Compliance management and cybersecurity risk management in the school education system: a theoretical review

Abstract

The risk of personal data loss or theft of important personal and organizational data makes cybersecurity a major problem faced by organizations, especially schools. The purpose of this article is a theoretical review of research in the field of compliance management in cybersecurity risk management in the school environment, conducted in the period from 2019 to 2023, included in the Google Scholar international database. Data analysis has shown that the main cybersecurity risks at school are social engineering, phishing, skimming, threats related to technology, data leakage/loss, privacy violations, threats related to harassment, insider trading, fraud for the purpose of compromise, account hijacking, intrusions into online classrooms and school meetings, insufficient level of security policy, insufficient training of teachers in the field of cybersecurity. Schools are taking steps to prevent such incidents, one of which is cybersecurity compliance management, which includes mechanisms for standardizing the cybersecurity process, implementing a cybersecurity policy at school, self-assessment and evaluation of cybersecurity measures. One of the most important mechanisms for ensuring compliance with cybersecurity requirements in the school system is teaching the process and tools of cybersecurity to teachers, staff, school administration, parents.