Cyber Essentials Myth Busting – Part 2

Author: Stuart McCulloch, Lead Cyber Essentials assessor Continuing on from the previous blog the other myths surrounding CE are: Myth 5 – If I use Remote Desktop Services or VDI environments, then the devices connecting to those services are out of scope  Reality – This is not true. The devices themselves that facilitate the connection to […]

Cyber Essentials Myth Busting – Part 1

Author: Stuart McCulloch, Lead Cyber Essentials assessor Overview The Cyber Essentials (CE) scheme was introduced in 2014 with backing from the National Cyber Security Centre (NCSC). The requirements have changed over the years, with the introduction of new elements. The latest question set is the largest change ever and has created some misunderstandings.  This blog is […]

Security Information and Event Management (SIEM) – where to begin and what security logs should you bring in?

Author: Steph Jones, Senior Cyber Security Specialist/Analyst Team Lead – SIEM, Jisc Security Information and Event Management (SIEM) is one key tool of a wider set of controls that you should employ in seeking to protect and defend your organisation from cyber attack. These controls are sometimes referred to as Defence in Depth. SIEM collects […]

Cyber Essentials – onboarding and managing devices

Author: Stuart McCulloch, Cyber Essentials assessor This blog post focuses on options for implementing technical controls to manage personally owned or bring-your-own devices (BYOD) to meet the requirements of the Government’s Cyber Essentials (CE) scheme. We find that our sector is primarily Microsoft focused and so this blog covers its MDM solutions, but there numerous available. […]

Cyber Essentials & Bring Your Own Device (BYOD)

This blog post has been prepared in response to the large number of queries and concerns Jisc assessors have received about how bring-your-own device (BYOD) policies and implementations fit into the Cyber Essentials (CE) scheme. CE is a Government-backed annual certification scheme setting out a range of basic security controls organisations should have in place […]

‘What if…?’. It’s business continuity awareness week!

Business continuity is all about asking ‘what if…?’ What if this fails? Or what if this becomes unavailable? What if we need a back-up plan? The theme for 2022 The Business Continuity Institute’s theme for this year is building resilience in the hybrid world. No one needs three guesses as to why this theme has […]

What’s the deal with DDoS?

By Clare Stonebridge, Jisc network security services manager and Ben Crowther, Jisc defensive services manager,  31 March 2022. Distributed denial of service (DDoS) attacks are the malicious acts of cyber criminals attempting to disrupt computer and internet resources. These attacks have increased in size, frequency and duration over the past few years and continue to […]

New year, new password – but not if you’re already doing it right

Author: Jon Trickey, Information security officer Intro “Change your password regularly” is a frequently heard piece of password advice. However, enforcing password expiry can result in users making small, predictable changes to their existing password (for example, winter2021 > spring2022), rather than choosing an entirely new one.  This has the opposite effect to the one […]


The Log4j vulnerability and supply chain security

Author: Jon Hunt, Cyber security service delivery manager The National Cyber Security Centre (NCSC) describes the seriousness of the recently identified Log4j vulnerability very succinctly:  “Last week, a vulnerability was found in Log4j, an open-source logging library commonly used by apps and services across the internet. If left unfixed, attackers can break into systems, steal […]


Expert support to gain Cyber Essentials certification

Author: Tracy Matthews, cyber security assessment manager, Jisc Expert support to gain cyber essentials certification Jisc’s Cyber Essentials service is a trusted way to obtain and renew your cyber essentials certificate. Cyber Essentials is a government-backed certification that will help your organisation provide protection against the most common cyber attacks. Give your stakeholders confidence in […]