Category Archives: Security

Information Security Awareness

A new online Information Security Awareness course for staff has been launched by the University.

The course has been developed by the Universities and Colleges Information Systems Association (UCISA) and is aimed at all staff who routinely use IT in their working day but also in their personal lives too.

Participants will develop a broad awareness of information security issues. In today’s online world internet security is paramount not only to protect the University but to protect ourselves from the growing threat of online crime such as internet fraud, ID theft and system breakdowns caused by hackers.

It is therefore important that all staff who use IT also understand the possible security implications for the University and that they know how to protect the data they are working with – particularly if they are working remotely, use multiple devices and are sharing documents though cloud systems such as Box.

Course content
The course is broken down into a number of short sections, covering:

• Why do we need to protect information
• Physical security and good practice
• Accessing and sharing information
• Threats and protection
• Working away from your desk
• Your responsibilities – How can you can help
• Phishing
• Bring your own device (BYOD)
• Cloud computing
• Assessment

The course can be taken either in stages or can be completed as a whole. The entire course will take around an hour and a half culminating in an assessment which is estimated to take 20 minutes.

To access the course staff will need to go on to Succeed, and then follow this path:

Learning and Development – My Learning -> UCISA Information Security Awareness

Chrome Red Lines and Yellow Triangles

You may have noticed that Chrome is showing either a strike-through (red) or a yellow warning triangle against the https part of the web address:

red

 

 

or

yellow

 

 

both indicate that the certificate being used to make the connection to Succeed secure is using a form of encryption that Google (and Microsoft) wish to stop using. See Google’s statement here:

http://googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html

At the moment these warnings can be ignored against Succeed as they telling us to upgrade our certificates in the near future and this is already in hand. Clicking on the lock icon will provide the precise details of why the particular icon is showing. In Succeed you should only see up to three issues:

  • That website does not have a public record
  • The site contains insecure links (these start ‘http’ not ‘https’)
  • Connection encrypted using RC4_128 with SHA1

The first and last will always appear (both should be resolved with the new certificates).