LinkBack URL
About LinkBacksSee here. What do people here think?
See here. What do people here think?
I'll have a read in a minute.
How come the Sample AUP links in the Wiki are dead?
Well, my house is locked - does that make it a secure location for off-site backups? Transported securely is interesting, too.make sure that the media used has been encrypted and is transported securely for storage in a secure location.
Are they actually suggesting that we should be encrypting things over the LAN?Protect all desktop ... using approved encryption software.
This statement presumably covers pen drives; so, what are people's thoughts/policies on that, as I'm sure that there is all sorts of juicy stuff on some people's pens? Encourage staff to use encryption software, and if so, what? Discourage them from carrying "sensitive" data on pen drives (which is pretty much impossible/unworkable when you think that includes class lists, mark books and draft reports)?Protect all ... mobile devices, including media, used to store and transmit personal information using approved encryption software.
Gulp! Primary teachers, laptops, memory sticks....
Have just printed this and passed it to SMT. Been worrying about this for ages and trying to get staff to think about safety of data on laptops, etc.
Last edited by Andie; 7th February 2008 at 04:39 PM.
All you can do is pass this information to all staff in schools. The fact that there are so many posts on here complaining about staff leaving laptops out, machines logged on and work open just goes to show the mentality of some staff who work in schools. Until the privaleges of having access to computers is taken away from mis-use nothing will change. Will teachers have laptops taken from them? I doubt it. It would have a negative effect on teaching and learning.
All we can do is ensure from a technical point of view everything is as secure as it can be. All problems with end users should be dealt with by senior management.
And I have printed this too as I am trying to get a document together which highlights the importance for correct use of our facilities. Whether staff will actually listen to what is brought to their attention is another matter...
this is the bit that really annoys me, in nearly any other trade it would be taken away and a roasting would be dished out. If the person was unable to work without it they would be deemed incompatant and booted out. Teachers really do get given the most opportunties i've ever seen!, they really know they can push there luck and get away with it.Originally Posted by pallen
Last edited by GrumbleDook; 7th February 2008 at 09:50 PM.
... and using volume-level encryption at either end.
I can hear the phone call from my boss now...
At some point in the past we did ask staff not to take confidential information outside the building with them, but I'm not sure it ever made it into a policy document.
Of course this is a bullshit-rolling-downhill scenario: the government make some over the top requirement for security, heads will get it and pass it on to us, then we will undoubtedly suggest to staff that they take (unworkable) steps to risk falling foul of the legislation. Then when there's a cockup, it's the grunt at the bottom that gets shafted. It's about 1000 times easier to hand out guidance than to implement it, which is why BECTA have time to hand out so much of it!
... good luck with that! (level 3 is higher than level 2 etc.)
2 problems here. 1st up, I'm not aware of anyone in here who's actually using shibboleth to access their MIS today. The list of members is fairly long, but there aren't that many IDproviders outside of universities.
Secondly, when they are talking about the very high security levels named above, a username and password for access at home really is not going to cut it. You're realistically looking at some form of 2-factor authentication. Remember also that we are soon going to have a requirement for every parent and pupil to be an "authorised user from outside of the school" accessing kids' personal information.
I shall be filing this one under "BECTA's big ideas".
I use ntbackup which if I understand correctly can't be encrypted, is there a cheap (and I mean cheap) backup software that can be encrypted?where backups are being taken off site. In this case make sure that the media used has been encrypted and is transported securely for storage in a secure location.
The transported securely bit might be as simple as if you are taking the backup home (to store in that locked filing cabinet!) that you don't park your car at the local shops/gym/friend's enroute with the backup left on the passenger seat visible to all and sundry.
Truecrypt will let you encrypt files - you just need to mount an encrypted volume, copy the bak file into it, then unmount the volume and take the encrypted file away. You might have an easier time using 7-zip with its highest encryption setting, lowest compression setting and a long passphrase. You can write a batch file to 7zip the backup file (or do it manually). Truecrypt can also be controlled from the commandline IIRC.
Both are free of charge.
All RBCs *should* be regional IDPs. However, all involved have a certain road to travel before we get there ... it doesn't mean that we shouldn't have some end target though.
How are they going to achieve this? Centralised Active Directory at LA's I guess. It would make BSF easier to roll out.All RBCs *should* be regional IDPs.
All RBCs hold a Directory Service, for some it is AD based but it may differ yo others.
Those wanting to access it have to meet the UK Access Management Federation rules and then use set processes to share information. The master for the region will be the RBC. This will then allow schools that log into their RBC portal (to gain user level control of filtering, access RBC hosted resources, etc) to then access federated resources from their parties with user level authentication ... the magic SSO.
Admittedly, this is before we get to LAN to WAN authentication and there are a variety of models out there for that. This is one of those areas that means for most schools it would be a good idea to remove the firewall and use the RBC stated designs ... as long as it fits in with your needs.
People said they wanted clear guidance on data security for schools ... it has now been given. For a good number of us it is the same as FITS ... it is a target. The only difference with this one is that it is backed up with a legal act (DPA) and some moral principles.
I should imagine quite a few RBC's are going to interperet this as a centralised AD infrastructure.Those wanting to access it have to meet the UK Access Management Federation rules and then use set processes to share information. The master for the region will be the RBC. This will then allow schools that log into their RBC portal (to gain user level control of filtering, access RBC hosted resources, etc) to then access federated resources from their parties with user level authentication ... the magic SSO.
Why not allow schools to implement shibboleth, it was designed specifically so that institutions can authenticate using their existing infrastructure.
You cannot have multiple masters for IDP within a region. The relationship between the school on the RBC is a bit difficult to explain and it does vary. For most RBCs they are interested in economy of scale as well as best practice ... so they work from a central view. The way you have ADs set up nowadys you do not *need* a central AD for a significant level of data sharing. Multiple forest with multiple domains is not proof of concept, it can be done ... but Directory Services of any sort can deal with sharing info ... it is doing it securely and effectively that is key here, and that involves setting out some ground rules that meet the laws of the land. That is why we have the UKAMF.
The only people with enough clout to force the big names to join the UKAMF are the RBCs. This is starting to happen now and once application and content providers switch n to this then yes, at a future date, it would be reasonable to presume that a school can be their own IDP and they will meet the same standards and be part of the UKAMF.
People are still forming the standards for all of this ... and the processes behind it to ... to try and give some sort of hope for collaboration and connection ... not just between you and your RBC .. but between you and the school in Bristol you want to link with ... and the school in London ... and the content provider based in Glasgow ... and the application provider in Leeds.
CyberNerd (7th February 2008)
Sure, but it doesn't account for a schools freedom of choice to install any other system that may not necessarily work with what the RBC have to offer. If they insist we have an AD infrastructure, who's going to pay for the training, the upgrades etc (no BSF here for 4yrs). I've not tried to setup the school as an IDP but I suspect the answer will be that I cannot.The way you have ADs set up nowadys you do not *need* a central AD for a significant level of data sharing. Multiple forest with multiple domains is not proof of concept, it can be done ...
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote