How to handle cyber security incident communications

UCISA has launched an excellent new resource to help institutions plan the communication response during a major cyber incident. The Cyber Incident Communications Toolkit, developed by the UCISA Security Group focuses on the importance of collaboration both internally and with partners to ensure provision of an effective and coordinated communications response with students, staff, funders, […]

Free tools from the National Cyber Security Centre

Most* UK colleges and universities are already using one or more of the NCSC’s free cyber security tools, but for those of you that aren’t yet actively using their Active Cyber Defence services, you might want to look at the following: • Web Check checks your websites for common web vulnerabilities and misconfigurations in an […]

NCSC publishes Zero Trust architecture design principles

Jisc has been advocating Zero Trust as an approach for a while, with references in Cyber Impact and the current Janet Security Policy consultation to the previously published Beta architecture, but today (23rd July 2021), NCSC has released version 1.0 of their Zero Trust Design Architecture principles: NCSC define 8 principles that they state will […]

Azure Active Directory – Issues with User Consent

The Jisc Cloud team in conjunction with the Jisc Trust and Identity team has published a post highlighting a potential security risk associated with the default Azure Active Directory (AAD) security settings that are commonly in place across our membership. If your organisation uses AAD (or plans to use it), then please read this information […]

Securing Azure Virtual Desktop

The Jisc Cloud team has penned another security-related post that readers may be interested in: In this post, Neil Sayer, Jisc’s Azure Solutions Architect, explains some of the ways that you can secure Azure Virtual Desktop deployments (or Windows Virtual Desktop as it used to be called). The post recommends the following points: * […]

Remote access and Zero Trust

For those of you who aren’t also following Jisc’s Cloud Blog, you may not have seen a post from Richard Jackson (Jisc’s Lead Cloud Security Specialist) on Remote access and Zero Trust. The post at delves into how organisations should handle remote access securely and contains useful advice that can help mitigate against some […]

Top 10 tips for DNS Resilience

Andy Davis has been virtually touring the country recently providing advice and guidance to Heads of IT groups on DNS resilience, so I’ve asked him to share his top ten tips: (1) Keep your nameservers patched and running on supportable DNS platforms (OS and DNS application). (2) Review your Business Continuity Plans (BCP) – Do […]

Hitting DMARC! Phishing emails can easily spoof University and College domains: DMARC and NCSC Mail Check are here to help

Guest post by Tom S Academia lead – The Mail Check Team NCSC Active Cyber Defence Cyber security is improving in many areas, but the adoption of DMARC anti-spoofing is still too low. NCSC tools and tips gathered from around the community can help as this guest post from Tom S, Academia lead in NCSC’s Active […]