+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
MIS Systems Thread, Malicious removal of data in Technical; Hi all, Sure I have queried this with our support at our LA, but does anyone know of a "change ...
  1. #1
    Obee1's Avatar
    Join Date
    Apr 2007
    Location
    Southampton
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Malicious removal of data

    Hi all,

    Sure I have queried this with our support at our LA, but does anyone know of a "change log file" that records all actions in Sims? We have had a couple of incidents of behaviour incident reports being malicously removed. I want to try and track down who has removed them.

    Anyone got any ideas?

  2. #2

    Join Date
    Sep 2006
    Location
    London
    Posts
    1,403
    Thank Post
    38
    Thanked 385 Times in 261 Posts
    Rep Power
    84
    Sorry we don't track access to the behaviour area.

  3. #3
    tombry's Avatar
    Join Date
    Jan 2012
    Location
    Bassingbourn
    Posts
    217
    Thank Post
    55
    Thanked 41 Times in 32 Posts
    Rep Power
    22
    I'd love this as well, as I have my suspicions as to who is removing BIs for students, but I can't actually prove it because there is no log file.

  4. #4


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,714
    Thank Post
    288
    Thanked 788 Times in 615 Posts
    Rep Power
    226
    It'd be nice if the permissions sets for behaviour / conduct were a bit more granular, so you could restrict a person/group to modifying just the behaviour incidents they've recorded.

    If the modification has a consistent trigger, set a trap with the consent of SLT and see what you catch?

  5. #5


    Join Date
    May 2009
    Posts
    3,388
    Thank Post
    301
    Thanked 915 Times in 683 Posts
    Rep Power
    346
    I'd think that in theory, it should be possible to track down changes to any MsSQL table via the transaction logs. In practice I think this would be extremely difficult and time consuming and require expert knowledge of the SIMS schema. (there is some information available on the web on how to re-create deleted records using a transaction log - but it doesn't deal with identifying the source of the change).

  6. #6

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,082
    Thank Post
    123
    Thanked 531 Times in 356 Posts
    Blog Entries
    2
    Rep Power
    336
    You could add a trigger to the behaviour table to write the SQL user, IP, date&time, action (Insert/Update/Delete) to a logging table when a value is changed.
    All unsupported, of course.
    So don't do it.

  7. #7
    tombry's Avatar
    Join Date
    Jan 2012
    Location
    Bassingbourn
    Posts
    217
    Thank Post
    55
    Thanked 41 Times in 32 Posts
    Rep Power
    22
    Quote Originally Posted by pete View Post
    It'd be nice if the permissions sets for behaviour / conduct were a bit more granular, so you could restrict a person/group to modifying just the behaviour incidents they've recorded.

    If the modification has a consistent trigger, set a trap with the consent of SLT and see what you catch?
    edited to remove potentially slanderous comment

    we have 3 different reasons why BIs go disappearing, only one of which acceptable in my mind - the teacher who gave the points gave too many - and those are typically replaced with a lower level incident.
    Last edited by tombry; 3rd March 2014 at 02:17 PM.

  8. #8

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,956
    Thank Post
    771
    Thanked 1,487 Times in 1,234 Posts
    Rep Power
    367
    We've asked for an edit (own) permission for ages, i'm sure the CRs all got wiped out in the spring clean. I'm sure we raised it when they asked for feedback on a polishing project a while ago, but i don't see that anything was changed.

    It's a really big deal, and unfortunately, the most you can track is when people have logged in. Sysman 6 is a little better at looking at which module was accessed, but there is no real auditing of changes, so you could at best narrow down the time window, and maybe the IPs used, but it's not worth the effort if you need hard evidence.

  9. #9

    Join Date
    Jan 2007
    Posts
    101
    Thank Post
    0
    Thanked 35 Times in 24 Posts
    Rep Power
    21
    With Head's approval, put key loggers on the suspected users machines

  10. #10

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,956
    Thank Post
    771
    Thanked 1,487 Times in 1,234 Posts
    Rep Power
    367
    Quote Originally Posted by Greg View Post
    With Head's approval, put key loggers on the suspected users machines
    Unless it's the Head doing it of course, in which case it is inherently approved by policy and SIMS should be lauded for allowing it.

  11. #11

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,956
    Thank Post
    771
    Thanked 1,487 Times in 1,234 Posts
    Rep Power
    367
    For those suffering from changes: it should record the member of staff involved. At least if done through the register, which is the best way to do it. It also records the lesson info. So for new entries there should be some record.

    If someone then alters it, you can at least ask the originator if that is what they expected and then make a public issue of it, or start with manglement and then push out from them. It's up to them to re-inforce the professional behaviour.

    It they get removed totally, before a backup is done, then it's not gonna be trackable. Unless, does anyone know if there are any traces left from a delete. I'm pretty sure not, but there might be. Could be worth scouring the SQL tables if it's a big issue.

  12. #12

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    3,280
    Thank Post
    405
    Thanked 415 Times in 336 Posts
    Blog Entries
    8
    Rep Power
    190
    How often is this happening and at what intervals?

    It is a rubbish solution but you could set up a nightly report to pull behaviour records, then when you have evidence and a time scale of when changes occurred, you can at least round it down and begin to look at the access logs to see who was logged in at that time.

    Like I say, not the best or nicest solution, but is a start.

  13. #13
    AButters's Avatar
    Join Date
    Feb 2012
    Location
    Wales
    Posts
    562
    Thank Post
    187
    Thanked 126 Times in 97 Posts
    Rep Power
    46
    Quote Originally Posted by PhilNeal View Post
    Sorry we don't track access to the behaviour area.
    See. This has been building up inside me for a while....... WHY??!!!!!!

    I would have thought a Management Information System which contains a) legal data and b) lots of data which falls under the data protection act, would be one of the main priorities for accurate tracking of access and usage?

    I just don't understand.

    Cheers.

  14. #14

    Join Date
    Sep 2006
    Location
    London
    Posts
    1,403
    Thank Post
    38
    Thanked 385 Times in 261 Posts
    Rep Power
    84
    We do track changes to attendance data which is statutory and assessments. Tracking behaviour is not a statutory requirement and deletions are not tracked; auditing is a matter of balance and at the time we implemented behaviour, did not consider tracking to be a high priority.

    Several schools have reported suspicions that data has been tampered with. We will consider introducing auditing in the future.

  15. Thanks to PhilNeal from:

    AButters (5th March 2014)

  16. #15

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    3,280
    Thank Post
    405
    Thanked 415 Times in 336 Posts
    Blog Entries
    8
    Rep Power
    190
    Quote Originally Posted by PhilNeal View Post
    We do track changes to attendance data which is statutory and assessments. Tracking behaviour is not a statutory requirement and deletions are not tracked; auditing is a matter of balance and at the time we implemented behaviour, did not consider tracking to be a high priority.

    Several schools have reported suspicions that data has been tampered with. We will consider introducing auditing in the future.
    Cough cough SIMS 8...



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Removal of Windows Messenger.
    By EN4 in forum Scripts
    Replies: 8
    Last Post: 28th June 2010, 01:32 PM
  2. Making effective use of data held in an MIS
    By MikeBostock in forum MIS Systems
    Replies: 3
    Last Post: 9th October 2007, 08:17 PM
  3. Removal of images/work on website
    By Anti in forum School ICT Policies
    Replies: 3
    Last Post: 20th July 2007, 01:32 AM
  4. Removal of software from GPO deployment
    By tosca925 in forum Windows
    Replies: 4
    Last Post: 29th June 2006, 08:48 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •