Tag Archives: training

Somebody will go to jail

The start of a new year is always a time for predictions and forecasts for the year to come – one that caught my eye was the Top 10 Cybersecurity predictions from Richard Starnes. The list makes some grim reading, starting as it does with Somebody will go to jail.

Second on his list was a prediction that information security management training will become the new silver bullet. Citing the IBM 2015 Cyber Security Intelligence Index he notes that over 40% of the average companies’ breaches were mostly due to inadequately or improperly trained personnel. UCISA has taken steps to try and address this, as Jerry Niman advised in an update in December to the UCISA Directors list, by reaching agreement with Leo to make the licence for their Information Security Awareness Learning Suite available to all UCISA full member organisations in perpetuity. The agreement includes reasonable updates for the first three years. This will be fully funded by UCISA, and will be available for institutions to host on the LMS of their choice. There will be no cost to institutions unless further customisation or hosting is required. We are working towards making the suite available in the first quarter this year.

Making the training available is one part of the solution – making sure those that need to take it do is another challenge. A number of institutions have policies that state that all staff should take information security training but not all follow it through and ensure that the policy is fully implemented. Chapter 9 of the UCISA Information Security Management Toolkit highlights the role awareness activities play in managing risk within the institution and highlights how the effectiveness of such activities can be demonstrated.

Starnes’ list highlighted particular challenges around health data but he noted that one implication of an increased focus on cyber security was that the market for information security professionals will tighten, making recruiting experienced professionals more costly. As personnel become more expensive, so the need to understand the importance of the roles and the functions they perform and support increases. Clearly this understanding requires context; that context being provided by recognition of the value of the information and the risk to the institution of a breach of security or loss of data. Will it take somebody going to jail to focus minds?

Prevent duty – getting the background

I’m sure many of you have been following the twists and turns of the Prevent Duty through to the 18th September when it came into force.

Andrew Cormack has discussed the Prevent Duty guidance within his Regulatory Developments blog  over the last 18 months. I have been keen to understand the implications specifically for Loughborough University, especially with the scaremongering by some that we would be forced to implement comprehensive content filtering; an impartial, fact-based viewpoint from Andrew has been well received.

I am pleased to see Andrew’s blog referencing our ‘proportionate and appropriate’ understanding in his recent post, the “Government again stressed that measures should be proportionate and appropriate to the risks faced by individual institutions.”

The work surrounding the Prevent Duty has a number of stakeholders within a University; and has been driven by Student Services at Loughborough. Clearly there is a place for the IT business unit to have an input to this policy, but I wanted to ensure I had a background knowledge when contributing.

A really helpful resource, and the main purpose of this blog post, is to raise awareness of the Jisc WRAP (Workshop to Raise Awareness of Prevent) Training.  I attended the two hour training course a couple of weeks ago to provide a background to the Prevent Duty and this training course fulfilled my learning objectives entirely.

The course is delivered using the online Adobe Connect software, all you need are headphones and a microphone (most computers now have a microphone built it, so a pair of headphones just helps minimise audio feedback). The beauty of this course is you can attend from anywhere, from your office, a quiet room, from home etc…

It was really interesting to hear the view points of other delegates who were from a very diverse background, in fact I was the only person from HE IT. To manage expectations, the course is not designed to inform IT departments about IT controls; however to provide “… an understanding of the Prevent strategy and your role within it.”

I found the course extremely helpful as background to engage with our Student Services department; it was very well delivered using a variety of engagement tools: video, polls, chat, discussion forums etc

If you are looking for a background into the Prevent Duty, this course from Jisc Training Technologies is excellent, comprehensive; and in my perspective, an exemplar in how to deliver online learning.

I would also encourage colleagues to let other areas of their institution know about the course: Student Services, Academic Registry, Students Union, Physical Security etc.

Matthew Cook
Assistant Director of IT
Loughborough University