+ Post New Thread
Page 1 of 4 1234 LastLast
Results 1 to 15 of 46
General EduGeek News/Announcements Thread, Updated Data handling Guidance from Becta in EduGeek Stuff; Becta have updated their guidance on data handling and it can be found at Becta Schools - Data handling security ...
  1. #1

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,949
    Thank Post
    1,343
    Thanked 1,794 Times in 1,114 Posts
    Blog Entries
    19
    Rep Power
    596

    Updated Data handling Guidance from Becta

    Becta have updated their guidance on data handling and it can be found at Becta Schools - Data handling security guidance for schools.

    The "Dos and Don'ts" and the Quick Wins are pretty on the button, the language is a chunk simpler and more usable with others but there are still pretty detailed instructions in the various docs.

    Ray Fleming has also been having a read of them too so expect a blog post from him about it soon.

    Don't forget to go on the Becta collaboration forums to give feedback as well.

  2. Thanks to GrumbleDook from:

    elsiegee40 (7th May 2009)

  3. #2

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,949
    Thank Post
    1,343
    Thanked 1,794 Times in 1,114 Posts
    Blog Entries
    19
    Rep Power
    596
    Have people had a chance to look at this yet and what do they think of it compared to the previous docs?

  4. #3
    leco's Avatar
    Join Date
    Nov 2006
    Location
    West Yorkshire
    Posts
    2,026
    Thank Post
    595
    Thanked 125 Times in 119 Posts
    Rep Power
    41
    Quote Originally Posted by GrumbleDook View Post
    Have people had a chance to look at this yet and what do they think of it compared to the previous docs?
    Sorry - have downloaded them but haven't had a chance to actually read them yet Will post when I have as I'm hoping they may give valuable info.

  5. #4

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,068
    Thank Post
    210
    Thanked 430 Times in 310 Posts
    Rep Power
    144
    I can't remember the old versions of these, but I've scanned through these documents relatively quickly, and they seem very helpfull, well laid out and easier to read than some documents I've downloaded from the BECTA site.

  6. #5

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    what do they think of it compared to the previous docs?
    That they've now been written more for the audience rather than cut&pasted out of nasty CESG/whatever docs with all those orders (MUST do blah). Have only skimmed, but they're more accessible and much less silly now.

    Still there a bit, but it's interesting to see the de-emphasis of the categorisation stuff. Again no especially useful info/suggestions on what may or may not need PROTECTing.. now seems to leave that to "whatever DPA says", but people tend to know what that is so there's probably more mileage in it.

    The do's & don'ts was a good idea.

    This bit from RA security caught my eye: "Authentication mechanisms support X.509 client certificates (typically for student access to learning platforms and portals)". Is it fair to assume that's more or less what they think entry-level remote auth. security ought to be i.e. staff access needs more?
    Last edited by PiqueABoo; 6th May 2009 at 11:36 PM.

  7. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,825
    Thank Post
    517
    Thanked 2,474 Times in 1,917 Posts
    Blog Entries
    24
    Rep Power
    836
    The Do's and Don't's is good. It'd be a good place for those of us crafting AUPs etc...

    One thing to add to that particular document - if a laptop is left somewhere in a school, such as on a desk, it may be physically secure - ie. chained their by a lock, but if the person doesn't lock it, or disables the screensaver/auto-lock then data could be compromised. I think something mentioning that should be in a Do's and Don't's document really.

  8. #7
    leco's Avatar
    Join Date
    Nov 2006
    Location
    West Yorkshire
    Posts
    2,026
    Thank Post
    595
    Thanked 125 Times in 119 Posts
    Rep Power
    41
    I agree, the Do's and Don'ts was in a language that anyone could understand. It also mentions, several times, to consult your IT team, not always done but at least they have been told.

    The Data Encryption one, which I'm currently reading, appears somewhat ambiguous. At one point recommendation is made for whole disc encryption and file/folder level encryption. I'm left a little confused as to which is best or which to implement under what circumstances. However, all may become clear when I've read the whole paper.

  9. #8

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    11,197
    Thank Post
    1,806
    Thanked 2,217 Times in 1,635 Posts
    Rep Power
    802
    I missed this it when you posted... I'll spend some time on it over the weekend going through it again.

