Godley Primary School. E-Security Policy 23/05/2014. Schools ICT Security Policy 1

Similar documents
Husborne Crawley Lower School E-Safety Policy (incorporating Computer Network Security Policy)

Mountain Ash Comprehensive School Ysgol Gyfun Aberpennar. Network Security Policy

Information Security

TECHNICAL SECURITY AND DATA BACKUP POLICY

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

NETWORK SECURITY GUIDELINES

Mike Casey Director of IT

NETWORK AND INTERNET SECURITY POLICY STATEMENT

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

UMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY

A Guide to Information Technology Security in Trinity College Dublin

Records Management and Security Procedure. Approved by: Executive Management Team Version: 1.2 Date:

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

How To Protect Decd Information From Harm

Dene Community School of Technology Staff Acceptable Use Policy

Information Security Policy. Policy and Procedures

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ULH-IM&T-ISP06. Information Governance Board

Procedure Title: TennDent HIPAA Security Awareness and Training

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

Version 1.0. Ratified By

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Supplier Information Security Addendum for GE Restricted Data

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

SITTINGBOURNE COMMUNITY COLLEGE IT SUPPORT MANAGER. Job Description

Countering and reducing ICT security risks 1. Physical and environmental risks

Student Halls Network. Connection Guide

HIPAA Security COMPLIANCE Checklist For Employers

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Rotherham CCG Network Security Policy V2.0

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

MSP Service Matrix. Servers

Working Together Aiming High!

SWGfL E-Safety School Template Policies

Network Security Policy

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

St Vincent s Catholic Primary School e-safety Policy

Information Technology Security Procedures

How To Ensure Network Security

HIPAA Security Alert

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

ScoMIS Encryption Service

SPICE EduGuide EG0015 Security of Administrative Accounts

4. The Importance of Internet Use in the Primary Curriculum

Information Security Policy

School Information Security Policy

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

NETWORK INFRASTRUCTURE USE

Link2ICT Service Catalogue 2009/2010 Page 1 of 9 Version 2.0

HIPAA Privacy and Security Risk Assessment and Action Planning

St Bernadette s Catholic Primary School. E-Safety Policy

HIPAA Privacy & Security Health Insurance Portability and Accountability Act

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

Check Point and Security Best Practices. December 2013 Presented by David Rawle

HIPAA Compliance Evaluation Report

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Pierce County Policy on Computer Use and Information Systems

SECURITY POLICY REMOTE WORKING

Network Security Policy

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

Retention & Destruction

The Bishop s Stortford High School Internet Use and Data Security Policy

Microsoft Windows Client Security Policy. Version 2.1 POL 033

Did you know your security solution can help with PCI compliance too?

ABERDARE COMMUNITY SCHOOL

ADMINISTRATION COMPUTER NETWORK

Service Children s Education

BYOD Policy 2016 Bring Your Own Device Acceptable Use Policy

E Safety Policy. 6 th March Annually. 26 th February 2014

GENERIC JOB DESCRIPTION - SCHOOLS

EXIN Information Security Foundation based on ISO/IEC Sample Exam

How To Write A Health Care Security Rule For A University

Post No: GEN75. Division/ Department: Schools

DEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE

Information Security Policy

Stable and Secure Network Infrastructure Benchmarks

Saint Martin s Catholic Academy

The Coppice Primary School Computing & ICT Policy

Birkenhead Sixth Form College IT Disaster Recovery Plan

On-Site Computer Solutions values these technologies as part of an overall security plan:

Network Documentation Checklist

University of Kent Information Services Information Technology Security Policy

Berwick Academy Policy on E Safety

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Information Security Operational Procedures Banner Student Information System Security Policy

Data Security Incident Response Plan. [Insert Organization Name]

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards

Data Network Security Policy

Hang Seng HSBCnet Security. May 2016

ENISA s ten security awareness good practices July 09

Central Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11

Dublin Institute of Technology IT Security Policy

Network Security Policy

NETWORK SECURITY POLICY

University of Liverpool

Transcription:

Godley Primary School E-Security Policy 23/05/2014 Schools ICT Security Policy 1

E-Security Information systems (IS) play a major role in supporting the school s activities. The reliability, confidentiality and data integrity of the information systems are all essential to the success of the school s educational and administrative work. To achieve a high level of IS security, all users and administrators will need to comply with the school s IS Security Policy. The policy applies to all staff and students of the school and all other authorised users. It relates to their use of school IS, to private systems when connected to the school network and to school-owned programs and data, whether used on school or on private systems. The objectives of this policy are to ensure that: The school s information systems, programs, data, network and equipment are adequately protected against loss, misuse or abuse; All users are aware of and implement this policy and associated policies including e-safety and data protection; All users are aware of and comply with the relevant UK and European Union legislation; Appropriate security measures are implemented as part of the effective operation and support of IS; All users understand their own responsibilities for protecting the confidentiality and integrity of the data they handle. Schools ICT Security Policy 2

