July, 2008

The steam roller of Information Security continues to run down the hill towards education. Becta’s in the driving seat, and they haven’t really started the engine. By the time the new term begins, there will be new guidance on what you should be doing (read my previous posts on this blog). So it is absolutely timely to think about half a day aside to attend the free Microsoft Security Symposium for the Public Sector on Tuesday September 16th at our London offices near Victoria station.

If you’ve not heard about new Government guidelines for Information Security, then sit down before you read this website or the specific Mandatory Mininimum Measures from the Cabinet Office (yes, it does apply to schools, and that is what Becta’s advice is being developed to address)

“Effective use of information is absolutely central to the challenges facing Government today – whether in improving health, tackling child poverty or protecting the public from crime and terrorism.  Those in public service need to keep that information secure in order to build public confidence.  This is essential to underpin greater data sharing to deliver personalised services and make us more effective.”

Sir Gus O’Donnell, Cabinet Secretary
Foreword to Cabinet Office Report – Data Handling Procedures in Government, June 2008

Managing information risk today means looking even further into the future. Increasingly, mobile and distributed technologies require new forms of monitoring and data protection.  Internet-based applications and services that store and process valuable information need new levels of responsibility on the part of management and users.  Regulations against leakage will only be met through unprecedented levels of security awareness and information expertise on the part of users.

Recent reviews by the Cabinet Office (Data Handling Procedures in Government - June 2008) and the Information Commissioner (Data Sharing Review – July 2008) are a clear indication of how seriously Government takes the challenges of information security. 

The Microsoft Security Symposium for the Public Sector on Tuesday September 16^th at the Microsoft Campus in Reading will focus on the unique challenges that all Public Sector organisations need to address to protect citizen data and sensitive information more effectively.  Our Security Symposium takes a holistic view of information governance and security by examining the people, process AND technology components of effective organisational security.

You’ll have the opportunity to hear from a range of security experts including:

• Roger Styles, Head, Central Sponsor for Information Assurance (CSIA), Cabinet Office
• CESG (they're the approval agency for technology that meets Government’s security requirements)
• Jacques Erasmus, Director of Malware Research, Prevx
• Ed Gibson, Microsoft UK’s Chief Security Advisor
• Tony Neate, Managing Director, Get Safe Online

The event is open to all IT, security and information governance and compliance in education. The content will be most applicable to whoever is responsible for data use in school (typically, one of the leadership team) as well as the Network Manager who’s likely to be the hero of the hour (when they help solve the leadership headache)

You can review the full agenda, which runs from 9.30-1.15, and reserve your place here:

ONLINE: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032383169&Culture=en-GB

PHONE: 0870 166 6680 (Event reference: 3169)

Earlier today , I wrote about OneNote, and I got an email shortly afterwards drawing my attention to the video on the Tips page above the one I mentioned, which was about a group of pupils from a Norwegian Primary School. I had a look, and I can’t believe I missed it – not only for the fact that the students were so relaxed and confident with the technology, but also for the whole style of teaching and learning happening at the school.

How does that compare to the teaching and learning in your school?

Not sure if I can get away with such a corny title but, hey, I’m trying to unleash my creativity for the summer holidays

I’m a fan of OneNote, but I know that it’s relatively undiscovered by teachers and students. It is included in the version of Office Home & Student that’s sold through retailers, and also in the Office Enterprise version that many schools use. It’s a good organisational tool for students, because it allows them to drop their thinking onto a page, without having to think about structure or fitting into a pre-conceived idea of whether a spreadsheet, word processor or presentation tool is the right thing to start with.

As well as allowing handwriting, it is also good to drop text, photos etc into. And if you want to clip a bit of info from a website, it also makes a note of the URL it came from – which means that a month later, when you want to find the source of the pretty chart/clever quote, you can find your way back easily. Which makes it especially useful for students as they prepare for projects, or revise for tests.

The only problem I find with OneNote is that it is difficult to get started with, because you start with a blank piece of lined paper, and can start typing/drawing/pasting anywhere on the page (which for me, brought up in the word processor generation, is a bit odd – I like things to start in the top left-hand corner!).

So it was relief to come across Mike Tholfsen’s blog – he’s one of the Test Managers on the OneNote team, and has an infectious enthusiasm for everything OneNotey.

The OneNote and Education blog has some really useful pointers – to sample student notebooks, the teacher toolkits and training videos. Mike’s got an infectious style, and spends a lot of time with searching out OneNote stories from schools around the world, including IslayIan from the UK.

And if you wanted an incentive to see how OneNote could be used, then take a look at the video below, from the OneNote Tips page on microsoft.com

After a few weeks of non-blogging, caused by a combination of travelling and lots of internal meetings, it’s nice to be back and write for you again. I’ve got a big backlog of interesting things to tell you about, so hopefully we’ll be able to catch up again!

I read some research recently that said that one of the big times for selling PCs is what is known as the “Back to School” period, between the beginning of August and the middle of September. This came as a surprise to me, because I always used to think that Christmas was the peak time. I’d never imagined parents saying “well, now you’re going up to secondary school, it’s time to buy you a bigger computer”. Perhaps that research was swayed by students going on to college or university (that would make sense to me), but even so, a statistically significant group of students from your school will start next academic year with a new PC.

