Initial Access Broker Landscape

An initial access broker specialises in gaining access to target organisations before selling that access on underground marketplaces. Ransomware groups commonly purchase this access from them. Curated Intelligence have written a blog post showing how information flows between the different parties involved this work.

Jisc’s vulnerability disclosure policy, the first 1,000 days

Jisc launched its vulnerability disclosure policy in February 2019. The policy was drawn up using ISO 29147:2018, and using guidance from other organisations, most notably NCSC-NL. Here, we look back at some of the trends and successes, as well as the lessons we’ve learned and what we have planned in future. The policy encourages external […]

Accessing ISO standards

Your institution may already have a subscription to British Standards Online (BSOL) which provides you with access to standards such as ISO 27001. If your institution does not have access, an agreement for access to BSOL is available through our License Subscriptions Manager.

Categories
Uncategorized

GEANT webinar on DDoS attacks

Between the 8th and 17th of February 2021 GEANT are running a series of webinars on DDoS attacks, including Introduction to DDoS attacks Details of specific attacks Detecting attacks Mitigating attacks Participation is free of charge to all NRENs and their constituents. The courses are aimed at network and system administrators, as well as security […]

GEANT courses on client privacy and security

Later this month GEANT will be running a series of five webinars which are open to all of Jisc’s members. These are particularly relevant to systems and network administrators, but may be of general interest to a wider audience. Web browsers Security & Privacy – secure surfing with less traces: 21/09/2020 Email Security & Privacy […]

Electronic Signatures

Electronic signatures, or e-signatures, are a means of signing documents in the same way that documents and agreements are signed using a written signature on hardcopy documents. Electronic signatures can come in any form that the parties to a contract agree on, but in general fall into three distinct categories. Simple e-signatures These are direct […]

Categories
Uncategorized

How to check the validity of an ISO certificate

Many organizations want to check that their suppliers and partners are managing information security risk, and possession of an ISO 27001 certificate is often the preferred way to evidence this. If you are reliant upon the assurances that an ISO certificate can provide, checking that the certificate is valid is an important but not particularly […]

Culture, Media and Sport Committee Enquiry into Cybersecurity

Shortly after the recent attacks on TalkTalk the Culture, Media and Sport Committee decided to hold an inquiry into the circumstances surrounding the data breach, but also the wider implications for telecoms and internet service providers. This raised a number of issues around the premature speculation around the causes of the incident, cybersecurity within the telecoms industry, and the […]

Categories
Uncategorized

Responding to username and password breaches

The past week saw a number of breaches of usernames and passwords from well-known websites. People are prone to reuse passwords across personal and corporate accounts, and compromised social networking accounts can be used to conduct social engineering attacks. These incidents have the potential to impact on your own organisation but it can be difficult to […]

TalkTalk and Encryption

In the week since the TalkTalk breach there’s been commentary on encryption of data, particularly with their CEO’s comments that they were not legally required to encrypt data. Of course encrypting the storage of data at rest is a common sense control against a range of threats such as physical theft or loss of the […]