Cyber security policy - exams
Best practice and awareness
Account management best practice
- use strong, unique passwords
- avoid easily guessable information (birthdays, names, common words)
- do not reuse passwords across accounts
- passwords must be over 10 characters, with a capital letter and number
- never share login/password details or authentication codes
- request individual user accounts; do not share accounts
- use two-step/multi-factor authentication wherever available
- change exposed passwords immediately and inform senior leader/line manager
- do not reuse old passwords or cycle through a small set
- regularly review and remove access for third-party applications
- only grant permissions to trusted services
- download/install applications from trusted sources only
- be cautious with quizzes, prize draws, surveys and much more
Social engineering and phishing awareness
- be wary of unsolicited requests for credentials or confidential information
- do not approve or authenticate login requests not initiated by the centre and examination staff
- do not click suspicious links, download attachments, or scan QR codes from unknown sources
- report phishing attempts referencing awarding bodies to the relevant awarding body immediately, and LCC information assurance teams
Monitoring and reviewing account access
- report suspicious or unauthorised activity on awarding body systems and LCC information assurance teams immediately
- promptly review user access for staff who have left
- regularly review levels of access to ensure minimum required for current role
Training
- provide training for authorised staff on password security and account confidentiality
- provide training on information governance annually
