When I was hired to teach math at Patrick Henry High School, I had no idea of ​​things to come. Being a mathematics teacher, I was somehow recruited to be part of Patrick Henry's CERT. You see, CERT stands for Computer Emergency Response Team and as a member of the team, I have certain responsibilities when a “computer emergency” occurs. Without wanting to elaborate on what constitutes a “computer emergency”, I will explain the current situation in which I find myself involved. A certain teacher at our school, who will remain anonymous, pending our CERT investigation, committed a virus to their computer. As a classified employee, the teacher has access to files containing personal information about students, including their full names, home addresses, parents' names and addresses, and students' grades for courses taken at the grade level. secondary and other personal information. information. Unfortunately, some of these confidential files were shared via a file sharing server and ended up in the hands of a Las Vegas Sun reporter. The Sun reporter has since written an article about the breach and accused the school of inflating grades to boost student achievement, which was published in our local newspaper. CERT Patrick Henry was tasked with determining the extent of the violation, investigating whether a sanction was applied, and making recommendations to prevent this from happening in the future. Currently, these files are stored in a secure database at district headquarters but can and are accessed on computers located in district schools. To access the files requires a computer with appropriate capabilities, a typical desktop or laptop with Internet access is "suitably...... middle of paper ......e FTP. There was no intention to harm the school or the students. The "grade improvement" report does not appear to be valid and the evidence provided by the reporter appears very weak. A brief review of the grades of other students in the professor's classes in previous semesters cannot confirm the reporter's claims. A statistical analysis is forthcoming which I believe will also demonstrate this.Recommendations:1. Include in regular analyzes of network usage and monitoring and FTP sites.2. Prohibit the use of FTP sites on the district network to prevent the transfer of confidential data.3. Educate our faculty and staff about FTP and other file sharing sites, their uses, and their potential dangers.4. Add this particular protocol (banning FTP and other file sharing sites) to the document our staff signs when obtaining their network user ID and passwords..