UCISA-Eduserv Award for Excellence 2011

Similar documents
PROPOSED MERGER - RESPONSE TO PUBLIC CONSULTATION

Initial teacher training in vocational subjects

Director, Intelligent Mobility Design Centre

STUDENT AND ACADEMIC SERVICES

UNIVERSITY OF DERBY JOB DESCRIPTION. Centre for Excellence in Learning and Teaching. JOB NUMBER SALARY to per annum

2007 No. xxxx EDUCATION, ENGLAND. The Further Education Teachers Qualifications (England) Regulations 2007

Minutes of the one hundred and thirty-eighth meeting of the Accreditation Committee held on Tuesday 2 December 2014.

Senior Research Fellow, Intelligent Mobility Design Centre

Course Specification Executive MBA via e-learning (MBUSP)

Programme Specification

MASTER S COURSES FASHION START-UP

SME Academia cooperation in research projects in Research for the Benefit of SMEs within FP7 Capacities programme

AUTHORITATIVE SOURCES ADULT AND COMMUNITY LEARNING LEARNING PROGRAMMES

Personal Tutoring at Staffordshire University

CONSULTATION ON THE ENGLISH LANGUAGE COMPETENCY STANDARD FOR LICENSED IMMIGRATION ADVISERS

I set out below my response to the Report s individual recommendations.

5 Early years providers

Accreditation of Prior Experiential and Certificated Learning (APECL) Guidance for Applicants/Students

Briefing document CII Continuing Professional Development (CPD) scheme.

Qualification handbook

Student agreement regarding the project oriented course

Newcastle Safeguarding Children and Adults Training Evaluation Framework April 2016

Interim Review of the Public Engagement with Research Catalysts Programme 2012 to 2015

Programme Specification. BSc (Hons) RURAL LAND MANAGEMENT

Real Estate Agents Authority Guide to Continuing Education. June 2016

Higher Education Review (Embedded Colleges) of Navitas UK Holdings Ltd. Hertfordshire International College

Module Title: Teaching a Specialist Subject

THREE-YEAR COURSES FASHION STYLING & CREATIVE DIRECTION Version 02

Special Educational Needs and Disabilities Policy Taverham and Drayton Cluster

Everton Library, Liverpool: Market assessment and project viability study 1

This Access Agreement is for only, to align with the WPSA and in light of the Browne Review.

Nottingham Trent University Course Specification

IMPACTFUL, QUANTIFIABLE AND TRANSFORMATIONAL?

Biomedical Sciences (BC98)

Code of Practice on Freedom of Speech

HDR Presentation of Thesis Procedures pro-030 Version: 2.01

University Library Collection Development and Management Policy

Post-16 transport to education and training. Statutory guidance for local authorities

Practice Learning Handbook

Practice Learning Handbook

GCSE English Language 2012 An investigation into the outcomes for candidates in Wales

CAUL Principles and Guidelines for Library Services to Onshore Students at Remote Campuses to Support Teaching and Learning

Recognition of Prior Learning (RPL) Procedure - Higher Education

Exclusions Policy. Policy reviewed: May 2016 Policy review date: May OAT Model Policy

Last Editorial Change:

Programme Specification. MSc in Palliative Care: Global Perspectives (Distance Learning) Valid from: September 2012 Faculty of Health & Life Sciences

SAMPLE AFFILIATION AGREEMENT

Principles, theories and practices of learning and development

Researcher Development Assessment A: Knowledge and intellectual abilities

Business. Pearson BTEC Level 1 Introductory in. Specification

LIBRARY AND RECORDS AND ARCHIVES SERVICES STRATEGIC PLAN 2016 to 2020

Qualification Guidance

BSc (Hons) Banking Practice and Management (Full-time programmes of study)

22/07/10. Last amended. Date: 22 July Preamble

Making Outdoor Programs Accessible. Written by Kathy Ambrosini Illustrated by Maria Jansdotter Farr

Quality in University Lifelong Learning (ULLL) and the Bologna process

Bachelor of Software Engineering: Emerging sustainable partnership with industry in ODL

Report of External Evaluation and Review

Consent for Further Education Colleges to Invest in Companies September 2011

Diploma of Sustainability

David Livingstone Centre. Job Description. Project Documentation Officer

GREAT Britain: Film Brief

Graduate Diploma in Sustainability and Climate Policy

Associate Professor of Electrical Power Systems Engineering (CAE17/06RA) School of Creative Arts and Engineering / Engineering

