Service

Enterprise security review and risk assessment

Checking security of data centres
Creative Commons attribution information
Checking security of data centres
©EvgeniyShkolenko via iStock
All rights reserved

Get a wide-ranging overview of information security risks on your IT estate to spot gaps in your security and processes.

Contact your account manager

For enquiries contact:

About enterprise security review and risk assessment

In research and education, it’s vital to have an overview of your enterprise security risks and how you plan to mitigate them – to protect your reputation, reduce legal liability and support business continuity.

Achieving these goals is about more than putting a technical solution in place. It’s also about understanding and defining the internal processes, data practices and other human factors that can contribute to or mitigate your risk.

Security areas this service covers

These issues can relate to a broad range of areas of security, including:

  • Physical security of buildings and assets
  • Physical, logical and technical security of networks and systems
  • Legal liability with respect to GDPR 
  • Business continuity, including disaster recovery plans
  • Incident response
  • Human skill and behaviours, from the IT team to service users

Benefits to your organisation

Take a business-wide view of security

In some organisations, there is a risk that information security is seen as purely a “technology” issue. But human factors can matter as much as technology.

This review helps you re-frame security as a business-wide concern, with responsibility spread across the organisation. As well as talking to networking and IT team members, we will also seek the views of other stakeholders including business managers and teaching staff.

Spot gaps in your security and processes

Even if you have invested in technical aspects of cyber security, it’s possible to leave gaps in areas such as policies and processes. Understand where those gaps are, and address them.

Avoid repetition of a security incident

If you have experienced a security incident in-house, part of your longer-term recovery process is to work out how to avoid similar incidents in future. This overview can help you plan your long-term recovery.

Explore mitigation options

We will offer recommendations for next steps – including signposting you to more in-depth cyber security services where appropriate, such as vulnerability assessment or penetration testing.

Benefit from a breadth of expertise

This service is delivered by a mix of staff from across Jisc, with specialisms in networking, cyber security, information security, and relevant governance.

How this service works

This is a bespoke, follow-on consultancy service. We can adapt our service to meet your security goals as an organisation.

As part of the service, we would typically:

  • Seek an initial meeting, which may be a conference call, to agree a scope
  • Ask you for any data that may prove useful to the review
  • Conduct a site visit in which we meet and interview an agreed list of stakeholders
  • Present a report within two weeks of the site visit, including an executive summary and recommendations for next steps

Contact your account manager