Information and Cyber Security
- Overview
- Guidance, Documents & Policies
- Info/Cyber Security Checklist
- Examples & Advice
- FAQs
- Ask a Question
Data Protection often looks at the security and legalities of personal data, information security looks at more practical steps to secure all data in your organisation - in reality, the two things are intrinsically linked and the DPE data protection framework utilised many approaches from information security frameworks.
The documents include:
- Cyber Essentials Guidance
- Business Continuity Template
- Information Security Policy
- Physical Security Policy
- Changing IT Provider Considerations
For a complete Information Security programme, other resources and tools are necessary, as well as strategic coordination with your information technology and facilities specialists. However, it is important to remember that accountability and governance is the responsibility of leadership and practical security and data protection is everyone's responsibility.
Other policies and tools should be used as part of your information security programme and these are an important part of a data protection programme. These include:
- Clear desk policies
- Record of processing (supplier, systems and hardware due diligence)
- Retention schedules
- Records management
- Risk management
- Bring your own device
- Acceptable use
- Password Management
- User Access Control
- etc.
Risk assessment is a key factor in information governance. We have therefore provided a new e-learning module on risk assessment.
Templates, Policies and Guidance:
document Cyber Essentials Guidance (24 KB)
document DPE Business Continuity Template (37 KB)
document Information Security Policy (469 KB)
document DPE Model Physical Security Policy (179 KB)
Advice and guidance when changing IT providers: document DPE Changing IT Provider Considerations (205 KB)
Related Best Practice Areas
- Passwords
- Clear desk
- Working out of school
- Records Management
- Acceptable Use
- Site moves
- Data Breaches
- Create a Phishing Simulation Campaign: Phishing Simulation
Drip-feed posters
e-Learning
- How to avoid a data breach: Information and Cyber Security
- Stay Safe Online NCSC
- Password Security
- NCSC Cyber Security Training for School Staff
- Introduction to Risk Management
External links
Get Ready for Cyber Essentials
ISO/IEC 27001 and related standards
ICO Information Security Checklist
NCSC Cyber Security Toolkit for Boards
NEN Standard Network Design:
NEN MAT Standard Network Design
NEN Secondary Standard Network Design
NEN Primary Standard Network Design
How to Report a Cyber Attack

Be Cyber Aware: Cyber attacks and transparency. A no blame culture

Cyber Attack: Dorchester School

Types of Cyber Attacks: Password Attacks

Be Cyber Aware: Why regular software updates are important

Cyber Security Breaches Survey 2023

World Password Day - May 4th

Cyber Attack: Wiltshire School

Keeping your IT systems safe and secure

Why we recommend using PIN codes on printers

Types of Cyber Attacks: DDoS Attacks

Types of Cyber Attacks: Phishing

Types of Cyber Attacks: The Insider Threat

Why your data is profitable to cyber criminals

Types of malware and how they are linked to data protection

A guide to multi-factor authentication

How a school fought back after a cyberattack

Types of Cyber Attacks - Credential Stuffing

January Cyber update - How Can Schools Help Prevent Cyber Attacks?

End of Windows 8.1 Support

VICE SOCIETY - Ransomware attacks on schools

An Introduction to the Online Safety Bill

Changes to Cookie Pop Ups

Cyber Threat to Health and Education Sectors

2022 Security Breach Report Published

Information Security Basics: What are VPN's?

March Cyber Update

Information Security Basics: What are Cookies?

Weekly Cyber Update February 8th

Weekly Cyber Update: Fraud, Ransomware and Cyber Essentials
