Session Description
With student information systems (SIS) becoming more and more integrated with identity platforms (Google, Microsoft, etc.), third party integrations (apps), and cloud services (AWS cloud services, Azure, etc.), the ways in which data is most likely to be compromised has changed dramatically.
Today's methods of compromise no longer utilize advanced malware or brute force network attacks but rather through targeting accounts with elevated access and mismanaged permission controls. This then allows the threat actor to gain leveraged access to our private student, parent, and district data. This all can go unnoticed due to the threat actor operating under the guise of a standard company user account that simulates the behavior of that user.
This presentation will go through how SIS data security failures have and will continue to occur in 2026 with a focus on identity, AI based social engineering, and system weakness exploitations. We will go through simulated real-life attack scenarios where attendees can learn meaningful and systemic insights that can provide REAL and PRACTICAL results. This will be done with minimal financial costs and relatively easy implementations.
Those who attend will leave with informative knowledge of current threats and steps they can implement within 90 days that will no doubt provide a greater focus on identity, access, and accountability as the baseline for SIS data security.