See here. What do people here think?
See here. What do people here think?
I'll have a read in a minute.
How come the Sample AUP links in the Wiki are dead?
Well, my house is locked - does that make it a secure location for off-site backups? Transported securely is interesting, too.make sure that the media used has been encrypted and is transported securely for storage in a secure location.
Are they actually suggesting that we should be encrypting things over the LAN?Protect all desktop ... using approved encryption software.
This statement presumably covers pen drives; so, what are people's thoughts/policies on that, as I'm sure that there is all sorts of juicy stuff on some people's pens? Encourage staff to use encryption software, and if so, what? Discourage them from carrying "sensitive" data on pen drives (which is pretty much impossible/unworkable when you think that includes class lists, mark books and draft reports)?Protect all ... mobile devices, including media, used to store and transmit personal information using approved encryption software.
Gulp! Primary teachers, laptops, memory sticks....
Have just printed this and passed it to SMT. Been worrying about this for ages and trying to get staff to think about safety of data on laptops, etc.
Last edited by Andie; 7th February 2008 at 04:39 PM.
All you can do is pass this information to all staff in schools. The fact that there are so many posts on here complaining about staff leaving laptops out, machines logged on and work open just goes to show the mentality of some staff who work in schools. Until the privaleges of having access to computers is taken away from mis-use nothing will change. Will teachers have laptops taken from them? I doubt it. It would have a negative effect on teaching and learning.
All we can do is ensure from a technical point of view everything is as secure as it can be. All problems with end users should be dealt with by senior management.
And I have printed this too as I am trying to get a document together which highlights the importance for correct use of our facilities. Whether staff will actually listen to what is brought to their attention is another matter...
Last edited by GrumbleDook; 7th February 2008 at 09:50 PM.
I can hear the phone call from my boss now...Originally Posted by Becta
Of course this is a bullshit-rolling-downhill scenario: the government make some over the top requirement for security, heads will get it and pass it on to us, then we will undoubtedly suggest to staff that they take (unworkable) steps to risk falling foul of the legislation. Then when there's a cockup, it's the grunt at the bottom that gets shafted. It's about 1000 times easier to hand out guidance than to implement it, which is why BECTA have time to hand out so much of it!
... good luck with that! (level 3 is higher than level 2 etc.)Originally Posted by The Information Commissioner
2 problems here. 1st up, I'm not aware of anyone in here who's actually using shibboleth to access their MIS today. The list of members is fairly long, but there aren't that many IDproviders outside of universities.Originally Posted by Becta again
Secondly, when they are talking about the very high security levels named above, a username and password for access at home really is not going to cut it. You're realistically looking at some form of 2-factor authentication. Remember also that we are soon going to have a requirement for every parent and pupil to be an "authorised user from outside of the school" accessing kids' personal information.
I shall be filing this one under "BECTA's big ideas".
I use ntbackup which if I understand correctly can't be encrypted, is there a cheap (and I mean cheap) backup software that can be encrypted?where backups are being taken off site. In this case make sure that the media used has been encrypted and is transported securely for storage in a secure location.
The transported securely bit might be as simple as if you are taking the backup home (to store in that locked filing cabinet!) that you don't park your car at the local shops/gym/friend's enroute with the backup left on the passenger seat visible to all and sundry.
Both are free of charge.
How are they going to achieve this? Centralised Active Directory at LA's I guess. It would make BSF easier to roll out.All RBCs *should* be regional IDPs.
Those wanting to access it have to meet the UK Access Management Federation rules and then use set processes to share information. The master for the region will be the RBC. This will then allow schools that log into their RBC portal (to gain user level control of filtering, access RBC hosted resources, etc) to then access federated resources from their parties with user level authentication ... the magic SSO.
Admittedly, this is before we get to LAN to WAN authentication and there are a variety of models out there for that. This is one of those areas that means for most schools it would be a good idea to remove the firewall and use the RBC stated designs ... as long as it fits in with your needs.
People said they wanted clear guidance on data security for schools ... it has now been given. For a good number of us it is the same as FITS ... it is a target. The only difference with this one is that it is backed up with a legal act (DPA) and some moral principles.
I should imagine quite a few RBC's are going to interperet this as a centralised AD infrastructure.Those wanting to access it have to meet the UK Access Management Federation rules and then use set processes to share information. The master for the region will be the RBC. This will then allow schools that log into their RBC portal (to gain user level control of filtering, access RBC hosted resources, etc) to then access federated resources from their parties with user level authentication ... the magic SSO.
Why not allow schools to implement shibboleth, it was designed specifically so that institutions can authenticate using their existing infrastructure.
The only people with enough clout to force the big names to join the UKAMF are the RBCs. This is starting to happen now and once application and content providers switch n to this then yes, at a future date, it would be reasonable to presume that a school can be their own IDP and they will meet the same standards and be part of the UKAMF.
People are still forming the standards for all of this ... and the processes behind it to ... to try and give some sort of hope for collaboration and connection ... not just between you and your RBC .. but between you and the school in Bristol you want to link with ... and the school in London ... and the content provider based in Glasgow ... and the application provider in Leeds.
CyberNerd (7th February 2008)
Sure, but it doesn't account for a schools freedom of choice to install any other system that may not necessarily work with what the RBC have to offer. If they insist we have an AD infrastructure, who's going to pay for the training, the upgrades etc (no BSF here for 4yrs). I've not tried to setup the school as an IDP but I suspect the answer will be that I cannot.The way you have ADs set up nowadys you do not *need* a central AD for a significant level of data sharing. Multiple forest with multiple domains is not proof of concept, it can be done ...
There are currently 1 users browsing this thread. (0 members and 1 guests)