So far, their data has shown significant results in favor of the use of mobile devices in the classroom.

Mobile devices are the "swiss army knife" of tech tools. Students can:

~take pictures.
~make videos.
~listen to music during down time.
~collaborate with peers and educators through texting and phone calls.
~access the internet.
~record lectures.
~create podcasts.
~listen to podcasts/lectures so there will be more classtime for educational activities.
~download educational applications.
~access notes when absent through texting and podcasts.
~improve bilingual skills through podcasts.
~use a calculator.
~type documents in Word.
~download videos and notes.
~improve typing skills.
~enhance the learning experience.
~have lessons differentiated to assure success.


As these tools improve, this list will grow. It will be up to the educator to effectively integrate these tools into the curriculum to make learning meaningful.

The Risks Involved[edit | edit source]

It is important to identify risks that can be involved when a district decides to incorporate mobile devices in the learning environment. The greatest risk is not the tool itself but the person using the tool. Schneier (2004)[6] states people often represent the weakest link in the security chain and we are chronically responsible for the failure of security systems. As districts plan this transformation to include mobile devices in their curriculum, they must consider the human factor. When technology tools are, used the vulnerabilities to systems security increases. Instructional practices within the classroom should stress proper uses of the devices to limit risks to the network.

The human factor can attribute to the following risks within the classroom:

~Cheating can occur. Students can text or record answers for classmates. Students can also hide files and formulas within the device and access the material during assessments.
~Students can record teachers during class. Teachers may feel violated if students try to use the recording against the teacher.
~Students can arrange drug deals using the devices.
~Students can makes threats with the devices.
~Students can set up fights, record fights or cyberbully using the devices [7].
~Mobile devices can make disruptive noises in the classroom.
~Mobile devices are used to "pass notes" during class time.
~Students can take inappropriate pictures and videos with the devices.
~Researchers are unsure of the long term physical effects of cell phone use.
~In an emergency situation, cell phone use by students can overload the communication system.

The Consequences of Misuse[edit | edit source]

Consequences of misuse of mobile devices can range from confiscation of the device to 90 lashes in front of the student's peers [8] http://www.cnn.com/video/#/video/us/2010/01/21/cafferty.saudi.girl.cnn?iref=allsearch. Some districts have adopted an "out of sight, out of mind" general rule. If administrators can't visibly see the device, it is not confiscated. If the device is confiscated, most districts will only turn over the device if a parent or guardian of the child comes to pick it up.

It is not uncommon to turn on the news and hear about a story that involves a mobile device. Some of these cases end up in our judicial system. When mobile devices are used in crimes, there is hard eveidence of the incident. Once a statement, picture, or movie is added to the web, it remains on the web even if one tries to delete it.


There are always consequences for behaviors that are unacceptable [9]. The district's acceptable use policy (AUP) can address the consequences for these behaviors. If district's plan to use mobile devices in the classrooms to enhance learning, they must plan on educating faculty, staff and students on the appropriate and inappropriate uses of the devices.

Writing an AUP addressing Mobile Devices[edit | edit source]

An acceptable use policy (AUP) is a document that explains what actions are acceptable when using certain tools within an institution or organization. A user must agree to follow this policy in order to be provided with access to a network or to the Internet. It is common practice for many businesses and educational facilities to require that employees or students sign an acceptable use policy before being granted a network ID [10]


Writing an AUP can be a challenging endeavor. The best way to approach this task is to form an AUP committee. Members of the committee should represent the various stakeholders such as administrators, technology coordinators, tech support, educators, curriculum developers, school board members, parents and possibly students. You want to be sure to write the most effective policy using a number of views. For instance, the curriculum developers will be concentrating on technology integration and the tech coordinators will be thinking about security issues. Your district will have a greater chance of covering possible obstacles when a combination of experts are on the committee.

Security policies determine what countermeasures to use. How should your district deal with security? Will user names and passwords be sufficient? Will users be able to use their own mobile devices or will the school provide devices? Should the district address the faculty and staff in the policy? What would be considered inappropriate use of the device? Who will be able to access the Internet and WWW from the devices? Will students be allowed to upload data to the devices? If there's no policy, there's no basis for consistently answering these questions (Schneier, 2004)[11].