The research told us a little bit about how they choose their new PCs – and the role of the advice of others. It was most easily (and perhaps most confusingly) summarised as:

When it comes to technology, students typically don’t know what they want other than someone to tell them what they want, without telling them that they told them

Which came from the fact that they don’t have the confidence to make their own choices, nor the confidence to admit that they want the help of someone with more knowledge. Aargh, to be a parent of a teenager!

Anyway, the research also said

Students are overwhelmed and crave organisational tools – mechanisms that help them perform more efficiently.

and then went on to talk about their perceptions of Office as an indispensable assistant for them. BUT there was a big barrier to their use of Office – they simple perceived it to be more expensive than it actually is. Ask a group of students how much they’d have to pay for Office, the average answer will be over £100. (Which is odd, because you can open any Saturday newspaper and see the Home & Student version advertised for under £90). Which means that this summer, some of your students will buy a PC without Office, because they think that it’s more expensive than it really is.

However, students can pay much less than normal retail price. Through a range of education partners in the UK, students are able to buy Office through online student sales sites. It’s something that’s only been happening this academic year – mainly because we had to get a national agreement in place to let our partners sell to school students directly. (Previously, each school had to sign an agreement with a specific partner, and then promote the offer to their students).

Which means that your students (or their parents) can go online to any of our partner sites and order full Academic versions of Office 2007 or other software, for home use. And save more than 50% on the normal shop price.

Prices for Office 2007 start from under £40 for the Office Standard suite – and other versions are available which include Publisher, which is often expensive or impossible to buy in stores.

The four online stores available are:

My mum would be proud…I’ve made it into the shortlist in Computer Weekly’s Blog Awards, in the “Public Sector IT Blogs” category. Three of the eight are education blogs, and I’m in good educational company with Ewan McIntosh and Ian Usher.

You can cast your own vote (no pressure, hint hint) for the blog of your choice at:

http://www.computerweekly.com/blogawards.htm

It wasn't a slow news week last week - which must have delighted those people who weren't looking forward to the reaction from publication of the reports on Wednesday into data losses at HMRC, MOD etc. It being a fast news week (is that what a non-slow news week is?) the reports didn't make it onto the front pages of the newspapers. You can more about it all on the BBC website, but broadly the conclusion is that the losses were entirely avoidable.

What is more significant from a schools perspective is the publication of the Cabinet Office final “Data Handing Procedures in Government” report. This is the report that had been eagerly awaited by Becta in their updating of Information Security Guidance for education (aka “the Hannigan letters”). As well as the press rushing to judge, Becta rushed to update their advice for you. We’re still in the early days – there’s plenty of guidance still to come, but here’s the line that heralds the change that you’re facing:

School leaders should ask their support providers or technical staff to ensure that their institutions are fully adopting and using the Information Commissioner's Office (ICO), Data Handling Procedures in Government procedures and minimum measures, and international best practice standards.

To find out how the ‘Government is improving its arrangements around information and data security, by putting in place core protective measures, getting the working culture right, improving accountability and scrutiny of performance’, then you’ll need to read the full Cabinet Office report, but here’s my quick summary of the headlines in it:

• The report calls for technical measures to protect personal data, as well as a change in the culture that properly values, protects and uses data; and finally more accountability for data and it’s protection and use.
• Core measures to protect information will include better specification of what personal data needs higher levels of protection, controls over data transfer, and minimising the use of data on media or laptops, as well as appropriate encryption; and finally logging and monitoring of data use.
• There’s a new category of “protected personal information”, which is either a single record which, if released, could put an individual at risk or distress, or alternatively 1,000 records or more containing information that is not in the public domain.
  For a school, that could mean a class list, where one child is identified as “In Care”. Or where medical information is associated with a pupil. Or a secondary school’s register.
  For this “protected personal information”, the guidance is that data should be kept within secure premises and systems, and that efforts are made to minimise storage of this data on laptops, disks and memory sticks. Where the use of removable media (including laptops) is unavoidable, encryption must be used (or “physical protection using similar risk assessments processes as for large amounts of public money”)
• The culture of data security is important, and the report mandates “Privacy Impact Assessments”, and mandatory training for all data users & managers.
• Stronger accountability and scrutiny sets out that “information assets” (data to you and me?) are allocated a responsible owner, and there is an annual assessment process

Although we’re going to need to wait a bit longer to hear the guidance on what “protected personal information” really means to a school, there are probably some things you can start doing now to get ready:

• Start looking around school, to see who’s using what data where. Do teachers have lists of pupils that might contain protected data? Are you able to provide secure remote access to that instead? Remember too that this isn’t just about data on a computer – it would also affect information on paper!
• If you’re purchasing laptops or desktop computers that are for staff use, then opt for Windows Vista Enterprise licences, because that has full-drive encryption built-in through BitLocker.
  
  If you have a School Agreement covering your school, then you’re already automatically licensed for this. If you are using Select licensing, then buy a standard version of Vista with your new computers, and buy the upgrade to “Windows Vista Enterprise with Software Assurance” from your Microsoft partner.
  It is likely that you’re going to need encryption on all of your staff computers, because most teachers have some data on their laptops that should be protected.
  
• If you’ve got existing computers with Windows on them, then you’ll either need to plan to upgrade them to Windows Vista Enterprise (or Ultimate), or buy an alternative encryption package (there’s some listed on this page, referenced by Becta)

For more background on this story, read my previous blog posts