Prevent is part of the government counter-terrorism strategy. It’s designed to tackle the problem of vulnerable people being drawn into extremism. This session will help you to understand what Prevent is, and how it will impact educational organisations – in particular FE and sixth form colleges.

1. Prevent
Steve Kennett, Head of operational Services
and Senior information risk owner

2. The Cyber threat
We live in an inter-connected
world that we could not have
imagined even two decades ago
»While it brings almost limitless
opportunities, there are also
threats. It is absolutely vital
that the applications and
connections we use are as
secure as possible
2/03/2016
EdVaizey MP
Minister for culture and the digital economy

3. Cost of breaches continues to soar
2/03/2016 Prevent
‘Starting
point’
» for breach costs which includes elements such as business disruption,
lost sales, recovery of assets, and fines and compensation
£1.46m -
£3.14m
» is the average cost to a large organisation
» up from £600k - £1.15m a year ago
£75k - £311k
» is the average cost to a small business
» up from £65k - £115k a year ago

4. Computer Security Incident ResponseTeam - CSIRT
2/03/2016 Prevent

5. Computer Security Incident ResponseTeam
»Safeguarding your current and future computer security, with a
primary function to monitor and resolve any security incidents that
occur on the Janet network
»Our mission is to create a secure environment to conduct your
online activities. Our primary function is monitor and resolve any
security incidents that occur on the network, with specialists
tracking a range of platforms, including Unix, Linux and Windows
Janet network CSIRT
2/03/2016 Prevent

6. Computer Security Incident ResponseTeam
»We work closely with our community to detect, report and
investigate incidents that pose a threat to the security of our
customers' information systems. We also investigate other forms of
network abuse such as spam and copyright infringement
»Due to the geographical scope of incidents, we assist national and
international law enforcement agencies in their investigations,
connecting them to our trusted contacts within the community
Janet network CSIRT
2/03/2016 Prevent

7. Computer Security Incident ResponseTeam
Csirt 7 security specialists engage with
2/03/2016 Prevent

8. CSIRT - Cost benefits
Costs: time to fix the breach, remove infection from computers, deal with
questions, inform staff and students, time that systems are unavailable to staff and
students, fines and compensation, business loss, reputational damage.
» 12.5% of organisations using Janet avoid having one severe security breach
annually due to the existence of CSIRT;
» Using the figures in the BIS report and working with the Jisc SSU
ȣ22.5 million
2/03/2016 Prevent
BIS report “2015
Information Security
Breaches Survey”
£1.46m
to £3.14m
Average cost to a business
of its worst security
breach of the year.
£75k
to £311k
Large
Small

9. Scary but true
2/03/2016 Prevent

10. jisc.ac.uk
Computer Security Incident ResponseTeam
Visit the Janet network CSIRT blog
0300 999 2340
irt@csirt.ja.net
2/03/2016 Prevent

11. Prevent

12. Jisc PREVENT activities
»Working closely with BIS and HomeOffice
»Keeping AoC and UUK informed
»HM Government workshop to raise awareness of Prevent
»Statutory regulation advice and assistance
› Blog posts
› Speak at conferences
› Web filtering
»Working in partnership with the Education andTraining Foundation
2/03/2016 Prevent

13. Prevent
»Home Office Prevent duty event in:
› Birmingham, Oldham, Bristol and Luton
»Safeguarding conference at College development network in:
› Stirling Scotland
»The joint Learning for Higher Education (LFHE) and HEFCE
conference Policy into practice;The Leadership Challenge;
CounterTerrorismAct 2015:
› Bristol and Manchester
Conferences and meetings
2/03/2016 Prevent

14. Prevent
»HEFCE Prevent team with, Head of strategic engagement and Head
of strategic development to join up our approach with HEFCE
»AoC 'Implementing the Prevent Duty' Conference 30 September
»“And more meetings than I care to remember with
› BIS, Home Office, UCISA, HEFCE, AoC, UUK, EducationTraining
Foundation, Learning Foundation for Higher Education…
Conferences and meetings
2/03/2016 Prevent

15. Training
Workshop to RaiseAwareness of Prevent (WRAP)
2/03/2016 Prevent

16. Workshop to raise awareness of Prevent (WRAP)
WRAP is a free specialist workshop, designed by HM Government
to give you:
»An understanding of the Prevent strategy and your role within it
»The ability to use existing expertise and professional judgment to
recognise the vulnerable individuals who may need support
»Local safeguarding and referral mechanisms and people to contact
for further help and advice
»This workshop is an introduction to the Prevent strategy , it does
not cover wider institutional responsibilities under the duty
2/03/2016 Prevent

17. Workshop to Raise Awareness of Prevent (WRAP)
»Facilitated online learning, no travel required
»Delivered by our award winning training team
»Highly participatory sessions
»Share best practice across the sectors and nationwide
»Information and registration at jisc.ac.uk/advice/training
2/03/2016 Prevent

18. Why live online?
»Senior management
»Remote staff
»New starters
»Student council
WRAP delivery is also available from local police and Regional
HE/FE Co-ordinators, who also run train the trainer programme.
Jisc sessions are useful for:
2/03/2016 Prevent

19. Jisc WRAP 3 training update
» Total people who have completed WRAP training with Jisc is now 1464
» Sector breakdown of attendance is:
› 39% HE
› 56% FE and skills
› 5% other (partners/funders/internal)
» As previously noted FE are in general well ahead of HE in terms of staff
training, with programmes already in place, and this is reflected in these
attendance figures
» Jisc are currently offering 4 sessions per week and are experiencing high
demand for courses from all sectors – courses are fully booked for two
weeks in advance of delivery
2/03/2016 Prevent

20. Feedback
“Excellent insight it shows how education is important and how education may
help people find their purpose again.”
“Good session, initially was worried as 2 hours is a long time, relieved it was
engaging and interactive - a good webinar, thank you.”
“Thank you, it has been very informative and has developed a better
understanding for everyday practice in my role as Head of Curriculum.”
“I thoroughly enjoyed the session.”
“Thank you for providing this course it has helped me understand
what to look for and how prevent can help.”
2/03/2016 Prevent

21. Prevent
»Link to Andrew’s blog http://bit.ly/Prevent_andrews_blog
»Prevent duty guidance http://bit.ly/Prevent_duty_guidance
»The statutory instrument bringing it into force is The
Counter-Terrorism and Security Act 2015 Regulations 2015 at
http://bit.ly/Prevent_legislation
If you want to know more
2/03/2016 Prevent

22. The Education andTraining Foundation
»Complying with the Prevent Duty
»Information and resources for:
› Practitioners
› Support staff
› Leaders and managers
› Governors and board members
preventforfeandtraining.org.uk/
Prevent for Further Education andTraining
2/03/2016 Prevent

23. Web filtering
2/03/2016 Prevent

24. Jisc web filtering - Features
»A cloud based solution with direct connection to Janet at 8Gbps
»Far greater capacity and scalability
»Superior resilience
»Enhanced admin interface experience
»Google SSL search filtering capability
»Mandatory Internet Watch Foundation (IWF) and Unlawful
Extremism content filters
Updated service
2/03/2016 Prevent

25. Jisc web filtering - Features
»User Based Filtering
»Ability to provide different filtering to different users based on AD
memberships
»Easily managed through the enhanced admin interface
»Transparent Proxy
»Removes the need to enter the proxy server into devices on the
network
»Enhances the student and guest experiences by simplifying
connecting their own devices to the internet
»Technical requirement, costs and time frameTBC
Further enhancements
2/03/2016 Prevent

26. Jisc web filtering - Flexibility
A layered approach to filtering that enables you to build a solid
foundation for your policies
Back-stopping your policies
2/03/2016 Prevent

27. Jisc web filtering – Eligibility and pricing
Any organisation with a Janet
connection is eligible to use
the service. If that organisation
has feeder sites which it
provides connectivity to, the
feeder site would need to
purchase its own site license.
Janet connected customers
Fororganisations with connectivity
solutions provided by neither
Janet nor the web filtering service
supplier, providing the organisation
is eligible for JSL Services and no
additional technical intervention
from the supplier is required, then
the service can be used under a
non-JSL site license.
Non-Janet connected customers
2/03/2016 Prevent

28. Jisc web filtering – Eligibility and pricing
Customer pricing
2/03/2016 Prevent
Site type SafetyNet User based filtering
Site with Janet connection <2000 users Included in the Jisc subscription
or central funding for FECs
£499
Site with Janet connection >2000 users £49 + 50p/user
Non-Janet connectivity site <2000 users
£299
£999
Non-Janet connectivity site >2000 users £49 + £1/user
Local authority Bespoke pricing

29. Web filtering and monitoring on line course
»Jisc are currently developing a new facilitated online course
covering network filtering and monitoring
»This will be a multi session online course which will look at the
drivers for filtering and monitoring, the underlying technology,
the tools and services available and the impact of all of these on
an organisation
»The course is expected to be piloted at the end of February
with publicly scheduled courses available to book from
April 1 2016
2/03/2016 Prevent

30. Web filtering and monitoring on line course
»understand their organisation’s requirements for filtering
and monitoring
»articulate their organisations filtering and monitoring aims and
objectives and reflect these through implementation of effective
policy and procedures
»make informed decisions on the purchase and deployment of
infrastructure and services for filtering and/or monitoring
By the end of the course participants will be able to:
2/03/2016 Prevent

31. Web filtering framework
» Jisc has been working to provide aWeb Filtering framework
»The objective of the framework is to enable Jisc to offer a wider
solution pool for a greater proportion of the community to benefit
› saving them the costs of procurement
› yielding individual preferential pricing
› and an aggregated discount
»This will also include institutions that already have solutions
available via the framework, for their ongoing costs
2/03/2016 Prevent

32. Web filtering framework
2/03/2016 Prevent
Activity Date
Notice to European Journal March 2016
Final date for clarifications April 2016
Final date for registration April 2016
Closing date for tenders April 2016
Selection of preferred supplier April/May2016
Contracts placed by April/May2016
[Contract start date/Delivery of
network/ServiceCommencement date]
April/May2016

33. jisc.ac.uk
Jisc web filtering service
Visit the Jisc website
jisc.ac.uk/web-filtering
2/03/2016 Prevent

34. Useful links
http://bit.ly/Jisc_network_monitoring_law
ucisa.ac.uk/modelregs
https://community.jisc.ac.uk/library/acceptable-use-policy
https://community.jisc.ac.uk/library/janet-policies/security-policy
https://community.jisc.ac.uk/library/janet-policies/eligibility-policy
2/03/2016 Prevent

35. Jisc cyber security services
»Explore the security support available to those connected to the
Janet Network jisc.ac.uk/network/security
»Janet computer security incident response team (CSIRT)
jisc.ac.uk/csirt
»web filtering service jisc.ac.uk/web-filtering
»Mailer Shield jisc.ac.uk/mailer-shield
»educationshared informationsecurity service (ESISS) jisc.ac.uk/esiss
»Email advice and testing jisc.ac.uk/email-advice
»Blacklists and whitelists jisc.ac.uk/blacklists
»Jisc Certificate Service jisc.ac.uk/certificate-service
2/03/2016 Prevent

36. GOV.UK cyber pages
»Keeping the UK Safe in Cyberspace sets out the policy context for
UK cyber; gov.uk/government/policies/cyber-security
»10 Steps to Cyber Security http://bit.ly/Jisc_tensteps
»BIS advice for small businesses http://bit.ly/Jisc_BIS_advice
»Cyber Essentials cyberstreetwise.com/cyberessentials
»Centre for the Protection of National Infrastructure (CPNI)
cpni.gov.uk/advice/cyber
»Cyber Streetwise cyberstreetwise.com
»Get Safe Online getsafeonline
2/03/2016 Prevent

37. Thank you
2/03/2016 Prevent

38. Prevent: the role ofTechnology
Andrew Cormack, Chief regulatory adviser

39. Home Office guidance
2/03/2016 Prevent: the role of Technology

40. Home Office guidance
2/03/2016 Prevent: the role of Technology

41. Home Office guidance
2/03/2016 Prevent: the role of Technology

42. “Many educational institutions already use filtering as a means of
restricting access to harmful content, and should consider the use of
filters as part of their overall strategy to prevent people being drawn
into terrorism”
2/03/2016 Prevent: the role of Technology