Programme Specification (Postgraduate) Date amended: 25 Feb 2016

Internship Department. Sigma + Internship. Supervisor Internship Guide

Presentation Advice for your Professional Review

Providing Feedback to Learners. A useful aide memoire for mentors

Programme Specification. MSc in International Real Estate

University of Cambridge: Programme Specifications POSTGRADUATE ADVANCED CERTIFICATE IN EDUCATIONAL STUDIES. June 2012

Examinations Officer Part-Time Term-Time 27.5 hours per week

Special Educational Needs & Disabilities (SEND) Policy

Higher Education Review (Embedded Colleges) of Kaplan International Colleges UK Ltd

Accounting & Financial Management

Fair Measures. Newcastle University Job Grading Structure SUMMARY

PUBLIC CASE REPORT Use of the GeoGebra software at upper secondary school

Anglia Ruskin University Assessment Offences

Charging and Remissions Policy. The Axholme Academy. October 2016

An APEL Framework for the East of England

IMPERIAL COLLEGE LONDON ACCESS AGREEMENT

PROGRAMME SPECIFICATION

THE QUEEN S SCHOOL Whole School Pay Policy

Navitas UK Holdings Ltd Embedded College Review for Educational Oversight by the Quality Assurance Agency for Higher Education

School Experience Reflective Portfolio

Drs Rachel Patrick, Emily Gray, Nikki Moodie School of Education, School of Global, Urban and Social Studies, College of Design and Social Context

Primary Award Title: BSc (Hons) Applied Paramedic Science PROGRAMME SPECIFICATION

Assessment Pack HABC Level 3 Award in Education and Training (QCF)

School Participation Agreement Terms and Conditions

Programme Specification

Guidance on the University Health and Safety Management System

value equivalent 6. Attendance Full-time Part-time Distance learning Mode of attendance 5 days pw n/a n/a

Higher Education Review of University of Hertfordshire

PROJECT DESCRIPTION SLAM

A LIBRARY STRATEGY FOR SUTTON 2015 TO 2019

HARPER ADAMS UNIVERSITY Programme Specification

University of Essex Access Agreement

Student Handbook 2016 University of Health Sciences, Lahore

Programme Specification

PERFORMING ARTS. Unit 2 Proposal for a commissioning brief Suite. Cambridge TECHNICALS LEVEL 3. L/507/6467 Guided learning hours: 60

Transcription:

UCISA-Eduserv Award for Excellence 2011 Application Form Development of Online Information Security Training Institution Name: Originating Department: Contact Name: University of Leicester Information Assurance Services Colin Atkinson, ca46@leicester.ac.uk NOTE: This project is a collaborative development initiated by the University of Leicester and undertaken in conjunction with the University of Leeds, Cranfield University, Imperial College and the University of York. This submission is on behalf of the contributing universities. Objective of the Project 1. In the current financial climate it can be difficult to obtain funding even for key developments, and for a topic such as Information Security, which by its nature doesn t generate great enthusiasm, it can be even more of a problem. The solution often proposed to address such funding problems is to consider collaborative developments. Within the higher education sector, such developments have a very mixed track record with only a few that can be said to have really delivered. It is therefore pleasing to be able put forward a collaborative development that has not only successfully delivered as promised but has produced a product of a quality that would have been difficult to achieve by a single institution. 2. The initial objective of the project, as defined by the University of Leicester, was to develop at minimal cost, high quality training in the area of Information Security suitable for all staff, designed to meet the specific needs of the Higher Education sector which could be delivered online and for which completion was auditable. The quality of the training had to be of a high standard which would be effective in promoting the secure management of information, reducing the risk of information security breaches and satisfying audit and regulatory requirements. 3. The above is clearly a requirement for all institutions. As a collaborative development, this objective was extended to include a requirement for flexibility in the training to accommodate institutional variations in structures and practices.

