SlideShare a Scribd company logo

Jisc e safety presentation AoC 2014

Download as PPTX, PDF
Jisc, profile picture
Jisc

This document summarizes a presentation on e-safety given by several speakers. The purpose of the session was to explore e-safety issues for educational institutions and discuss safety policies, safe systems, and educating safe users. It covered setting objectives and priorities for safety policies, external safeguards and internal systems to promote safe usage, and increasing awareness of e-safety practices. One speaker discussed their institution's computer security incident response team and examples of incidents handled, and provided tips for keeping systems and users safe. Another speaker discussed their college's approach to safeguarding students through tools like policy reviews, guidance materials, and educational programs.

Education
1 of 39
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
20/11/2014 E-safety: safer systems, safer users Nigel Ecclesfield, Lee Harrigan-Green, Katie McAllister
E-safety: safer systems, safer users 20/11/2014 2 Speakers » Nigel Ecclesfield, Head of change implementation support programmes - Further Education and Skills, Jisc » Lee Harrigan-Green, Senior CSIRT member, Jisc » Katie McAllister, Student support and enrichment manager, Peterborough Regional College » Jackie Milne, Legal information specialist, Jisc
E-safety: safer systems, safer users 20/11/2014 3 Internet safety and security E-safety is about safe and responsible practice with technology and the sensible management of risks presented by the digital world. Jisc e-Safety infoKit
E-safety: safer systems, safer users 20/11/2014 4 Purpose of session » Explore e-safety issues for providers » Safety policies › Setting objectives and priorities » Safe systems › External safeguards and support › Internal systems » Safe users › Safe practices › Increase awareness of e-safety
E-safety and social media - risky mix or recipe for success? Jackie Milne, Legal information specialist, Jisc
E-safety: safer systems, safer users 20/11/2014 6 Social Media “The most influential and powerful voice of the people… needs to be regulated” Chloe Madeley “Ability to give a voice to people who would never have been heard” Bill Gates “A catalyst for the advancement of everyone’s rights” Queen Rania of Jordan “Just a buzz word until you come up with a plan” Unknown
E-safety: safer systems, safer users 20/11/2014 7 Storm in a T cup? FB comments result in sacking Think before you tweet or risk arrest Sexting pressure on the rise Social network is social nightmare Internet trolls may face two years in jail Teacher in FB meltdown Half of child exploitation happens on We don’t need any new social media laws social networks
E-safety: safer systems, safer users 20/11/2014 8 Which legal duties do you have? Statutory Contractual Common law All of these
Janet Computer Security Incident Response Team (CSIRT) and keeping yourself safe Lee Harrigan-Green, Senior CSIRT member, Jisc
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 10 Overview » About Janet CSIRT (Computer Security Incident Response Team) and our role » An overview of the incidents we see » Some examples of incidents » What can you do to help yourself » If you have any questions please just interrupt me
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 11 What is CSIRT? » Janet CSIRT (Computer Security Incident Response Team) » CERT© or CERT-CC, IRT, CIRT, SERT » Names can vary in different organisations, but they all carry out similar tasks: › Coordinate with our community and other CERTs, ISPs › Provide advice and assistance in relation to security with confidentiality
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 12 What do we do? » Incident Response » Proactive Monitoring » Advice and Expertise
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 13 What we don’t do! » We don’t hack systems » We don’t probe systems looking for vulnerabilities to advise owners » We are not the internet police » We don’t pass information onto the Government / CIA... but we do work with them
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 14 How we detect security incidents » Netflow data » Emails or alerts from 3rd parties » Website monitoring » Telephone calls » Keeping up to date with the security landscape / vulnerabilities » Google searches » Post incident analysis
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 15 Types of issues we deal with » Compromise › Data, usernames, passwords, personal information › Systems » Copyright notices » Denial of service » Queries › Law enforcement agencies requests for information (RIPA) › Legal / policy advice › Networking / security advice » Other issues: scanning, phishing, social engineering, unauthorised use, unsolicited bulk email (SPAM)
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 16 Incident type 2012 2013 2014 to date Compromise 1487 1329 363 Copyright 2000 91 (1293) 2815 Denial of Service 43 127 430 General query 59 82 154 LEA query 46 29 31 Legal / Policy query 7 9 4 Malware 3209 5148 4133 Misconfiguration 0 0 275 Net / Security query 115 89 162 Other 114 196 682 Phishing 243 427 307 Scanning 578 380 137 Social engineering 16 6 1 Unauthorised use 39 42 28 Unsolicited bulk email 238 256 144 Total 8194 8212 (9505) 9666
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 17 Regulation of Investigatory Powers notifications » Regulation of Investigatory Powers Act 2000 » Graded 1 (critical), 2 or 3 » Must originate from a single point of contact (SPoC) » CSIRT can verify a SPoC exists in Home Office database
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 18 Recent activities with the National Crime Agency (NCA) » Gameover Zeus (Zeus-p2p) and Cryptolocker » Advanced warning of the botnet takedown » Worked with the NCA and FBI to establish the best course of action from a UK perspective » Distributed the list of known domains associated with the malware » Issued advice and guidance to affected customers on the global day of action » Taken positive action within our resolver service so that our customers are protected from this malware. » More in the pipeline …
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 19 Example of a hacked website » A small website was vulnerable to a SQLi attack » Details of usernames, passwords, and email addresses were dumped » Automated email received at 23:15 » By 9:30 the following morning we had sent notifications to 42 different sites about the breach » We also alerted the site that was hacked. They were not aware and took the site offline and also notified all users in their database about the breach
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 20 Example of a Moodle system hack » Content of usernames and hashed passwords were put on pastebin approximately 3500 unique hashes. » Investigation started at 08:50 the following day » A Janet connected organisation system was compromised due to running a old version of administration software on a Moodle server » 48% of the passwords were cracked » Site advised of the very weak passwords » They rebuilt system » A student at the site was responsible
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 21 Policies are there when you need them There are many different types of policies that you require to keep yourself safe. » Disaster Recovery » Acceptable Use » Incident Response » Backup » And more We recommend: » Testing your policies to make sure they work in practice » Review your policies regularly - trigger points might be a yearly review, change in legislation or a security incident
Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 22 What can you do to keep yourself safe? » By following best practices you can keep yourself safe » Logging is the most important of these – Firewall, proxy, DHCP, email and web server » Use a system log (syslog) to keep them in one easy location » Keep systems up to date with latest patches and security updates » Maintain up to date security contacts with CSIRT » Contact us at CSIRT if you have any security related questions or queries, including advice on policies and practice to keep your systems and users safe
E-safety: safer systems, safer users 20/11/2014 23 Lee Harrigan-Green, Senior CSIRT Member irt@csirt.ja.net Lumen house, Library Avenue, Harwell, Didcot Oxfordshire OX11 0SG T 0300 999 2340 info@jisc.ac.uk jisc.ac.uk Except where otherwise noted, this work is licensed under CC-BY-NC-ND
Safeguarding & E-Safety Katie McAllister, Student Support and Enrichment Manager, Peterborough Regional College Equipping learners to be safe
The starting point • The college, in light of the growing child sexual exploitation issues, potential extremism and increasing e-safety concerns, was determined to ensure both staff and learners participated in a constructive dialogue relating to their safety.
The Challenge • Addressing the (potential) increase in cyberbullying, extremism, child sexual exploitation etc • Meeting our legal and statutory duties relating to ICT whilst reducing any risks • Identifying all of the across college areas we would need to consider such as our hosting liability and data protection • Educating employers, contractors, parents/carers
Review tools • A rigorous evaluation of our current practices including Jisc guidance & the use of the 360 degree safe self review tool  It’s free to access!  Provides subject areas (top line and in detail)  Provides action plan as you go  Identifies AFIs and best practices  Is online so a whole college approach is possible Compares your own responses to others who have completed it
Areas for review Each element has strands. Each strand has aspects.
The Safeguarding Toolkit • Resources and documentation to support a tailored recruitment and enrolment process for learners. • An enhanced induction for Looked After Care (LAC) learners. • Designated mentors and progress support meetings for LAC learners. • Online and magazine based hints, tips and guidance (staff and students).
The Safeguarding Toolkit • HE debates. • Tutorials and across college calendar of events covering personal safety and resilience for a range of levels/abilities (sexual health, alcohol, mental health, e-safety, being street wise). • Development of activities and resources to embed within teaching and learning sessions.
Multi Agency work • Multi agency partnership with housing, city youth workers, council, police, schools and Local Safeguarding Children Boards (LSCB) – members shared expertise and resources which resulted in a proactive approach to child sexual exploitation, monitoring of city wide tensions and action cohesion work. • Approach is being adopted by other police forces and was recorded for a Panorama documentary.
Training • The College Welfare Advisor and a College Youth Worker were specifically trained to support Looked After Care leavers - more vulnerable to child sexual exploitation and radicalisation. • Staff training incorporating extremism awareness and reporting (WRAP, Prevent).
Training • Prevent training to over 1000 students by the local Prevent officer. • The college completed a business continuity plan and staff training with the National Counter Terrorism Security Office (NaCTSO). • E-Safety handbook/toolkit. • Updated induction staff training.
Impact in 2013/14 • 98% of learners felt safe whilst at college. • 92% retention for LAC learners (9% increase on 12/13). • 88% retention for unaccompanied minors (5% increase on 2012/13). • Safeguarding embedded into teaching and learning - differentiated across the levels/abilities. • Significant, collaborative partnerships with quicker identification of and action to issues.
Impact in 2013/14 • Ongoing, robust self-assessment • The safeguarding toolkit has successfully contributed to the College receiving: – the BIG award (Bullying Intervention) – Gold ROSPA – the Buttle Quality Mark (Exemplary) – Customer Service Excellence & Matrix – The South West Grid for Learning Trust 360 degree safe award (first FE college).
Information • Freshers Fayre Event (1 Oct) • Anti-bullying & Resilience Stand (17 Nov) • Wellbeing Team Stand (E-safety: 1 Dec) • Safer Internet Day Stand (10 Feb) • Be Healthy, Stay Safe, Be Green Event (19 Mar)
Summary • The College has taken a proactive and passionate stance against these contemporary issues that are affecting our learner’s wellbeing, and our ongoing actions are positively removing barriers and ensuring the learners are able to fully engage with their studies. • For more information contact: katie.mcallister@peterborough.ac.uk
Questions? Q&A panel
Find out more… 39 Find out more communications@jisc.ac.uk www.jisc.ac.uk/internet-safety Except where otherwise noted, this work is licensed under CC-BY-NC-ND

More Related Content

PPTX
Cyberwar Gets Personal
Nicholas Davis
 
PDF
Cyber Security Strategies and Approaches
vngundi
 
PDF
Cyber Resilience
Ian-Edward Stafrace
 
PPTX
Cyber Security Planning: Preparing for a Data Breach
Fletcher Media
 
PDF
Potential Impact of Cyber Attacks on Critical Infrastructure
Unisys Corporation
 
PDF
Aprio cybersecurity and board information
Aprio
 
PPTX
Webinar: Be Cyber Smart – Stories from the Trenches
Withum
 
PDF
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
Cyberwar Gets Personal
Nicholas Davis
 
Cyber Security Strategies and Approaches
vngundi
 
Cyber Resilience
Ian-Edward Stafrace
 
Cyber Security Planning: Preparing for a Data Breach
Fletcher Media
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Unisys Corporation
 
Aprio cybersecurity and board information
Aprio
 
Webinar: Be Cyber Smart – Stories from the Trenches
Withum
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 

What's hot (17)

PDF
How to safe your company from having a security breach
Baltimax
 
PDF
Critical Infrastructure and Cyber Security: trends and challenges
Community Protection Forum
 
DOCX
SEC440: Incident Response Plan
Thomas Christopher Ty
 
PPTX
March cybersecurity powerpoint
Courtney King
 
PDF
Best Practices For Seizing Electronic Evidence -- DoJ
David Sweigert
 
PDF
2014 ota databreach3
Meg Weber
 
PDF
Privacy issues in the cloud final
guest50a642f
 
PDF
Protecting Your Business From Cyber Risks
This account is closed
 
PPTX
New York Department of Financial Services Cybersecurity Regulations
Shawn Tuma
 
PDF
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Withum
 
PPTX
One hour cyber july 2013
Dan Michaluk
 
PDF
The Legal Case for Cybersecurity
Shawn Tuma
 
PPTX
National cyber security policy final
Indian Air Force
 
PPTX
Why Government & Corporate Cyber Programmes are Failing
c0c0n - International Cyber Security and Policing Conference
 
PPTX
Save yourself with the CSDF - ISACA Auckland - 16 June 2021
Chris Hails
 
PPTX
Your cyber security webinar
Empired
 
PPTX
Cybersecurity and data loss - It's not just about lost USB keys today
Dan Michaluk
 
How to safe your company from having a security breach
Baltimax
 
Critical Infrastructure and Cyber Security: trends and challenges
Community Protection Forum
 
SEC440: Incident Response Plan
Thomas Christopher Ty
 
March cybersecurity powerpoint
Courtney King
 
Best Practices For Seizing Electronic Evidence -- DoJ
David Sweigert
 
2014 ota databreach3
Meg Weber
 
Privacy issues in the cloud final
guest50a642f
 
Protecting Your Business From Cyber Risks
This account is closed
 
New York Department of Financial Services Cybersecurity Regulations
Shawn Tuma
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Withum
 
One hour cyber july 2013
Dan Michaluk
 
The Legal Case for Cybersecurity
Shawn Tuma
 
National cyber security policy final
Indian Air Force
 
Why Government & Corporate Cyber Programmes are Failing
c0c0n - International Cyber Security and Policing Conference
 
Save yourself with the CSDF - ISACA Auckland - 16 June 2021
Chris Hails
 
Your cyber security webinar
Empired
 
Cybersecurity and data loss - It's not just about lost USB keys today
Dan Michaluk
 
Ad

Similar to Jisc e safety presentation AoC 2014 (20)

PDF
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
APNIC
 
PPTX
2013 Data Protection Maturity Trends: How Do You Compare?
Lumension
 
PDF
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
Shawn Tuma
 
PPTX
Cybersecurity Risk Governance
Dan Michaluk
 
PDF
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
PPTX
Cybersecurity Standards & laws and Penalties
adamgaidam
 
PPT
Information Technology Security Basics
Mohan Jadhav
 
PDF
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
PDF
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
infosec train
 
PDF
Top 20 Incident Responder Interview Questions and Answers (1).pdf
ShivamSharma909
 
PPTX
Managing IT Risk and Assessing Vulnerability
AIS Network
 
PPTX
Cybersecurity by the numbers
APNIC
 
PDF
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Joe Bartolo
 
PPT
Analityk jakis robi durne prezentacje by
Eryk21
 
PPTX
Securing Your Digital Files from Legal Threats
Abbie Hosta
 
PPTX
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
PPTX
Slides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptx
CapitolTechU
 
PPTX
Research on AI using Cyber Security and Forensics
projob2412
 
PPTX
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
PDF
Cybersecurity and continuous intelligence
NISIInstituut
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
APNIC
 
2013 Data Protection Maturity Trends: How Do You Compare?
Lumension
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
Shawn Tuma
 
Cybersecurity Risk Governance
Dan Michaluk
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
Cybersecurity Standards & laws and Penalties
adamgaidam
 
Information Technology Security Basics
Mohan Jadhav
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
infosec train
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
ShivamSharma909
 
Managing IT Risk and Assessing Vulnerability
AIS Network
 
Cybersecurity by the numbers
APNIC
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Joe Bartolo
 
Analityk jakis robi durne prezentacje by
Eryk21
 
Securing Your Digital Files from Legal Threats
Abbie Hosta
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
Slides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptx
CapitolTechU
 
Research on AI using Cyber Security and Forensics
projob2412
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
Cybersecurity and continuous intelligence
NISIInstituut
 
Ad

More from Jisc (20)

PPTX
Strengthening open access through collaboration: building connections with OP...
Jisc
 
PPTX
Andrew-Brown-JUSP-showcase-20240730.pptx
Jisc
 
PPTX
JUSP Showcase - Rebuilding Data presentation
Jisc
 
PPTX
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
PPTX
FE Accessibility training matrix partnership - information session
Jisc
 
PPTX
Procuring a research management system: why is it so hard?
Jisc
 
PPTX
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
PPTX
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
PPTX
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
PPTX
The approach at University of Liverpool.pptx
Jisc
 
PPTX
Jisc's value to HE: the University of Sheffield
Jisc
 
PPTX
Towards a code of practice for AI in AT.pptx
Jisc
 
PPTX
Jamworks pilot and AI at Jisc (20/03/2024)
Jisc
 
PPTX
Wellbeing inclusion and digital dystopias.pptx
Jisc
 
PPTX
Accessible Digital Futures project (20/03/2024)
Jisc
 
PPTX
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
 
PPTX
International students’ digital experience: understanding and mitigating the ...
Jisc
 
PPTX
Digital Storytelling Community Launch!.pptx
Jisc
 
PPTX
Open Access book publishing understanding your options (1).pptx
Jisc
 
PPTX
Scottish Universities Press supporting authors with requirements for open acc...
Jisc
 
Strengthening open access through collaboration: building connections with OP...
Jisc
 
Andrew-Brown-JUSP-showcase-20240730.pptx
Jisc
 
JUSP Showcase - Rebuilding Data presentation
Jisc
 
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
FE Accessibility training matrix partnership - information session
Jisc
 
Procuring a research management system: why is it so hard?
Jisc
 
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
The approach at University of Liverpool.pptx
Jisc
 
Jisc's value to HE: the University of Sheffield
Jisc
 
Towards a code of practice for AI in AT.pptx
Jisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Jisc
 
Accessible Digital Futures project (20/03/2024)
Jisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
 
International students’ digital experience: understanding and mitigating the ...
Jisc
 
Digital Storytelling Community Launch!.pptx
Jisc
 
Open Access book publishing understanding your options (1).pptx
Jisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Jisc
 

Recently uploaded (20)

PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPTX
Introduction to Building Materials
Mrunali Vasava
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PDF
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
PDF
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
PDF
1_English_Language_Set_2.pdf probationary
emailjagmeetsingh9
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
Radiologic_Anatomy_of_the_Brachial_plexus [final].pptx
atiaruhi95
 
PDF
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
PDF
IGGE1 Understanding the Self1234567891011
rhea22labucay
 
PPTX
UV-Visible spectroscopy..pptx UV-Visible Spectroscopy – Electronic Transition...
Samruddhi Khonde
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
PPTX
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Introduction to Building Materials
Mrunali Vasava
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
1_English_Language_Set_2.pdf probationary
emailjagmeetsingh9
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Radiologic_Anatomy_of_the_Brachial_plexus [final].pptx
atiaruhi95
 
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
IGGE1 Understanding the Self1234567891011
rhea22labucay
 
UV-Visible spectroscopy..pptx UV-Visible Spectroscopy – Electronic Transition...
Samruddhi Khonde
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 

Jisc e safety presentation AoC 2014

  • 1. 20/11/2014 E-safety: safer systems, safer users Nigel Ecclesfield, Lee Harrigan-Green, Katie McAllister
  • 2. E-safety: safer systems, safer users 20/11/2014 2 Speakers » Nigel Ecclesfield, Head of change implementation support programmes - Further Education and Skills, Jisc » Lee Harrigan-Green, Senior CSIRT member, Jisc » Katie McAllister, Student support and enrichment manager, Peterborough Regional College » Jackie Milne, Legal information specialist, Jisc
  • 3. E-safety: safer systems, safer users 20/11/2014 3 Internet safety and security E-safety is about safe and responsible practice with technology and the sensible management of risks presented by the digital world. Jisc e-Safety infoKit
  • 4. E-safety: safer systems, safer users 20/11/2014 4 Purpose of session » Explore e-safety issues for providers » Safety policies › Setting objectives and priorities » Safe systems › External safeguards and support › Internal systems » Safe users › Safe practices › Increase awareness of e-safety
  • 5. E-safety and social media - risky mix or recipe for success? Jackie Milne, Legal information specialist, Jisc
  • 6. E-safety: safer systems, safer users 20/11/2014 6 Social Media “The most influential and powerful voice of the people… needs to be regulated” Chloe Madeley “Ability to give a voice to people who would never have been heard” Bill Gates “A catalyst for the advancement of everyone’s rights” Queen Rania of Jordan “Just a buzz word until you come up with a plan” Unknown
  • 7. E-safety: safer systems, safer users 20/11/2014 7 Storm in a T cup? FB comments result in sacking Think before you tweet or risk arrest Sexting pressure on the rise Social network is social nightmare Internet trolls may face two years in jail Teacher in FB meltdown Half of child exploitation happens on We don’t need any new social media laws social networks
  • 8. E-safety: safer systems, safer users 20/11/2014 8 Which legal duties do you have? Statutory Contractual Common law All of these
  • 9. Janet Computer Security Incident Response Team (CSIRT) and keeping yourself safe Lee Harrigan-Green, Senior CSIRT member, Jisc
  • 10. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 10 Overview » About Janet CSIRT (Computer Security Incident Response Team) and our role » An overview of the incidents we see » Some examples of incidents » What can you do to help yourself » If you have any questions please just interrupt me
  • 11. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 11 What is CSIRT? » Janet CSIRT (Computer Security Incident Response Team) » CERT© or CERT-CC, IRT, CIRT, SERT » Names can vary in different organisations, but they all carry out similar tasks: › Coordinate with our community and other CERTs, ISPs › Provide advice and assistance in relation to security with confidentiality
  • 12. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 12 What do we do? » Incident Response » Proactive Monitoring » Advice and Expertise
  • 13. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 13 What we don’t do! » We don’t hack systems » We don’t probe systems looking for vulnerabilities to advise owners » We are not the internet police » We don’t pass information onto the Government / CIA... but we do work with them
  • 14. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 14 How we detect security incidents » Netflow data » Emails or alerts from 3rd parties » Website monitoring » Telephone calls » Keeping up to date with the security landscape / vulnerabilities » Google searches » Post incident analysis
  • 15. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 15 Types of issues we deal with » Compromise › Data, usernames, passwords, personal information › Systems » Copyright notices » Denial of service » Queries › Law enforcement agencies requests for information (RIPA) › Legal / policy advice › Networking / security advice » Other issues: scanning, phishing, social engineering, unauthorised use, unsolicited bulk email (SPAM)
  • 16. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 16 Incident type 2012 2013 2014 to date Compromise 1487 1329 363 Copyright 2000 91 (1293) 2815 Denial of Service 43 127 430 General query 59 82 154 LEA query 46 29 31 Legal / Policy query 7 9 4 Malware 3209 5148 4133 Misconfiguration 0 0 275 Net / Security query 115 89 162 Other 114 196 682 Phishing 243 427 307 Scanning 578 380 137 Social engineering 16 6 1 Unauthorised use 39 42 28 Unsolicited bulk email 238 256 144 Total 8194 8212 (9505) 9666
  • 17. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 17 Regulation of Investigatory Powers notifications » Regulation of Investigatory Powers Act 2000 » Graded 1 (critical), 2 or 3 » Must originate from a single point of contact (SPoC) » CSIRT can verify a SPoC exists in Home Office database
  • 18. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 18 Recent activities with the National Crime Agency (NCA) » Gameover Zeus (Zeus-p2p) and Cryptolocker » Advanced warning of the botnet takedown » Worked with the NCA and FBI to establish the best course of action from a UK perspective » Distributed the list of known domains associated with the malware » Issued advice and guidance to affected customers on the global day of action » Taken positive action within our resolver service so that our customers are protected from this malware. » More in the pipeline …
  • 19. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 19 Example of a hacked website » A small website was vulnerable to a SQLi attack » Details of usernames, passwords, and email addresses were dumped » Automated email received at 23:15 » By 9:30 the following morning we had sent notifications to 42 different sites about the breach » We also alerted the site that was hacked. They were not aware and took the site offline and also notified all users in their database about the breach
  • 20. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 20 Example of a Moodle system hack » Content of usernames and hashed passwords were put on pastebin approximately 3500 unique hashes. » Investigation started at 08:50 the following day » A Janet connected organisation system was compromised due to running a old version of administration software on a Moodle server » 48% of the passwords were cracked » Site advised of the very weak passwords » They rebuilt system » A student at the site was responsible
  • 21. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 21 Policies are there when you need them There are many different types of policies that you require to keep yourself safe. » Disaster Recovery » Acceptable Use » Incident Response » Backup » And more We recommend: » Testing your policies to make sure they work in practice » Review your policies regularly - trigger points might be a yearly review, change in legislation or a security incident
  • 22. Our Computer Security Incident Response Team (CSIRT) and keeping yourself safe20/11/2014 22 What can you do to keep yourself safe? » By following best practices you can keep yourself safe » Logging is the most important of these – Firewall, proxy, DHCP, email and web server » Use a system log (syslog) to keep them in one easy location » Keep systems up to date with latest patches and security updates » Maintain up to date security contacts with CSIRT » Contact us at CSIRT if you have any security related questions or queries, including advice on policies and practice to keep your systems and users safe
  • 23. E-safety: safer systems, safer users 20/11/2014 23 Lee Harrigan-Green, Senior CSIRT Member irt@csirt.ja.net Lumen house, Library Avenue, Harwell, Didcot Oxfordshire OX11 0SG T 0300 999 2340 info@jisc.ac.uk jisc.ac.uk Except where otherwise noted, this work is licensed under CC-BY-NC-ND
  • 24. Safeguarding & E-Safety Katie McAllister, Student Support and Enrichment Manager, Peterborough Regional College Equipping learners to be safe
  • 25. The starting point • The college, in light of the growing child sexual exploitation issues, potential extremism and increasing e-safety concerns, was determined to ensure both staff and learners participated in a constructive dialogue relating to their safety.
  • 26. The Challenge • Addressing the (potential) increase in cyberbullying, extremism, child sexual exploitation etc • Meeting our legal and statutory duties relating to ICT whilst reducing any risks • Identifying all of the across college areas we would need to consider such as our hosting liability and data protection • Educating employers, contractors, parents/carers
  • 27. Review tools • A rigorous evaluation of our current practices including Jisc guidance & the use of the 360 degree safe self review tool  It’s free to access!  Provides subject areas (top line and in detail)  Provides action plan as you go  Identifies AFIs and best practices  Is online so a whole college approach is possible Compares your own responses to others who have completed it
  • 28. Areas for review Each element has strands. Each strand has aspects.
  • 29. The Safeguarding Toolkit • Resources and documentation to support a tailored recruitment and enrolment process for learners. • An enhanced induction for Looked After Care (LAC) learners. • Designated mentors and progress support meetings for LAC learners. • Online and magazine based hints, tips and guidance (staff and students).
  • 30. The Safeguarding Toolkit • HE debates. • Tutorials and across college calendar of events covering personal safety and resilience for a range of levels/abilities (sexual health, alcohol, mental health, e-safety, being street wise). • Development of activities and resources to embed within teaching and learning sessions.
  • 31. Multi Agency work • Multi agency partnership with housing, city youth workers, council, police, schools and Local Safeguarding Children Boards (LSCB) – members shared expertise and resources which resulted in a proactive approach to child sexual exploitation, monitoring of city wide tensions and action cohesion work. • Approach is being adopted by other police forces and was recorded for a Panorama documentary.
  • 32. Training • The College Welfare Advisor and a College Youth Worker were specifically trained to support Looked After Care leavers - more vulnerable to child sexual exploitation and radicalisation. • Staff training incorporating extremism awareness and reporting (WRAP, Prevent).
  • 33. Training • Prevent training to over 1000 students by the local Prevent officer. • The college completed a business continuity plan and staff training with the National Counter Terrorism Security Office (NaCTSO). • E-Safety handbook/toolkit. • Updated induction staff training.
  • 34. Impact in 2013/14 • 98% of learners felt safe whilst at college. • 92% retention for LAC learners (9% increase on 12/13). • 88% retention for unaccompanied minors (5% increase on 2012/13). • Safeguarding embedded into teaching and learning - differentiated across the levels/abilities. • Significant, collaborative partnerships with quicker identification of and action to issues.
  • 35. Impact in 2013/14 • Ongoing, robust self-assessment • The safeguarding toolkit has successfully contributed to the College receiving: – the BIG award (Bullying Intervention) – Gold ROSPA – the Buttle Quality Mark (Exemplary) – Customer Service Excellence & Matrix – The South West Grid for Learning Trust 360 degree safe award (first FE college).
  • 36. Information • Freshers Fayre Event (1 Oct) • Anti-bullying & Resilience Stand (17 Nov) • Wellbeing Team Stand (E-safety: 1 Dec) • Safer Internet Day Stand (10 Feb) • Be Healthy, Stay Safe, Be Green Event (19 Mar)
  • 37. Summary • The College has taken a proactive and passionate stance against these contemporary issues that are affecting our learner’s wellbeing, and our ongoing actions are positively removing barriers and ensuring the learners are able to fully engage with their studies. • For more information contact: katie.mcallister@peterborough.ac.uk
  • 39. Find out more… 39 Find out more communications@jisc.ac.uk www.jisc.ac.uk/internet-safety Except where otherwise noted, this work is licensed under CC-BY-NC-ND