General EduGeek News/Announcements Thread, Updated Data handling Guidance from Becta in EduGeek Stuff; Becta have updated their guidance on data handling and it can be found at Becta Schools - Data handling security ...
22nd April 2009, 12:57 PM #1
Updated Data handling Guidance from Becta
Becta have updated their guidance on data handling and it can be found at Becta Schools - Data handling security guidance for schools.
The "Dos and Don'ts" and the Quick Wins are pretty on the button, the language is a chunk simpler and more usable with others but there are still pretty detailed instructions in the various docs.
Ray Fleming has also been having a read of them too so expect a blog post from him about it soon.
Don't forget to go on the Becta collaboration forums to give feedback as well.
Thanks to GrumbleDook from:
elsiegee40 (7th May 2009)
IDG Tech News
6th May 2009, 11:24 PM #2
Have people had a chance to look at this yet and what do they think of it compared to the previous docs?
6th May 2009, 11:30 PM #3
Sorry - have downloaded them but haven't had a chance to actually read them yet Will post when I have as I'm hoping they may give valuable info.
Originally Posted by GrumbleDook
6th May 2009, 11:49 PM #4
I can't remember the old versions of these, but I've scanned through these documents relatively quickly, and they seem very helpfull, well laid out and easier to read than some documents I've downloaded from the BECTA site.
7th May 2009, 12:34 AM #5
That they've now been written more for the audience rather than cut&pasted out of nasty CESG/whatever docs with all those orders (MUST do blah). Have only skimmed, but they're more accessible and much less silly now.
what do they think of it compared to the previous docs?
Still there a bit, but it's interesting to see the de-emphasis of the categorisation stuff. Again no especially useful info/suggestions on what may or may not need PROTECTing.. now seems to leave that to "whatever DPA says", but people tend to know what that is so there's probably more mileage in it.
The do's & don'ts was a good idea.
This bit from RA security caught my eye: "Authentication mechanisms support X.509 client certificates (typically for student access to learning platforms and portals)". Is it fair to assume that's more or less what they think entry-level remote auth. security ought to be i.e. staff access needs more?
Last edited by PiqueABoo; 7th May 2009 at 12:36 AM.
7th May 2009, 09:14 AM #6
The Do's and Don't's is good. It'd be a good place for those of us crafting AUPs etc...
One thing to add to that particular document - if a laptop is left somewhere in a school, such as on a desk, it may be physically secure - ie. chained their by a lock, but if the person doesn't lock it, or disables the screensaver/auto-lock then data could be compromised. I think something mentioning that should be in a Do's and Don't's document really.
7th May 2009, 07:45 PM #7
I agree, the Do's and Don'ts was in a language that anyone could understand. It also mentions, several times, to consult your IT team, not always done but at least they have been told.
The Data Encryption one, which I'm currently reading, appears somewhat ambiguous. At one point recommendation is made for whole disc encryption and file/folder level encryption. I'm left a little confused as to which is best or which to implement under what circumstances. However, all may become clear when I've read the whole paper.
7th May 2009, 08:34 PM #8
I missed this it when you posted... I'll spend some time on it over the weekend going through it again.
7th May 2009, 09:55 PM #9
Well you don't need Becta for that - full disk encryption whenever you can because it's a lot more reliable than some folk will be at a) deciding something needs to be encrypted, and b) actually encrypting it.
I'm left a little confused as to which is best or which to implement under what circumstances.
That's a no-brainer for data on staff laptops, it's servers that are more interesting. Do you or don't you do/risk full disk encryption on those.. the overheads shouldn't matter on a typical server with oodles of MIPs to spare... but if they're seriously physically secure is it worth the trouble given the very low risk of someone running off with one. Same argument applies to server folder encryption. Lots of factors, no one-size answer.
7th May 2009, 10:37 PM #10
The Advice sets that within the network is secure once outside the school network is not secure.
So servers/desktops are fine but laptops which are taken away from school need to be encrypted
7th May 2009, 11:12 PM #11
Anyone found the install guide for TrueCrypt?
The guidlines say its at Open Source Schools, but i can't find it!
7th May 2009, 11:21 PM #12
I think that the guide (which was in the previous version of the guidance) was meant to be put up on the Open Source School site ... I'll check with Miles and co.
Thanks to GrumbleDook from:
7th May 2009, 11:46 PM #13
Apologies are given for this ... the guidance is awaiting some formatting / conversion to be web friendly and in hand with the folks at Open Source Schools. A version of it will be attached onto this thread tomorrow in the interim. There is a version of the guide in the previous guidance that I can send over if you are desperate but I would say to wait until tomorrow.
Originally Posted by Mr. Ben
8th May 2009, 12:14 AM #14
So are you saying that I should encrypt full discs on all staff laptops, figuring that they will be off the network at some point or other? Whilst on the network their files may or may not be encrypted as they come from an unencrypted file server within the school (and incidentally the Regional GfL). Now I am totally confused
Originally Posted by PiqueABoo
8th May 2009, 12:29 AM #15
The mobile device should have disk level encryption as it can be taken off-site and is at risk of increased access and loss of device.
On-site you should use encryption or additional protection on those areas that require it (eg storage of SEN data) but no requirement for disk-level encryption because there is little chance of physical access to the machine. The additional protection may be to consider increased control and ownership over folder / file permissions or to place in password protected folders (therefore require authentication at login and then a password to access the folder.
The main reason for encryption is the high risk of loss of mobile devices and storage.
Thanks to GrumbleDook from:
By kennysarmy in forum Windows
Last Post: 12th December 2008, 01:19 PM
By GrumbleDook in forum General Chat
Last Post: 1st October 2008, 06:03 PM
By SYSMAN_MK in forum School ICT Policies
Last Post: 8th February 2008, 12:29 PM
By flyinghaggis in forum How do you do....it?
Last Post: 31st May 2006, 10:33 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)