4. As a collaborative development a further objective was to provide proof of concept as a development model with the specific aims of demonstrating that: - there is sufficient commonality in practices across institutions to allow collaborative developments; - the approach offers scope for considerable cost savings; - a higher level of quality can be achieved by working collectively than individually; - the resulting training would have wider application across the sector. Description of the Project Background to the project 5. Following completion by the University of Leicester in 2010 of the revision of its Information Security policy, as part of its implementation it was necessary to provide training to all staff in the requirements of the new policy. Simply drawing staff s attention to the new policy would certainly not be effective and classroom-based training would be expensive and extremely timeconsuming to deliver. Clearly, training delivered on-line was the way forward. 6. The University considered commercial training products in this area but there was nothing available that met the specific needs of the higher education section in terms of its processes and its organisational structures. In any event given the relatively high staff numbers to be trained, the cost would have been prohibitive. 7. The University was not in a position to develop training materials in-house. Available funding was not sufficient to develop training to an acceptable standard and within a reasonable timescale. As it was probable that other institutions had a similar training requirement and faced the same problems, consideration was given to whether there was scope for a development in collaboration with other institutions. Expressions of interest were sought and in January 2011 a development group was formed consisting of the University of Leeds, Cranfield University, Imperial College, the University of York and the University of Leicester. As none of the institutions had technical resources available to undertake the development it was agreed it would be necessary to employ the services of an e-learning development company. 8. It was recognised that any training developed may be of interest to other institutions in the sector. Whilst the group did not see it as a commercial venture it did provide an opportunity to work with an e-learning development company on more advantageous terms given there was a prospect of a broader market. As a consequence, the group formed a consortium in association with Epic, an e-learning company based in Brighton, who had previously developed high-quality training materials in this field for the government. In February 2011 the project was launched. Development 9. The project followed a standard approach for the development of training materials and went ahead with EPIC providing the technical design and development expertise and the universities providing the training design and content. For the universities, the principal contributing partners were the University of Leeds, Cranfield University and the University of Leicester. 10. It is often at the development stage where many cross-institutional developments have failed due to trying to accommodate every requirement of each collaborator which has led to large unwieldy products and extended timescales. For this development a very tight focus was maintained on learning objectives for which there was considerable agreement and which permitted the accommodation of local variations and needs to be addressed at a later stage. Page 2

11. In terms of quality of the material produced it was highly beneficial to have input from the information security specialists of three universities which gives greater confidence that it meets the information security training needs of the higher education sector. It is unlikely that a single institution could have achieved a similar level of quality in the given timescales. 12. The training that has been produced is highly relevant to the sector in terms of governance, organisational structures, and teaching and research processes, and it does so in a way that is extremely engaging and pitched in a manner that is both understandable and acceptable to staff. 13. It offers the following features: - In terms of scope it meets not only information security needs but also more specifically data protection and freedom of information requirements. - In addition it meets the specific requirements of research staff. - It is focused on higher education institutions. - It uses accessible language and features everyday examples - It is customisable. It is possible to edit the training to meet local variations in organisational structures and specific detailed policy requirements. - Completion by staff is trackable. The training is deliverable online and it is possible to identify who has accessed and completed the training. - It can be delivered through both Blackboard and Moodle. - The time required to complete the training for most staff is 45 minutes with an additional 15 minutes aimed at researchers. - It is not necessary to complete the training in one sitting. Staff may complete the training at their own pace and convenience. 14. Feedback from both academic and administrative staff and at all levels, has been extremely positive, even to the extent of an eagerness and interest to complete the training being demonstrated! Screenshots from the training are given in Appendix A. 15. Much of the development work has been done at a distance with only an occasional need for meetings. The only difficulty encountered in the collaborative approach has been the availability of institutional staff given their other commitments. 16. Official sign-off of the final product will take place at the end of January 2012 and will be rolled out at the University of Leicester immediately in February. Overall, the project has met its objectives and has demonstrated that institutions can work effectively together to develop high-quality products that are acceptable to each institution and in an extremely cost-effective manner. Return on Investment 17. The training has been developed by the participating universities in conjunction with Epic on a consortium basis. The contribution by each university to the development by Epic was 5,000 excluding VAT. 18. The main cost to the institutions, however, is in terms of staff time, and in this respect the three leading consortium partners, the University of Leeds, Cranfield University and the University of Leicester have borne the bulk of the cost. A precise figure is not available but it is estimated that these three institutions provided in total 210 days effort. Page 3

