Education in Education · Chapter 8 321 agencies in maintaining security in education.Teachers with a minimal ICT background may find it helpful in understanding security as a whole school issue, but we anticipate (or at least hope) that anyone (certainly anyone with children of school age) will find it of use and interest. (Please forgive the inevitable UK bias in the detail here.The principles don't differ much across other jurisdictions.) It would be nice if information security was taken care of behind the scenes (in education as in industry and other parts of the public sector), so that everyone else could get on with the real business of education. Unfortunately, any teacher using ICT needs background awareness of security issues, not only for their own safety on-line, but also as part of their pastoral duty of care towards students.Teachers of ICT, Business Studies, and so on, need a deeper level of awareness than average, and to be able to relate their knowledge to the curriculum. Evaluating Security Advice Finding security advice is easy. Just google "security" or "bot" or "rootkit" and watch those page hits roll.The problem, as with all the information available on the Web, is sifting fact from fiction. Much security information ranges from paranoia to wishful thinking. How do you evaluate the (often conflicting) advice from all those stakeholders in the security business? Vendors and consultants should know what they're talking about (removes tongue from cheek...) but their advice is colored by their field (and level) of expertise and the nature of their product range. Much vendor information is put there by marketing, not the research team, and they have a vested interest in selling you what they have, even if it's not what you need. There is an enormous range of security resources available in the public sector, but the quality of the information is highly variable. Unfortunately, some of the best resources have restricted availability, and some of the publicly available material is so simplified as to be useless, if not actually dangerous. We've tried to address this problem by listing some resources (not all of it specific to education) in the resources section of this book. In an attempt to keep the book as up-to-date as possible at the time it hits the bookshelves, the resources section will be one of the last parts of the book to be finished, so excuse us if we aren't too specific in this chapter about what we're putting in there. Information Sharing and the WARP factor Of course, you are probably (hopefully, even) not going to rely on getting all your security information from this book. Information sharing between incident response teams (Computer Emergency Response Teams [CERTs] Computer Security Incident Response Teams [CSIRTs]) has benefited further education for many years. For instance, as JANET'S remit has spread from higher education to school education, so has the scope of its CERT evolved, and the need to trade information with other teams and sectors has increased. www.syngress.com