Categories
Uncategorized

How can colleges and universities keep critical services running smoothly during clearing and enrolment in a pandemic?

By Clare Stonebridge, Network Security Services Manager, Jisc, 12 July 2021 There’s never a ‘good’ time to suffer a cyber attack, but there are certainly a few dates in the year when the financial and reputational effects of a website or email failure will be more damaging than others.  One of those key periods is approaching […]

Categories
Cyber security Uncategorized

Azure Active Directory – Issues with User Consent

The Jisc Cloud team in conjunction with the Jisc Trust and Identity team has published a post highlighting a potential security risk associated with the default Azure Active Directory (AAD) security settings that are commonly in place across our membership. If your organisation uses AAD (or plans to use it), then please read this information […]

Categories
Uncategorized

Securing Azure Virtual Desktop

The Jisc Cloud team has penned another security-related post that readers may be interested in: https://cloud.jiscinvolve.org/wp/2021/06/23/securing-azure-virtual-desktop/ In this post, Neil Sayer, Jisc’s Azure Solutions Architect, explains some of the ways that you can secure Azure Virtual Desktop deployments (or Windows Virtual Desktop as it used to be called). The post recommends the following points: * […]

Categories
Uncategorized

GEANT webinar on DDoS attacks

Between the 8th and 17th of February 2021 GEANT are running a series of webinars on DDoS attacks, including Introduction to DDoS attacks Details of specific attacks Detecting attacks Mitigating attacks Participation is free of charge to all NRENs and their constituents. The courses are aimed at network and system administrators, as well as security […]

Categories
Uncategorized

How to check the validity of an ISO certificate

Many organizations want to check that their suppliers and partners are managing information security risk, and possession of an ISO 27001 certificate is often the preferred way to evidence this. If you are reliant upon the assurances that an ISO certificate can provide, checking that the certificate is valid is an important but not particularly […]

Categories
Uncategorized

Responding to username and password breaches

The past week saw a number of breaches of usernames and passwords from well-known websites. People are prone to reuse passwords across personal and corporate accounts, and compromised social networking accounts can be used to conduct social engineering attacks. These incidents have the potential to impact on your own organisation but it can be difficult to […]

Categories
Uncategorized

UCISA publish guidance on information security governance

Yesterday UCISA published the Information Security Management Toolkit that provides guidance to higher education institutions wishing to establish systems to manage information security. Authors from across the sector contributed to the content including Andrew Cormack and myself from Jisc. Previous guidance from UCISA which mainly focused on the application of ISO/IEC 27002:2005 to Higher Education. This new […]

Categories
Uncategorized

Encouraging safe behaviour with technology

User education is a hot topic in information security. Through education we can empower our users to protect information in a environment that’s frequently challenging and where natural assumptions about behaviour don’t always hold true. I wonder though if it’s possible to take this too far. Not all responsibility for the insecurity of systems, even […]

Categories
Uncategorized

Reviewing risk mangement

For many if not most organisations information security risk management is a new and relatively immature activity that they are still discovering and learning more about. This can mean that the results of the activity can be imperfect. As we learn we can improve the process to better fit the requirements of the organisation but […]

Categories
Uncategorized

Talking about information security impacts

Over the past week I’ve been looking at our existing processes for managing risk, how information security risk fits within this framework, and what improvements can be made overall. One of my concerns is that most people aren’t used to explicitly thinking about risk and that my colleagues need to be able to relate to […]