19. The true total cost of the development to the consortium is therefore probably of the order of 80,000 which at an average cost of 16,000 per institution represents extremely good value for a bespoke training solution. 20. With regard to the return on this investment the partner institutions now have a training resource for a key area which may be rolled out to all staff without restriction, including current and new, and at a cost in pounds per head which is in single figures. In addition, the delivery of the training online will give significant savings in staff time that would normally be spent attending training. 21. It is intended that the training will be made available to interested parties within the sector which will generate a limited amount of income for the consortium. It must be stressed, however, that the participating universities have never seen this as a profit-making exercise and have taken steps to ensure that the training is made available to the sector on a reasonable cost basis. It is also a possibility that any revenues generated may be used to develop further training modules of benefit to the sector 22. The biggest return on the investment however is the reduction in the risk to institutions. If the training is effective in preventing a single significant breach in information security at an institution it will more than have recouped the cost of the development. Demonstration of Excellence 23. The training module that has been developed is unique to the sector. There is no comparable alternative product available. It goes much further than simply making staff aware of information security - it places it in the context of the working environment of a higher education institution. 24. The quality of the product is extremely high. It has been developed in conjunction with a highly regarded e-learning company and in terms of content has benefited considerably from the input of professional staff in the field of information security at three leading institutions. 25. It is not, however, just the quality of the delivered product that is remarkable. Of equal significance is that this has been done on a minimal cost basis both in terms of development of the training and in its delivery. 26. More importantly the consortium approach has proved to be a successful model which will benefit not only the consortium members but also other institutions within the sector. It is clearly highly effective in the area of training, and interest has already been expressed in the areas of staff development generally and other areas such as Health and Safety, but there is no reason why the approach cannot be successfully followed for more technical or systems developments. 27. As a collaborative venture the key success factors appear to have been keeping a very tight focus on the broader objectives and not on local practices, and by limiting the collaboration group to a manageable size. Strategic Benefit 28. Failure to effectively implement information security policy and good practices can be extremely damaging to an institution. An institution depends on information for virtually every activity. If it cannot guarantee the confidentiality, integrity and availability of its information then it can completely undermine its work. Page 4

29. In addition there are significant external drivers. A single breach in information security can be highly damaging to an institution s reputation and seriously affect its ability to attract research and students. 30. An institution must not only provide appropriate training for all staff but must also be able to demonstrate that such training has been completed. It should be noted that the Information Commissioner is not fining organisations for data security breaches but for failures in organisational controls, and in particular failure to provide adequate training for staff in information security. 31. The key strategic value of the provision of information security training is that it significantly reduces the risk of a breach and in the event of a breach occurring it can significantly reduce its impact. Furthermore, information security training tailored to meet the sector s needs and with auditable delivery, provides significant evidence that an institution takes information security seriously and is taking appropriate steps to protect information. Transference of Best Practice 32. Even in advance of the training course being marketed by Epic, the development has attracted a lot of interest, and the University of Leicester has been invited already by the HE and FE Records Management and Information Compliance Group to give a demonstration at its next meeting. There is clearly a gap in the market for training specifically tailored for the sector. 33. As noted above the training course will be made available to other institutions as a commercial offering but at a very reasonable cost. In this respect the material has been designed to allow customisation to meet different institutional needs. 34. As a model the consortium approach has been very successful and can clearly be adopted and applied in other areas of development. The participating universities would be happy to work with other groups in advising on the set up of consortia and their operation. Names of staff involved University of Leicester Colin Atkinson, Director of Information Assurance Services Mark Maynard, Communications Specialist and Student Advocate, IT Services (Project Manager - Training Course Development) Henry Stuart, Senior Information Assurance Officer Nick Adkins, IT Services (Project Manager - Information Security Policy Implementation) University of Leeds Kevin Darley, IT Security Co-ordinator Cranfield University Gary Dooley, Information Security Specialist Imperial University Chris Roberts, IT Security Manager University of York Arthur Clune, Information Security Officer Page 5

Support of Institution Representative University of Leicester 35. I m really impressed with the quality of the material. The team has really applied their imaginations here. It s already helping us to raise the profile of information security as an issue and it was an added bonus to be able to tell our VC that we had saved money by collaborating. Hope this will let other institutions do the same. Mary Visser, Director of IT Services, University of Leicester Page 6

Appendix A

2024 © educationdocbox.com Privacy Policy | Terms of Service | Feedback