    Thanks grumbledook

  10. #9

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    I'm left a little confused as to which is best or which to implement under what circumstances.
    Well you don't need Becta for that - full disk encryption whenever you can because it's a lot more reliable than some folk will be at a) deciding something needs to be encrypted, and b) actually encrypting it.

    That's a no-brainer for data on staff laptops, it's servers that are more interesting. Do you or don't you do/risk full disk encryption on those.. the overheads shouldn't matter on a typical server with oodles of MIPs to spare... but if they're seriously physically secure is it worth the trouble given the very low risk of someone running off with one. Same argument applies to server folder encryption. Lots of factors, no one-size answer.

  11. #10

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,929
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204
    The Advice sets that within the network is secure once outside the school network is not secure.

    So servers/desktops are fine but laptops which are taken away from school need to be encrypted

    Russ

  12. #11
    Mr.Ben's Avatar
    Join Date
    Jan 2008
    Location
    A Pirate Ship
    Posts
    942
    Thank Post
    182
    Thanked 157 Times in 126 Posts
    Blog Entries
    2
    Rep Power
    65
    Anyone found the install guide for TrueCrypt?

    The guidlines say its at Open Source Schools, but i can't find it!

  13. #12

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,949
    Thank Post
    1,343
    Thanked 1,794 Times in 1,114 Posts
    Blog Entries
    19
    Rep Power
    596
    I think that the guide (which was in the previous version of the guidance) was meant to be put up on the Open Source School site ... I'll check with Miles and co.

  14. Thanks to GrumbleDook from:

    Mr.Ben (8th May 2009)

  15. #13

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,949
    Thank Post
    1,343
    Thanked 1,794 Times in 1,114 Posts
    Blog Entries
    19
    Rep Power
    596
    Quote Originally Posted by Mr. Ben View Post
    Anyone found the install guide for TrueCrypt?

    The guidlines say its at Open Source Schools, but i can't find it!
    Apologies are given for this ... the guidance is awaiting some formatting / conversion to be web friendly and in hand with the folks at Open Source Schools. A version of it will be attached onto this thread tomorrow in the interim. There is a version of the guide in the previous guidance that I can send over if you are desperate but I would say to wait until tomorrow.

  16. #14
    leco's Avatar
    Join Date
    Nov 2006
    Location
    West Yorkshire
    Posts
    2,026
    Thank Post
    595
    Thanked 125 Times in 119 Posts
    Rep Power
    41
    Quote Originally Posted by PiqueABoo View Post
    Well you don't need Becta for that - full disk encryption whenever you can because it's a lot more reliable than some folk will be at a) deciding something needs to be encrypted, and b) actually encrypting it.

    That's a no-brainer for data on staff laptops,
    So are you saying that I should encrypt full discs on all staff laptops, figuring that they will be off the network at some point or other? Whilst on the network their files may or may not be encrypted as they come from an unencrypted file server within the school (and incidentally the Regional GfL). Now I am totally confused

  17. #15

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,949
    Thank Post
    1,343
    Thanked 1,794 Times in 1,114 Posts
    Blog Entries
    19
    Rep Power
    596
    The mobile device should have disk level encryption as it can be taken off-site and is at risk of increased access and loss of device.

    On-site you should use encryption or additional protection on those areas that require it (eg storage of SEN data) but no requirement for disk-level encryption because there is little chance of physical access to the machine. The additional protection may be to consider increased control and ownership over folder / file permissions or to place in password protected folders (therefore require authentication at login and then a password to access the folder.

    The main reason for encryption is the high risk of loss of mobile devices and storage.

  18. Thanks to GrumbleDook from:

    leco (7th May 2009)

SHARE:
+ Post New Thread
Page 1 of 4 1234 LastLast

Similar Threads

  1. Replies: 8
    Last Post: 12th December 2008, 12:19 PM
  2. Data Protection Guidance goes live
    By GrumbleDook in forum General Chat
    Replies: 8
    Last Post: 1st October 2008, 05:03 PM
  3. Becta Information security guidance for schools published
    By SYSMAN_MK in forum School ICT Policies
    Replies: 23
    Last Post: 8th February 2008, 11:29 AM
  4. Handling Different Resolutions (17" TFT's, Data Projectors,)
    By flyinghaggis in forum How do you do....it?
    Replies: 13
    Last Post: 31st May 2006, 09:33 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •