+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 24
School ICT Policies Thread, Becta Information security guidance for schools published in School Administration; See here. What do people here think?...
  1. #1

    SYSMAN_MK's Avatar
    Join Date
    Sep 2005
    Posts
    4,005
    Thank Post
    489
    Thanked 1,340 Times in 728 Posts
    Rep Power
    427

    Becta Information security guidance for schools published

    See here. What do people here think?

  2. #2
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,637
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    22
    I'll have a read in a minute.

    How come the Sample AUP links in the Wiki are dead?

  3. #3
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    make sure that the media used has been encrypted and is transported securely for storage in a secure location.
    Well, my house is locked - does that make it a secure location for off-site backups? Transported securely is interesting, too.

    Protect all desktop ... using approved encryption software.
    Are they actually suggesting that we should be encrypting things over the LAN?

    Protect all ... mobile devices, including media, used to store and transmit personal information using approved encryption software.
    This statement presumably covers pen drives; so, what are people's thoughts/policies on that, as I'm sure that there is all sorts of juicy stuff on some people's pens? Encourage staff to use encryption software, and if so, what? Discourage them from carrying "sensitive" data on pen drives (which is pretty much impossible/unworkable when you think that includes class lists, mark books and draft reports)?

  4. #4
    Andie's Avatar
    Join Date
    Sep 2006
    Location
    Cambridgeshire
    Posts
    794
    Thank Post
    167
    Thanked 66 Times in 49 Posts
    Rep Power
    29
    Gulp! Primary teachers, laptops, memory sticks....

    Have just printed this and passed it to SMT. Been worrying about this for ages and trying to get staff to think about safety of data on laptops, etc.
    Last edited by Andie; 7th February 2008 at 03:39 PM.

  5. #5

    Join Date
    Mar 2007
    Posts
    307
    Thank Post
    3
    Thanked 9 Times in 8 Posts
    Rep Power
    16
    All you can do is pass this information to all staff in schools. The fact that there are so many posts on here complaining about staff leaving laptops out, machines logged on and work open just goes to show the mentality of some staff who work in schools. Until the privaleges of having access to computers is taken away from mis-use nothing will change. Will teachers have laptops taken from them? I doubt it. It would have a negative effect on teaching and learning.

    All we can do is ensure from a technical point of view everything is as secure as it can be. All problems with end users should be dealt with by senior management.

    And I have printed this too as I am trying to get a document together which highlights the importance for correct use of our facilities. Whether staff will actually listen to what is brought to their attention is another matter...

  6. #6

    Join Date
    Mar 2007
    Posts
    1,752
    Thank Post
    79
    Thanked 288 Times in 219 Posts
    Rep Power
    70
    Quote Originally Posted by pallen View Post
    Will teachers have laptops taken from them? I doubt it. It would have a negative effect on teaching and learning.
    this is the bit that really annoys me, in nearly any other trade it would be taken away and a roasting would be dished out. If the person was unable to work without it they would be deemed incompatant and booted out. Teachers really do get given the most opportunties i've ever seen!, they really know they can push there luck and get away with it.
    Last edited by GrumbleDook; 7th February 2008 at 08:50 PM.

  7. #7
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33
    Quote Originally Posted by NickJones View Post
    Are they actually suggesting that we should be encrypting things over the LAN?
    ... and using volume-level encryption at either end.

    Quote Originally Posted by Becta
    Use best practice methodologies such as the International Standard 27001.
    I can hear the phone call from my boss now...

    Quote Originally Posted by NickJones View Post
    This statement presumably covers pen drives; so, what are people's thoughts/policies on that, as I'm sure that there is all sorts of juicy stuff on some people's pens?
    At some point in the past we did ask staff not to take confidential information outside the building with them, but I'm not sure it ever made it into a policy document.

    Of course this is a bullshit-rolling-downhill scenario: the government make some over the top requirement for security, heads will get it and pass it on to us, then we will undoubtedly suggest to staff that they take (unworkable) steps to risk falling foul of the legislation. Then when there's a cockup, it's the grunt at the bottom that gets shafted. It's about 1000 times easier to hand out guidance than to implement it, which is why BECTA have time to hand out so much of it!

    Quote Originally Posted by The Information Commissioner
    The Information Commissioner’s Office recommends that data controllers ensure that any solution meets the current standard of FIPS 140-2 Level 3 approved encryption products.
    ... good luck with that! (level 3 is higher than level 2 etc.)

    Quote Originally Posted by Becta again
    When data is required by an authorised user from outside of the school – for example by a teacher working from their home – we recommend that they have remote secure access to the management information system (MIS) or learning platform. This should be achieved by secure access via the UK Access Management Federation for Education and Research.
    2 problems here. 1st up, I'm not aware of anyone in here who's actually using shibboleth to access their MIS today. The list of members is fairly long, but there aren't that many IDproviders outside of universities.

    Secondly, when they are talking about the very high security levels named above, a username and password for access at home really is not going to cut it. You're realistically looking at some form of 2-factor authentication. Remember also that we are soon going to have a requirement for every parent and pupil to be an "authorised user from outside of the school" accessing kids' personal information.

    I shall be filing this one under "BECTA's big ideas".

  8. #8
    chrbb's Avatar
    Join Date
    Oct 2005
    Location
    Midlands
    Posts
    1,507
    Thank Post
    141
    Thanked 67 Times in 62 Posts
    Rep Power
    46
    where backups are being taken off site. In this case make sure that the media used has been encrypted and is transported securely for storage in a secure location.
    I use ntbackup which if I understand correctly can't be encrypted, is there a cheap (and I mean cheap) backup software that can be encrypted?

    The transported securely bit might be as simple as if you are taking the backup home (to store in that locked filing cabinet!) that you don't park your car at the local shops/gym/friend's enroute with the backup left on the passenger seat visible to all and sundry.

  9. #9
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33
    Quote Originally Posted by chrbb View Post
    I use ntbackup which if I understand correctly can't be encrypted, is there a cheap (and I mean cheap) backup software that can be encrypted?
    Truecrypt will let you encrypt files - you just need to mount an encrypted volume, copy the bak file into it, then unmount the volume and take the encrypted file away. You might have an easier time using 7-zip with its highest encryption setting, lowest compression setting and a long passphrase. You can write a batch file to 7zip the backup file (or do it manually). Truecrypt can also be controlled from the commandline IIRC.

    Both are free of charge.

  10. #10

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,780 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by sahmeepee View Post
    <snip>
    2 problems here. 1st up, I'm not aware of anyone in here who's actually using shibboleth to access their MIS today. The list of members is fairly long, but there aren't that many IDproviders outside of universities.
    All RBCs *should* be regional IDPs. However, all involved have a certain road to travel before we get there ... it doesn't mean that we shouldn't have some end target though.

  11. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    All RBCs *should* be regional IDPs.
    How are they going to achieve this? Centralised Active Directory at LA's I guess. It would make BSF easier to roll out.

  12. #12

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,780 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by CyberNerd View Post
    How are they going to achieve this? Centralised Active Directory at LA's I guess. It would make BSF easier to roll out.
    All RBCs hold a Directory Service, for some it is AD based but it may differ yo others.

    Those wanting to access it have to meet the UK Access Management Federation rules and then use set processes to share information. The master for the region will be the RBC. This will then allow schools that log into their RBC portal (to gain user level control of filtering, access RBC hosted resources, etc) to then access federated resources from their parties with user level authentication ... the magic SSO.
    Admittedly, this is before we get to LAN to WAN authentication and there are a variety of models out there for that. This is one of those areas that means for most schools it would be a good idea to remove the firewall and use the RBC stated designs ... as long as it fits in with your needs.

    People said they wanted clear guidance on data security for schools ... it has now been given. For a good number of us it is the same as FITS ... it is a target. The only difference with this one is that it is backed up with a legal act (DPA) and some moral principles.

  13. #13


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Those wanting to access it have to meet the UK Access Management Federation rules and then use set processes to share information. The master for the region will be the RBC. This will then allow schools that log into their RBC portal (to gain user level control of filtering, access RBC hosted resources, etc) to then access federated resources from their parties with user level authentication ... the magic SSO.
    I should imagine quite a few RBC's are going to interperet this as a centralised AD infrastructure.

    Why not allow schools to implement shibboleth, it was designed specifically so that institutions can authenticate using their existing infrastructure.

  14. #14

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,780 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by CyberNerd View Post
    I should imagine quite a few RBC's are going to interperet this as a centralised AD infrastructure.

    Why not allow schools to implement shibboleth, it was designed specifically so that institutions can authenticate using their existing infrastructure.
    You cannot have multiple masters for IDP within a region. The relationship between the school on the RBC is a bit difficult to explain and it does vary. For most RBCs they are interested in economy of scale as well as best practice ... so they work from a central view. The way you have ADs set up nowadys you do not *need* a central AD for a significant level of data sharing. Multiple forest with multiple domains is not proof of concept, it can be done ... but Directory Services of any sort can deal with sharing info ... it is doing it securely and effectively that is key here, and that involves setting out some ground rules that meet the laws of the land. That is why we have the UKAMF.

    The only people with enough clout to force the big names to join the UKAMF are the RBCs. This is starting to happen now and once application and content providers switch n to this then yes, at a future date, it would be reasonable to presume that a school can be their own IDP and they will meet the same standards and be part of the UKAMF.

    People are still forming the standards for all of this ... and the processes behind it to ... to try and give some sort of hope for collaboration and connection ... not just between you and your RBC .. but between you and the school in Bristol you want to link with ... and the school in London ... and the content provider based in Glasgow ... and the application provider in Leeds.

  15. Thanks to GrumbleDook from:

    CyberNerd (7th February 2008)

  16. #15


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    The way you have ADs set up nowadys you do not *need* a central AD for a significant level of data sharing. Multiple forest with multiple domains is not proof of concept, it can be done ...
    Sure, but it doesn't account for a schools freedom of choice to install any other system that may not necessarily work with what the RBC have to offer. If they insist we have an AD infrastructure, who's going to pay for the training, the upgrades etc (no BSF here for 4yrs). I've not tried to setup the school as an IDP but I suspect the answer will be that I cannot.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Becta admit mistakes in schools IT
    By Dos_Box in forum IT News
    Replies: 13
    Last Post: 13th February 2008, 03:39 PM
  2. HP t5135 published application server settings?
    By Geoff in forum Thin Client and Virtual Machines
    Replies: 1
    Last Post: 28th September 2007, 08:14 AM
  3. Becta: Study of Thin Client technology in schools
    By CyberNerd in forum School ICT Policies
    Replies: 5
    Last Post: 12th May 2007, 12:11 AM
  4. Sims as a remote published application is it possible?
    By edie209 in forum Thin Client and Virtual Machines
    Replies: 16
    Last Post: 21st April 2007, 09:07 AM
  5. Replies: 0
    Last Post: 30th November 2005, 10:58 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •