A Hitch-Hacker’s Guide to the Galaxy: Episode 2

A Hitch-Hacker’s Guide to the Galaxy – Developing a Cyber Security Roadmap for Executive Leaders In this blog series, I am looking at steps that your organisation can take to build a roadmap for navigating the complex world of cyber security and improving your cyber security posture. There’s plenty of technical advice out there for […]

A Hitch-Hacker’s Guide to the Galaxy: Episode 1

A Hitch-Hacker’s Guide to the Galaxy – Developing a Cyber Security Roadmap for Executive Leaders In this blog series, I will be looking at steps that your organisation can take to build a roadmap for navigating the complex world of cyber security and improving your cyber security posture. There’s plenty of technical advice out there […]

How can universities and colleges keep critical services running smoothly during clearing and enrolment?

There’s never a ‘good’ time to suffer a cyber attack, but there are certainly a few dates in the year when the financial and reputational effects of a website or email failure will be more damaging than others. One of those key periods is approaching right now for the higher and further education sector: clearing and […]

How to handle cyber security incident communications

UCISA has launched an excellent new resource to help institutions plan the communication response during a major cyber incident. The Cyber Incident Communications Toolkit, developed by the UCISA Security Group focuses on the importance of collaboration both internally and with partners to ensure provision of an effective and coordinated communications response with students, staff, funders, […]

New Cyber Essentials requirements and question set

Another year, another question set and new updates on Cyber Essentials (CE). Effective from 24th April, 2023, the new question set is called Montpellier, which sees only clarifications, with a light touch of the question set, unlike the major changes that were introduced last year for the current Evendine question set. With the new question […]

Cyber Essentials Myth Busting – Part 2

Author: Stuart McCulloch, Lead Cyber Essentials assessor Continuing on from the previous blog the other myths surrounding CE are: Myth 5 – If I use Remote Desktop Services or VDI environments, then the devices connecting to those services are out of scope  Reality – This is not true. The devices themselves that facilitate the connection to […]

Cyber Essentials Myth Busting – Part 1

Author: Stuart McCulloch, Lead Cyber Essentials assessor Overview The Cyber Essentials (CE) scheme was introduced in 2014 with backing from the National Cyber Security Centre (NCSC). The requirements have changed over the years, with the introduction of new elements. The latest question set is the largest change ever and has created some misunderstandings.  This blog is […]

Security Information and Event Management (SIEM) – where to begin and what security logs should you bring in?

Author: Steph Jones, Senior Cyber Security Specialist/Analyst Team Lead – SIEM, Jisc Security Information and Event Management (SIEM) is one key tool of a wider set of controls that you should employ in seeking to protect and defend your organisation from cyber attack. These controls are sometimes referred to as Defence in Depth. SIEM collects […]

Cyber Essentials – onboarding and managing devices

Author: Stuart McCulloch, Cyber Essentials assessor This blog post focuses on options for implementing technical controls to manage personally owned or bring-your-own devices (BYOD) to meet the requirements of the Government’s Cyber Essentials (CE) scheme. We find that our sector is primarily Microsoft focused and so this blog covers its MDM solutions, but there numerous available. […]

Cyber Essentials & Bring Your Own Device (BYOD)

This blog post has been prepared in response to the large number of queries and concerns Jisc assessors have received about how bring-your-own device (BYOD) policies and implementations fit into the Cyber Essentials (CE) scheme. CE is a Government-backed annual certification scheme setting out a range of basic security controls organisations should have in place […]