Sample AUP Policies[edit | edit source]

When developing an AUP for your district, you may want to visit your state's website for assistance. The Pennsylvania Department of Education [12] and the Virginia Department of Education [13] can be very helpful. The National Educational Technology Plan (NTEP) [14] is another great resource to guide your AUP writing. NTEP stresses the use of technology tools to enhance and enrich the learning environment. This plan concentrates on anytime, anywhere learning through the use of 21st century skills and tools. The goals of this plan are to increase college attendance and decrease the digital divide among our U.S. students.

Here are a few links that will assist you as you develop an AUP specifically for mobile devices.

~School AUP 2.0 [15] http://landmark-project.com/aup20/pmwiki.php?n=Main.CellPhonePolicies
~ICT AUP for cell phones [16] http://www.shambles.net/pages/learning/ict/ictaup/
~AUP 2 point 0 wiki [17] http://roxannnys.pbworks.com/AUP-2-point-0
~iPod user agreements [18] http://web.archive.org/20091027054419/ieducationappsreview.ning.com/forum/topics/user-agreement-for-ipod-touch


As your district steps into this new realm of 21st century tools, you must keep in mind that the policy you develop is never enough. Security is a people issue (Deubel, P., 2007) [19]. You need to educate the administrators, teachers, staff, and students in order to have a successful outcome. Make sure your policy addresses all users including faculty, staff and administration. Modeling proper use of the tools will improve the desired results.

Additional Resources[edit | edit source]

42 [1] This is a short video that addresses the small audience our students write for in their entire K-12 experience.

ABC News [2]

Blog Policy [3]

CBS- Cell Phone Ban [4]

Cell Phone Projects [5]

Classrooms for the Future [6]

Computer World- iPods [7]

Consortium for School Networking [8]

COSN 2007 Compendium [9]

Crunch Gear [10]

iPods [www.nytimes.com/2007/10/09/education/09ipod.html]

Pennsylvania Department of Education [11]

Public Relations Toolkit [12]

Virginia Department of Education [13]

References within Text[edit | edit source]

  1. http://www.pewinternet.org/Reports/2010/Social-Media-and-Young-Adults/Part-2/1-Cell-phones.aspx?r=1
  2. http://www.innovateonline.info/pdf/vol1_issue5/What_Can_You_Learn_from_a_Cell_Phone__Almost_Anything!.pdf
  3. http://www.pewinternet.org/~/media/Files/Reports/2009/PIP%20Teens%20and%20Mobile%20Phones%20Data%20Memo.pdf
  4. http://abcnews.go.com/Technology/ipods-laptops-replacing-school-textbooks/story?id=8563292
  5. http://www.apple.com/education/why-apple/
  6. Schneier, B. (2004). Secrets and Lies. Indianapolis, Indiana: Wiley Publishing, Inc
  7. http://www.desertdispatch.com/news/school-471-cell-phone.html
  8. http://www.cnn.com/video/#/video/us/2010/01/21/cafferty.saudi.girl.cnn?iref=allsearch
  9. http://spreadsheets.google.com/pub?key=pXA5Sk606oPICUuLoE_QjQA
  10. http://whatis.techtarget.com/definition/0,,sid9_gci213795,00.html
  11. Schneier, B. (2004). Secrets and Lies. Indianapolis, Indiana: Wiley Publishing, Inc
  12. http://www.education.state.pa.us/portal/server.pt/community/pennsylvania_department_of_education/7237
  13. http://www.virginia.gov/cmsportal3/portalsearch.html?cx=006541648125353085856%3Apxkar5vs7ki&cof=FORID%3A11&safe=active&q=aup#947
  14. http://www.ed.gov/technology/netp-2010
  15. http://landmark-project.com/aup20/pmwiki.php?n=Main.CellPhonePolicies
  16. http://www.shambles.net/pages/learning/ict/ictaup/
  17. http://roxannnys.pbworks.com/AUP-2-point-0
  18. http://web.archive.org/20091027054419/ieducationappsreview.ning.com/forum/topics/user-agreement-for-ipod-touch
  19. http://thejournal.com/Articles/2007/04/02/Data-Security-in-K12-School-Districts.aspx?Page=1
Retrieved from "https://en.wikibooks.org/w/index.php?title=Information_Security_in_Education/Security_Policies_for_Mobile_Devices&oldid=4342907"