| Episode | Description |
| 1.1 | Why are schools at risk from cyber attacks? |
| This first episode of In Our Humble Opinion starts at the beginning and considers ransomware and attacks on schools along with why schools might be attacked and why schools might be at risk from attack. As Covey put it, we need to start with the “Why”. |
| Resources:
|
| 1.2 | Step 1 of a cyber attack: Recon |
| This episode we will be discussing the reconnaissance phase of cyber attacks, looking at how organisations, including schools, might become more aware of the information criminals might have access to as they seek to recon a target ahead of their attack. This includes some discussion of OSINT (Open Source Intelligence). Ultimately, by knowing what information is out there about us we can be a little bit more prepared to deal with attacks. |
| Resources:
|
| 1.3 | Beyond recon and the start of the active phase of attacks |
| This week the discussion moves from the passive recon towards the more active attacks where the organisation may be able to detect the attack, assuming they have the relevant resources looking at the logs and other data. Having at least a basic understanding of what a active attack might look like will help in both defending and responding. |
| Resources:
|
| 1.4 | So how do cyber criminals actually get in? |
| In this weeks episode of In Our Humble Opinion we will start to look at the approaches cyber criminals might take in attacking schools and colleges. We will consider some of the ways which they will actually get into a schools systems where they can then cause the damage to the organisation, its users, systems and data. Social Engineering is therefore a significant part of the discussions. |
| Resources:
|
| 1.5 | Knowing what we are seeking to protect: Data Governance |
| This weeks episode looks at data governance. Data is one of the key items which cyber criminals will want to access or destroy and through it gain a monetary gain, so it is important that we know what data we store, where it is stored as well as who has access and how it is used. Data governance is about understanding what we are seeking to protect. We also explore how the value of differing types of data varies and therefore how the measures we may put in place to protect may also differ. |
| Resources:
|
| 1.6 | How do we detect a cyber incident, and then what? |
| This episode examines detection and response in relation to cyber incidents. How do we know we have suffered from a cyber incident? Our discussion starts with a pragmatic look in relation to how a cyber incident will often start out looking like a “normal” IT issue before we finally realise it is something more, that it is a cyber incident. We will then examine how we might respond once a cyber incident has been identified. |
| Resources:
|
| 1.7 | Schools, cyber incident response and incident management |
| Episode 7 continues on from last week looking at response and in particular at incident and recovery planning. How can we make sure we are as prepared as possible ahead of a cyber incident occurring? How can we create an appropriate incident response plan. We also discuss the broader issue of incident management and how those beyond the IT staff, especially at a senior level, are involved during the course of incident in managing the situation. |
| Resources:
|
| 1.8 | |
| |
| |
| 1.9 | |
| |
| |
| 1.10 | |
| |
| |
IOHO (In Our Humble Opinion) 