+ Post New Thread
Results 1 to 8 of 8
General Chat Thread, Audit, Data Protection, Encryption & Fines in General; Ive had my office managers come back from their forum meeting and our new worry is Audit, Data Protection, Encryption ...
  1. #1

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,511
    Thank Post
    1,588
    Thanked 489 Times in 305 Posts
    Rep Power
    218

    Audit, Data Protection, Encryption & Fines

    Ive had my office managers come back from their forum meeting and our new worry is Audit, Data Protection, Encryption & Fines.

    I have a huge task ahead of implementing whole disk encryption on laptops, buying in more encrypted memory sticks and ensuring our APUs reflect the new requirements.

    Ok so it will take time and some money but the biggest issue to come out of it is how we as individuals as well as the school can be fined for failing to encrypt our data (someone even said inprisonment but how true that is I dont know).

    I want to know how they are going to enforce these fines and even if I should personally accept my own AUP im writing that will allow them to fine us in the first place!

    Baring in mind the requirements are any data that has 2 items of personal identification on them, so thats a childs name and school or a childs name and parental contact details, school reports and everything like that.
    I am all for taking responsibility for our data but this seems like a way over the top kneejerk reaction that will be difficult to police and a nightmare to manage.

    Does anyone have any further info they can relay back or have any guideance on best ways to implement and sustain staffwide encryption?

    Thanks

    Chris

  2. #2

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,400
    Thank Post
    303
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    I'd love to get some information on this as well. We're moving to encrypt staff laptops ASAP, but need to look at USB drive encryption and enforcement.

    Knowing what penalties there are for not complying with any requirements would really help in convincing SMT that they need to get behind this!

  3. #3
    dalsoth's Avatar
    Join Date
    Sep 2008
    Location
    Cambridgeshire
    Posts
    547
    Thank Post
    190
    Thanked 108 Times in 80 Posts
    Rep Power
    47
    We have done a few laptops so far with Truecrypt on full hard disk encryption but it takes a lifetime on some laptops to do this before i can give em back to staff. The truecrypt bit took hours on one laptop that was a bit old. I would only put this on machines or laptops that would leave the school premises obviously.

    Most sensitive data is on the MIS and stays there. What does not is on the encrypted drive and is safe.

    There are some threads you should be able to pluck out with the search words "truecrypt" or "encryption" which go through how others handle encryption on hard disks and how they managed the recovery disks and such. I found it useful when i read it before trying Truecrypt myself.
    Last edited by dalsoth; 3rd December 2009 at 05:36 PM.

  4. #4
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,060
    Thank Post
    150
    Thanked 99 Times in 79 Posts
    Rep Power
    33
    Were these the half day meetings held this week Chris?

    I actually went to one with the secretary..

    The school needs to have a designated SIRO (Senior Information Risk Officer) this must be a member of the SLT. You then need Asset owners. All of your school Data is an asset. These assets need to be divided up and an Asset owner designated for each.

    These are then the people who will be heavily fined personally if the data is lost etc...

    As for encryption, I have put full disk encryption on all staff laptops, regardless of weather they take them out of school. Set the laptops to encrypt over night and they will be done the next morning. I did all ours in the summer and our oldest Celerons with 1GB RAM took about 4-5 hours each. At the moment there is no official you must do this from Link2ICT BUT they have said that coming in the new year they will be supporting SOPHOS as the encryption method and more details will be to follow.

    As with the laptops, all memory sticks are encrypted. I decided against truecrypt and actually brought AES 256 bit encrypted memory sticks. 2GB ones cost around £13 i think. Staff were then told that these are the only memory sticks to be used in school period! if anyone was caught using a non school issued memory stick after a certain date then they would be pulled up infront of the head. The only problem with the sticks we have is they are PC only and not Mac compatible so i know that Viv wouldn't be able to use them on her macbook.

    Its a big can of worms at the moment. Are you going to the meeting next Wednessday at the ICC?

  5. #5

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,511
    Thank Post
    1,588
    Thanked 489 Times in 305 Posts
    Rep Power
    218
    Thanks for the info mate, unfortunatly im not (but perhaps I should be?) but im doing the courses/meetings in January.

    Were pretty much in the same position as you, just a bit behind. Implementing the technology and software is no issue, its the managment side and who is responsibe that needs sorting.

    Im waiting to test the Sophos Encryption package myself but if that fails ill go back to good old TrueCrypt

  6. #6
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,060
    Thank Post
    150
    Thanked 99 Times in 79 Posts
    Rep Power
    33
    Quote Originally Posted by CHR1S View Post
    Thanks for the info mate, unfortunatly im not (but perhaps I should be?) but im doing the courses/meetings in January.
    Which meetings are these?

    Quote Originally Posted by CHR1S View Post
    Were pretty much in the same position as you, just a bit behind. Implementing the technology and software is no issue, its the managment side and who is responsibe that needs sorting.
    Yeh we need all that sorting too. I'm going to this conference for SLT on Wednesday at the ICC where it'll hopefully spread more light onto what needs doing.

    Quote Originally Posted by CHR1S View Post
    Im waiting to test the Sophos Encryption package myself but if that fails ill go back to good old TrueCrypt
    Yeh i'll have a look in the new year and then if its any good i'll put it into the new builds in the summer

  7. #7

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,511
    Thank Post
    1,588
    Thanked 489 Times in 305 Posts
    Rep Power
    218
    Well what a great day I had yesterday! That was the worst conference I think I have ever been to! That Keynote speaker was good tho, Edward Gibson wasnt it?

    So after a whole day there I now know when the date of the next meeting is.... and thats it. Even the helpdesk couldnt give me any more information this morning

  8. #8
    jamin100's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham
    Posts
    1,060
    Thank Post
    150
    Thanked 99 Times in 79 Posts
    Rep Power
    33
    Quote Originally Posted by CHR1S View Post
    Well what a great day I had yesterday! That was the worst conference I think I have ever been to! That Keynote speaker was good tho, Edward Gibson wasnt it?

    So after a whole day there I now know when the date of the next meeting is.... and thats it. Even the helpdesk couldnt give me any more information this morning
    Lol. I know.

    Didnt see you there!

    But it was bad!

SHARE:
+ Post New Thread

Similar Threads

  1. Free USB Stick encryption/password protection
    By yabbadabba in forum How do you do....it?
    Replies: 3
    Last Post: 31st March 2012, 08:39 AM
  2. Free network audit & design service for schools & colleges
    By ServersPlus in forum Our Advertisers
    Replies: 0
    Last Post: 14th May 2009, 12:35 PM
  3. Implementing Data Encryption
    By enjay in forum How do you do....it?
    Replies: 1
    Last Post: 12th May 2009, 10:41 AM
  4. Replies: 4
    Last Post: 24th September 2008, 11:38 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •