01 Jun New Core Skills module: Information security
In the light of the recent global ransomware attack – which had a significant impact on the National Health Service – Modern Governor is making a module on Information Security immediately available to subscribers. As ever, the role of governors and trustees in this area is not to take responsibility for protecting a school’s data and systems from online threats, but to ensure that the appropriate policies and procedures are in place.
How is this relevant to governance?
It’s worth reading Dominic Norrish’s recent guest article on the WannaCry ransomware attack before enrolling on and completing this module. A particularly relevant section for governors from that article is this one:
There are several management actions which school leaders should take as soon as practicable:
Include ‘Data and System Integrity’ on the SLT’s and governor’s operational and strategic risk registers and document your actions to mitigate this risk. This will ensure that it will continue to be monitored as new threats/ mitigations emerge. Operationally, a named member of SLT should manage this risk and accountability should sit with the Network Manager;
and, from the Questions for your board section at the end of the article:
Do we have a clear understanding of the risks posed by this sort of incident?
Is ‘Data and system integrity’ on our risk register? Who within our school (or MAT) is responsible for monitoring this?
Are our staff (any technical staff and all others) supported with CPD in this area?
If elements of our technical support and infrastructure are managed by a third party provider, does our SLA cover the outcomes from, and mitigation against, this sort of incident? How does this affect our assessment of risk?
In terms of the governance responsibility of ensuring the school’s funds are well-spent, can we afford (not to) deal with this issue?
Screens from the Information Security module
As with all Modern Governor modules the Information Security module is responsive – which means it works beautifully on smartphones or tablets. Click or tap on the images below to view how it looks on a desktop or laptop computer:
The module’s structure:
The module is broken up into nine main sections:
- Introduction: why information is important and what “information security” means
- Legal responsibilities: relevant ICT legislation, including licensing issues & breach of copyright
- Access to systems: passwords, the importance of locking computers & an intro to “social engineering”
- Information handling: the risks of using removable media and how best to dispose of sensitive files
- Internet use: the risks of using the internet, including good and bad online practice
- Email use: the risks involved in using email, including key policy points and tips
- Viruses & other malware: a focus on viruses, how they get into systems & how to protect against them
- Mobile computing & devices: threats posed by mobile computing & guidelines on connecting to equipment
- Information security incidents: the reporting of security breaches & the consequences of such a breach
Accessing the Information Security module
If your school or academy is a subscriber to Modern Governor then the Information Security module is instantly available to you – simply log in as normal and either browse to the Inspection & Safeguarding category or search for the module by name once you’ve logged in to the Modern Governor site. If you’re not yet a subscriber then you can subscribe today – simply get in touch to find out more – or you can access five of the mobile-friendly modules in a few minutes by signing-up for a free thirty day trial.