Introduction This material reflects effective IS security practice in Tameside schools. The value of a 75 station network is of the order of 60000.00 and it is sensible to protect this investment, to say nothing of the value and sensitivity of the data held. Furthermore, with the integration of curriculum and administration networks, and community access to school ICT facilities, the breadth of threat to systems, data and people grows wider. With broadband initiatives, schools become part of wider network community. No longer are they isolated and only at risk from dangers from within their own LAN (Local Area Network). WAN (Wide Area Network) connectivity places a responsibility on all participating schools to ensure that their own and other LANs are not compromised by poor security and irresponsible user actions. This document sets out areas for consideration to protect our own and other community networks and covers the following points: 1.1 User responsibility and behaviour. 1.2 ICT system integrity and security. 1.3 Hardware and software quality, maintenance and replacement. 1.4 Virus Prevention Strategies. 1.5 Password good practice. 1.6 Wireless Network. 1.7 Disaster recovery procedures. 1.8 References. Schools ICT Security Policy 3

1.1 User Responsibility and Behaviour. Everyone is involved in security; this is simply responsible citizenship. All adult users expect an acceptable level of ICT service. Similarly they should expect security and privacy of their data. This implies mutual respect for other peoples privacy and data. Safeguarding your own account and password details is an essential requirement. The Data Protection Act and Computer Misuse Act both apply to school networks and the data held within them. Staff and pupils need to develop responsible approaches to continue to enjoy the privilege of using the school ICT facilities. 1.2 Information Systems Integrity and Security. The school has a responsibility for ensuring that its capital investment in ICT is protected and secured, just as there are procedures for the security and safety of buildings. Network administrators must understand the principles of file level security and the consequences of network access. Users who have network administration rights must safeguard their access and understand their responsibilities. They are potentially the greatest security risk! 1.21 File Security. The network servers are located within a computer room. This room is kept locked when not under direct supervision. The system performs an automatic backup of each server hard disk to tape every night. A different tape is used for each night and then reused the following week. The backup tapes are stored in the school safe and one set is taken off the premises by the ICT Technician. A third level online back up also takes place automatically with out intervention. Workstation backups are not required. A faulty station can be quickly rebuilt by using an image. Precautions are taken to reduce the chances of infection by computer viruses via the Internet, email, or other disks. The antivirus software MS essentials which is installed on all school network stations and servers, is Schools ICT Security Policy 4

scheduled to update and run automatically on a weekly basis. Remedian will check that anti virus software is operating correctly once a month. All users have their own area for storing their work on the network server hard disk (the "My documents" folder). This means that they can access their work from any network station. Users do not have access to network drives nor are they able to alter or save files outside their own area (except in the authorised shared public drive). Staff can alter and save files on the public drive but pupils can only view the files. 1.2.2 Access to Software Only Remedian can install new software and hardware. Users can only access software and other resources as made available to them by Remedian. For example, pupils do not have access to staff programs and shared documents. Group policy and Desktop Redirect controls which programs the pupils have access to. An appropriate desk top is created for each year group. Sites visited on the Internet are filtered by Websense Lightspeed 1.3 Hardware and Software Security, Maintenance And Replacement. 1.3.1 Hardware Security/Inventory An inventory is maintained of all equipment together with make, model, serial number, date of purchase and location. A copy of the inventory is held by Remedian. Rooms with computers are locked overnight. Keys to ICT Suite are located in the key safe in the administrator s office. Schools ICT Security Policy 5

All external visitors are required to report to the office and wear identification at all times. All computer rooms and corridors are monitored by the school alarm system after school hours. All major items are security marked to identify them as the property of the school. 1.3.2 Software Security/ Inventory An inventory is maintained containing a record for each item of software that is available for use on the network and the number of licenses held. Licenses and invoices are held in the ICT Coordinator File or online (accessed via Remedian). 1.3.3 Network & Hardware Maintenance Equipment failure in a lesson can have a very negative effect on both teacher and pupil alike. It is essential to have technical support. The school has the following contracts. ICT Support Package provided by Remedian this covers the provision of a technical support service covering broadband; servers, network infrastructure and administration networks; liaison with third parties on behalf of the client. SIMS support is provided by Tameside. The school hardware maintenance contract is managed and sourced by Remedian ensuring value for money. All essential hardware including network components (hubs, routers and switches etc). Maintenance logs of equipment are kept up to date as the previous history of faults to be used to inform repair, or escalate a frequently reported problem for further analysis. Housekeeping procedures i.e. Defragmenting and Scan Disc are performed on all workstations/laptops at least once a year. More frequently, time permitting. Schools ICT Security Policy 6

