Thoughts on project 403

Aims of the project

Firstly, the University's Information Security Division has produced a lot of good advice and training material, and this project will aim to complement that, not replace it.

Secondly, it's thought that the most urgent unmet security training need in Informatics is for people taking charge of self-managed servers - so this project will concentrate on those people.

With this in mind, here's what the project aims to do:

  1. To make people aware of their legal obligations; to teach them what they should be doing about them; to persuade them to actually do those things.
  2. To give people an adequate understanding of major security threats; to teach people how to ensure reasonable levels of security in machines they manage (especially servers); to persuade them to actually take appropriate action.
  3. To seek to do both of these things in a way that users think is most suitable; to do this by involving users in the design of the material.
  4. To be a compulsory training course for those seeking to manage servers in Informatics.
  5. To also be suitable for people elsewhere in the University and perhaps beyond.

Legal obligations

Major security threats

  • List them.
  • What should people do, or not do, to counter them?
  • What do people already know about them?
  • What do people already do about them?

User involvement

  • How?

Possible ways of teaching

  • Learn
  • Talks or training courses
  • Web pages / online documentation
  • Paper leaflets

Edit | Attach | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r6 - 01 Mar 2018 - 17:02:15 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies