+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
MIS Systems Thread, Malicious removal of data in Technical; Hi all, Sure I have queried this with our support at our LA, but does anyone know of a "change ...
  1. #1
    Obee1's Avatar
    Join Date
    Apr 2007
    Location
    Southampton
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Malicious removal of data

    Hi all,

    Sure I have queried this with our support at our LA, but does anyone know of a "change log file" that records all actions in Sims? We have had a couple of incidents of behaviour incident reports being malicously removed. I want to try and track down who has removed them.

    Anyone got any ideas?

  2. #2

    Join Date
    Sep 2006
    Location
    London
    Posts
    1,326
    Thank Post
    36
    Thanked 353 Times in 238 Posts
    Rep Power
    79
    Sorry we don't track access to the behaviour area.

  3. #3
    tombry's Avatar
    Join Date
    Jan 2012
    Location
    Bassingbourn
    Posts
    194
    Thank Post
    45
    Thanked 37 Times in 29 Posts
    Rep Power
    22
    I'd love this as well, as I have my suspicions as to who is removing BIs for students, but I can't actually prove it because there is no log file.

  4. #4


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,638
    Thank Post
    275
    Thanked 778 Times in 605 Posts
    Rep Power
    223
    It'd be nice if the permissions sets for behaviour / conduct were a bit more granular, so you could restrict a person/group to modifying just the behaviour incidents they've recorded.

    If the modification has a consistent trigger, set a trap with the consent of SLT and see what you catch?

  5. #5


    Join Date
    May 2009
    Posts
    3,018
    Thank Post
    268
    Thanked 800 Times in 605 Posts
    Rep Power
    290
    I'd think that in theory, it should be possible to track down changes to any MsSQL table via the transaction logs. In practice I think this would be extremely difficult and time consuming and require expert knowledge of the SIMS schema. (there is some information available on the web on how to re-create deleted records using a transaction log - but it doesn't deal with identifying the source of the change).

  6. #6

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,970
    Thank Post
    113
    Thanked 490 Times in 336 Posts
    Blog Entries
    2
    Rep Power
    283
    You could add a trigger to the behaviour table to write the SQL user, IP, date&time, action (Insert/Update/Delete) to a logging table when a value is changed.
    All unsupported, of course.
    So don't do it.

  7. #7
    tombry's Avatar
    Join Date
    Jan 2012
    Location
    Bassingbourn
    Posts
    194
    Thank Post
    45
    Thanked 37 Times in 29 Posts
    Rep Power
    22
    Quote Originally Posted by pete View Post
    It'd be nice if the permissions sets for behaviour / conduct were a bit more granular, so you could restrict a person/group to modifying just the behaviour incidents they've recorded.

    If the modification has a consistent trigger, set a trap with the consent of SLT and see what you catch?
    edited to remove potentially slanderous comment

    we have 3 different reasons why BIs go disappearing, only one of which acceptable in my mind - the teacher who gave the points gave too many - and those are typically replaced with a lower level incident.
    Last edited by tombry; 3rd March 2014 at 01:17 PM.

  8. #8

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,970
    Thank Post
    673
    Thanked 1,383 Times in 1,145 Posts
    Rep Power
    350
    We've asked for an edit (own) permission for ages, i'm sure the CRs all got wiped out in the spring clean. I'm sure we raised it when they asked for feedback on a polishing project a while ago, but i don't see that anything was changed.

    It's a really big deal, and unfortunately, the most you can track is when people have logged in. Sysman 6 is a little better at looking at which module was accessed, but there is no real auditing of changes, so you could at best narrow down the time window, and maybe the IPs used, but it's not worth the effort if you need hard evidence.

  9. #9

    Join Date
    Jan 2007
    Posts
    100
    Thank Post
    0
    Thanked 34 Times in 23 Posts
    Rep Power
    21
    With Head's approval, put key loggers on the suspected users machines

  10. #10

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,970
    Thank Post
    673
    Thanked 1,383 Times in 1,145 Posts
    Rep Power
    350
    Quote Originally Posted by Greg View Post
    With Head's approval, put key loggers on the suspected users machines
    Unless it's the Head doing it of course, in which case it is inherently approved by policy and SIMS should be lauded for allowing it.

  11. #11

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,970
    Thank Post
    673
    Thanked 1,383 Times in 1,145 Posts
    Rep Power
    350
    For those suffering from changes: it should record the member of staff involved. At least if done through the register, which is the best way to do it. It also records the lesson info. So for new entries there should be some record.

    If someone then alters it, you can at least ask the originator if that is what they expected and then make a public issue of it, or start with manglement and then push out from them. It's up to them to re-inforce the professional behaviour.

    It they get removed totally, before a backup is done, then it's not gonna be trackable. Unless, does anyone know if there are any traces left from a delete. I'm pretty sure not, but there might be. Could be worth scouring the SQL tables if it's a big issue.

  12. #12

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    3,040
    Thank Post
    374
    Thanked 372 Times in 303 Posts
    Blog Entries
    8
    Rep Power
    177
    How often is this happening and at what intervals?

    It is a rubbish solution but you could set up a nightly report to pull behaviour records, then when you have evidence and a time scale of when changes occurred, you can at least round it down and begin to look at the access logs to see who was logged in at that time.

    Like I say, not the best or nicest solution, but is a start.

  13. #13
    AButters's Avatar
    Join Date
    Feb 2012
    Location
    Wales
    Posts
    473
    Thank Post
    142
    Thanked 107 Times in 82 Posts
    Rep Power
    42
    Quote Originally Posted by PhilNeal View Post
    Sorry we don't track access to the behaviour area.
    See. This has been building up inside me for a while....... WHY??!!!!!!

    I would have thought a Management Information System which contains a) legal data and b) lots of data which falls under the data protection act, would be one of the main priorities for accurate tracking of access and usage?

    I just don't understand.

    Cheers.

  14. #14

    Join Date
    Sep 2006
    Location
    London
    Posts
    1,326
    Thank Post
    36
    Thanked 353 Times in 238 Posts
    Rep Power
    79
    We do track changes to attendance data which is statutory and assessments. Tracking behaviour is not a statutory requirement and deletions are not tracked; auditing is a matter of balance and at the time we implemented behaviour, did not consider tracking to be a high priority.

    Several schools have reported suspicions that data has been tampered with. We will consider introducing auditing in the future.

  15. Thanks to PhilNeal from:

    AButters (5th March 2014)

  16. #15

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    3,040
    Thank Post
    374
    Thanked 372 Times in 303 Posts
    Blog Entries
    8
    Rep Power
    177
    Quote Originally Posted by PhilNeal View Post
    We do track changes to attendance data which is statutory and assessments. Tracking behaviour is not a statutory requirement and deletions are not tracked; auditing is a matter of balance and at the time we implemented behaviour, did not consider tracking to be a high priority.

    Several schools have reported suspicions that data has been tampered with. We will consider introducing auditing in the future.
    Cough cough SIMS 8...

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Removal of Windows Messenger.
    By EN4 in forum Scripts
    Replies: 8
    Last Post: 28th June 2010, 12:32 PM
  2. Making effective use of data held in an MIS
    By MikeBostock in forum MIS Systems
    Replies: 3
    Last Post: 9th October 2007, 07:17 PM
  3. Removal of images/work on website
    By Anti in forum School ICT Policies
    Replies: 3
    Last Post: 20th July 2007, 12:32 AM
  4. Removal of software from GPO deployment
    By tosca925 in forum Windows
    Replies: 4
    Last Post: 29th June 2006, 07:48 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •