Author: Jon Hunt, Cyber security service delivery manager The National Cyber Security Centre (NCSC) describes the seriousness of the recently identified Log4j vulnerability very succinctly: “Last week, a vulnerability was found in Log4j, an open-source logging library commonly used by apps and services across the internet. If left unfixed, attackers can break into systems, steal […]
Category: Uncategorized
Author: Tracy Matthews, cyber security assessment manager, Jisc Expert support to gain cyber essentials certification Jisc’s Cyber Essentials service is a trusted way to obtain and renew your cyber essentials certificate. Cyber Essentials is a government-backed certification that will help your organisation provide protection against the most common cyber attacks. Give your stakeholders confidence in […]
By Clare Stonebridge, Network Security Services Manager, Jisc, 12 July 2021 There’s never a ‘good’ time to suffer a cyber attack, but there are certainly a few dates in the year when the financial and reputational effects of a website or email failure will be more damaging than others. One of those key periods is approaching […]
Categories
GEANT webinar on DDoS attacks
Between the 8th and 17th of February 2021 GEANT are running a series of webinars on DDoS attacks, including Introduction to DDoS attacks Details of specific attacks Detecting attacks Mitigating attacks Participation is free of charge to all NRENs and their constituents. The courses are aimed at network and system administrators, as well as security […]
Many organizations want to check that their suppliers and partners are managing information security risk, and possession of an ISO 27001 certificate is often the preferred way to evidence this. If you are reliant upon the assurances that an ISO certificate can provide, checking that the certificate is valid is an important but not particularly […]
The past week saw a number of breaches of usernames and passwords from well-known websites. People are prone to reuse passwords across personal and corporate accounts, and compromised social networking accounts can be used to conduct social engineering attacks. These incidents have the potential to impact on your own organisation but it can be difficult to […]
Yesterday UCISA published the Information Security Management Toolkit that provides guidance to higher education institutions wishing to establish systems to manage information security. Authors from across the sector contributed to the content including Andrew Cormack and myself from Jisc. Previous guidance from UCISA which mainly focused on the application of ISO/IEC 27002:2005 to Higher Education. This new […]
User education is a hot topic in information security. Through education we can empower our users to protect information in a environment that’s frequently challenging and where natural assumptions about behaviour don’t always hold true. I wonder though if it’s possible to take this too far. Not all responsibility for the insecurity of systems, even […]
Categories
Reviewing risk mangement
For many if not most organisations information security risk management is a new and relatively immature activity that they are still discovering and learning more about. This can mean that the results of the activity can be imperfect. As we learn we can improve the process to better fit the requirements of the organisation but […]
Over the past week I’ve been looking at our existing processes for managing risk, how information security risk fits within this framework, and what improvements can be made overall. One of my concerns is that most people aren’t used to explicitly thinking about risk and that my colleagues need to be able to relate to […]