43. Prevent: the role of Technology2/03/2016

44. HEFCE Monitoring Framework (para 15)
“The intention of the Prevent duty is to ensure that all specified
authorities assess the level of risk that people within their functional
responsibilities may be drawn into terrorism, and have suitable policies,
procedures or arrangements in place to mitigate those risks”
2/03/2016 Prevent: the role of Technology

45. “Whether and how” to use technology?
2/03/2016 Prevent: the role of Technology

46. “Whether and how” to use technology?
»Is technology more effective to prevent or detect?
2/03/2016 Prevent: the role of Technology

47. “Whether and how” to use technology?
»Is technology more effective to prevent or detect?
»What guidance do we have on online signs of problems?
2/03/2016 Prevent: the role of Technology

48. “Whether and how” to use technology?
»Is technology more effective to prevent or detect?
»What guidance do we have on online signs of problems?
»Where might we detect patterns indicating risk?
2/03/2016 Prevent: the role of Technology

49. “Whether and how” to use technology?
»Is technology more effective to prevent or detect?
»What guidance do we have on online signs of problems?
»Where might we detect patterns indicating risk?
»How are users likely to react?
2/03/2016 Prevent: the role of Technology

50. “Whether and how” to use technology?
»Is technology more effective to prevent or detect?
»What guidance do we have on online signs of problems?
»Where might we detect patterns indicating risk?
»How are users likely to react?
»How to keep those at risk within our support systems?
2/03/2016 Prevent: the role of Technology

51. “Whether and how” to use technology?
»Is technology more effective to prevent or detect?
»What guidance do we have on online signs of problems?
»Where might we detect patterns indicating risk?
»How are users likely to react?
»How to keep those at risk within our support systems?
»How can we best change minds?
2/03/2016 Prevent: the role of Technology

52. jisc.ac.uk
Contact
Andrew Cormack
Chief regulatory adviser
Andrew.Cormack@jisc.ac.uk
Prevent: the role of Technology2/03/2016

53. Implementing Prevent
How best to use to comply with the
Prevent Duty
Matt Dean, Technology Policy Manager
2 March 2016

54. • An increased awareness of the targeting of young people in colleges
by a variety of extremist groups – although not confined to colleges,
attempts to ‘radicalise’ young people have increased in recent years.
Colleges are vital parts of the community;
• A shift to making the Prevent Duty a part of the broader ‘safeguarding’
agenda – the language, and policy around, Prevent has developed to
include pastoral care. Safeguarding implies a different way of viewing
radicalisation;
• Prevent is now part of the funding and inspection regime – legal and
funding changes mean that colleges are required to implement the
Prevent Duty. There are differences between what colleges HAVE to do
and what form monitoring might mean.
Context

55. • Legal requirements – The Counter-Terrorism and Security Bill (2015)
places a duty on colleges to, ‘have due regard, in the exercise of its
functions, to the need to prevent people from being drawn into
terrorism’. There are clear legal duties in place;
• Colleges are required to work collaboratively – The Bill does not
discriminate between types of education provider. Colleges have
students of diverse ages, backgrounds undertaking diverse
programmes of study.
• Ofsted will inspect compliance with the statutory Prevent Duty and an
‘inadequate’ would trigger an intervention– Colleges need to provide
training to staff, to have named individuals with clear responsibilities
and be able to evidence compliance. Be clear on the differences
between legal requirements and developing appropriate ways of
working.
Policy agenda

56. • Two conferences to date – AoC will continue to run conferences,
seminars and regional events as the programme develops. Providing
the space for colleges to discuss how they implement the Duty is
vital.
• Resources – The AoC website (aoc.co.uk) has numerous, free to
access, resources on policy analysis, case studies, blog posts and
news items. Stay informed about legal and policy changes and about
how colleges might inform the debate.
• AoC work as a single point of contact – AoC coordinates activity
among all government departments and agencies and has a Policy
team that works to see that a coherent and rational approach is
adopted by them and by colleges. If you have questions, AoC is best
placed to help.
AoC and the Prevent Duty