Categories
Cyber security

Jisc’s vulnerability disclosure policy, the first 1,000 days

Jisc launched its vulnerability disclosure policy in February 2019. The policy was drawn up using ISO 29147:2018, and using guidance from other organisations, most notably NCSC-NL. Here, we look back at some of the trends and successes, as well as the lessons we’ve learned and what we have planned in future. The policy encourages external […]

Categories
Cyber security

The future of your cyber security incident response team

Author: David Batho, Head of Incident Response Formerly known as Janet CSIRT, exciting new changes are underway. The cyber landscape is changing, and so has our purpose as an incident response team. Ransomware and phishing attacks are significant threats to education. Therefore, we need to be proactive, partner with our members and provide accurate and […]

Categories
Cyber security

Cyber Security Awareness Month 2021

After great success during October 2020, GÉANT are launching a similar initiative for cyber security awareness month 2021. They have collaborated with other organisations within the National Research and Education Network (NREN) to organise a fantastic calendar of activities throughout October following the theme: Cyber Hero @ home.   GÉANT will be focusing on the following topics, providing useful information through blogs, videos, presentations and more:  Week 1 (4-10 October): Be aware […]

Categories
Cyber security

Free tools from the National Cyber Security Centre

Most* UK colleges and universities are already using one or more of the NCSC’s free cyber security tools, but for those of you that aren’t yet actively using their Active Cyber Defence services, you might want to look at the following: • Web Check checks your websites for common web vulnerabilities and misconfigurations in an […]

Categories
Cyber security

NCSC publishes Zero Trust architecture design principles

Jisc has been advocating Zero Trust as an approach for a while, with references in Cyber Impact and the current Janet Security Policy consultation to the previously published Beta architecture, but today (23rd July 2021), NCSC has released version 1.0 of their Zero Trust Design Architecture principles: https://www.ncsc.gov.uk/blog-post/zero-trust-1-0. NCSC define 8 principles that they state will […]

Categories
Uncategorized

How can colleges and universities keep critical services running smoothly during clearing and enrolment in a pandemic?

By Clare Stonebridge, Network Security Services Manager, Jisc, 12 July 2021 There’s never a ‘good’ time to suffer a cyber attack, but there are certainly a few dates in the year when the financial and reputational effects of a website or email failure will be more damaging than others.  One of those key periods is approaching […]

Categories
Cyber security Uncategorized

Azure Active Directory – Issues with User Consent

The Jisc Cloud team in conjunction with the Jisc Trust and Identity team has published a post highlighting a potential security risk associated with the default Azure Active Directory (AAD) security settings that are commonly in place across our membership. If your organisation uses AAD (or plans to use it), then please read this information […]

Categories
Cyber security

Accessing ISO standards

Your institution may already have a subscription to British Standards Online (BSOL) which provides you with access to standards such as ISO 27001. If your institution does not have access, an agreement for access to BSOL is available through our License Subscriptions Manager.

Categories
Uncategorized

Securing Azure Virtual Desktop

The Jisc Cloud team has penned another security-related post that readers may be interested in: https://cloud.jiscinvolve.org/wp/2021/06/23/securing-azure-virtual-desktop/ In this post, Neil Sayer, Jisc’s Azure Solutions Architect, explains some of the ways that you can secure Azure Virtual Desktop deployments (or Windows Virtual Desktop as it used to be called). The post recommends the following points: * […]

Categories
Cyber security

Remote access and Zero Trust

For those of you who aren’t also following Jisc’s Cloud Blog, you may not have seen a post from Richard Jackson (Jisc’s Lead Cloud Security Specialist) on Remote access and Zero Trust. The post at https://cloud.jiscinvolve.org/wp/2021/06/16/973/ delves into how organisations should handle remote access securely and contains useful advice that can help mitigate against some […]