1.34 Electrical Safety All equipment attached to the main electrical supply is safety tested annually. The servers operate from an Uninterruptable Power Supply (UPS) to protect against power surges and blackouts. This will ensure a controlled shutdown of servers should a power failure occur. The power switches of the ICT equipment in the classrooms should be turned off at the end of the day. 1.35 Fire Precautions Waste material i.e. paper/books should be frequently removed from the computer areas. Items should not be placed on laptops and left there. All workstation screens should be switched to off when the workstation is shut down. A carbon dioxide (CO2) fire extinguisher is fitted in ICT Suite. Staff know where it is and how to use it. 1.5 Virus Prevention Strategies At any one time, Tameside schools are vulnerable to virus threats through old software versions, un-patched machines and a lack of regular checking. Schools should regularly review security procedures and ensure compliance, even where staff illness, leave or high workload could disrupt the pattern. Here, the term virus covers worms, Trojans etc. Precautions are taken to reduce the chances of infection by computer viruses via the internet, e-mail or other discs. Schools ICT Security Policy 7

The antivirus software MS essentials software is installed on all the school network stations and servers. It is scheduled to update and run automatically on a weekly basis. Remedian will check that antivirus software is operating correctly once a month. All workstations are set automatically update Microsoft service packs and security patches. Care should be taken when opening e-mails and their attachments and images from the internet from unknown sources. The attachments in particular should not be opened if at all suspect. Removable media (e.g. external drives) must be scanned for viruses before being used on a machine connected to the network. 1.6 Wireless Network. Connection to the network is through 4 Wireless Access Points. As wireless LAN broadcasts may be monitored beyond the school boundary encrypted transmission must be configured to prevent access. As recommended by Tameside MBC ICT Internal Audit, WPA2 encryption protocol has been enabled. Remedian will connect hardware to the wireless network. Schools ICT Security Policy 8

1.7 Choosing and Using Passwords Sensitive medical data and pupil family details are all areas where access by the wrong person could produce problems. A professional approach to authentication will help establish trust that personal or business data is kept secure. The security of the identity / password pair is thus important. All staff will change their password each term. Staff should not disclose their password to anyone. All staff should read the attached Appendix A for password tips. The server automatically will prompt the users to change their password. A log will be kept of each change. 1.8 Disaster Recovery Procedures Risk assessment considering all possible ICT disaster situations and their consequences should be part of a school s management policy. This is the insurance policy. Most disasters are not predicted. Sometimes the warning signs are there network error logs of failing backups and hard disk crashes, but sometimes not. Acts of God such as lightning strikes are usually beyond your control. All users will be informed immediately if there is a loss of ICT services and advised of the cause. The server backup disc will be checked monthly to ensure the discs are readable. As a system crash may require recovery from recent tape backups. The backup tapes are stored in the school safe and a daily set taken off site with the ICT Technician. Schools ICT Security Policy 9

References CERT Computer Emergency Response Team The team that provides authoritative security advice to JANET http://www.janet.ac.uk/cert/ Becta e-safety Site www.becta.org.uk/schools/esafety Becta Data protection and Security a summary for schools http://publications.becta.org.uk/display.cfm (search on data protection) Becta National Network Standards including security http://industry.becta.org.uk/ Google directory on computer security sites http://directory.google.com/top/computers/security/policy/ Schools ICT Security Policy 10

Appendix A Choosing And Using Passwords A password chosen to be easy to remember by association such as matthew or Canterbury is easily guessed. Completely random, long passwords tend to result in people writing them down, a cardinal sin! What is reasonably secure and memorable? A password should not: Contain a dictionary word (to prevent breaking by substitution). Be the name of a pet, town, person or character in a film. Contain a space. A good password: Uses a wide range of characters as well as letters. Any keyboard character will make the password less easy to spot. E.g. qot78*tug or cat&56mice Must be over 6 characters long, but 10 is plenty. Will use some capitals (if passwords are case sensitive), digits and punctuation. For memorable passwords try: Nug78Mer - the consonant-vowel-consonant is pronounceable. Canterbury town wall is a quarter missing = Ctwia1/4m. Password tips We all have many passwords and it is tempting to use one for all systems. This is extremely poor practice! However some things are high security and some not. Never let Windows remember an important password for you! Change important passwords on say a monthly or termly basis. Arrange access for colleagues to shared files, so they don t need your password. Schools ICT Security Policy 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information