Enterprise security review and risk assessment

Get a wide-ranging overview of information security risks on your IT estate to spot gaps in your security and processes.
For enquiries contact:
About enterprise security review and risk assessment
In research and education, it’s vital to have an overview of your enterprise security risks and how you plan to mitigate them – to protect your reputation, reduce legal liability and support business continuity.
Achieving these goals is about more than putting a technical solution in place. It’s also about understanding and defining the internal processes, data practices and other human factors that can contribute to or mitigate your risk.
Security areas this service covers
These issues can relate to a broad range of areas of security, including:
- Physical security of buildings and assets
- Physical, logical and technical security of networks and systems
- Legal liability with respect to GDPR
- Business continuity, including disaster recovery plans
- Incident response
- Human skill and behaviours, from the IT team to service users
Benefits to your organisation
Take a business-wide view of security
In some organisations, there is a risk that information security is seen as purely a “technology” issue. But human factors can matter as much as technology.
This review helps you re-frame security as a business-wide concern, with responsibility spread across the organisation. As well as talking to networking and IT team members, we will also seek the views of other stakeholders including business managers and teaching staff.
Spot gaps in your security and processes
Even if you have invested in technical aspects of cyber security, it’s possible to leave gaps in areas such as policies and processes. Understand where those gaps are, and address them.
Avoid repetition of a security incident
If you have experienced a security incident in-house, part of your longer-term recovery process is to work out how to avoid similar incidents in future. This overview can help you plan your long-term recovery.
Explore mitigation options
We will offer recommendations for next steps – including signposting you to more in-depth cyber security services where appropriate, such as vulnerability assessment or penetration testing.
Benefit from a breadth of expertise
This service is delivered by a mix of staff from across Jisc, with specialisms in networking, cyber security, information security, and relevant governance.
How this service works
This is a bespoke, follow-on consultancy service. We can adapt our service to meet your security goals as an organisation.
As part of the service, we would typically:
- Seek an initial meeting, which may be a conference call, to agree a scope
- Ask you for any data that may prove useful to the review
- Conduct a site visit in which we meet and interview an agreed list of stakeholders
- Present a report within two weeks of the site visit, including an executive summary and recommendations for next steps