Cyber security

Building solid security practice and culture together to empower you with technology and hands-on cyber posture support.

16 questions you need to ask to assess your cyber security posture (pdf)

As technology becomes more complex and threats more sophisticated, it’s a challenge to keep your online environment and physical infrastructure secure.

Acting as a trusted partner and critical friend, we can support you through these challenges with our range of services and in-house expertise.

Ten steps to cyber security

The National Cyber Security Centre’s ten steps to cyber security breaks down the task of defending your networks, systems and information into its essential components. Working in partnership with them, we’ve matched our key services to each step.

Risk management

Take a risk-based approach to securing your data and systems.

A good risk management approach gives you the foundations to respond to threats. Evaluate your current security posture with cyber security assessment, and test your systems and networks against real-world cyber attack scenarios with penetration testing. Underpinning the Janet Network, foundation DDoS mitigation and foundation plus reduces disruption to help avoid financial loss or reputational damage.

Key training: Test vulnerabilities by learning to think like a hacker.

Engagement and training

Collaboratively build security that works for people in your organisation.

Your staff can be an effective resource in preventing or detecting incidents. Using the simulated phishing and associated training framework can help users safely experience what an attack might look like so they understand wider risks and know what to do if they suspect an issue.

Information security e-learning covers phishing, malware and password security, and training around developing effective security awareness campaigns gives you the tools you need to build a strong security culture to support your staff.

Asset management

Know what data and systems you have and what business need they support.

It can be hard to maintain an understanding of all the assets within your environment and the risks for each one. Use cyber security assessment to meet audit and compliance needs, and vulnerability assessment service and tools supply framework to choose the right strategy to detect and assess vulnerabilities within your IT estate.

Make sure you have vital security precautions in place by gaining or renewing your Cyber Essentials certification.

Architecture and configuration

Design, build, maintain and manage systems securely.

Ensuring that good security is at the heart of your projects means you're mitigating the risks your organisation cares about. Choose the right strategy using vulnerability assessment service and tools supply framework, securely manage your public DNS records with primary nameserver service and ensure your users are protected from email abuse using allow and deny lists.

For peace of mind, critical services protection safeguards your business-critical services with out-of-hours coverage, whilst our managed firewall service reduces your management burden and helps you stay ahead of the current threat.

Vulnerability management

Keep your systems protected throughout their lifecycle.

Many security incidents are caused by attackers exploiting publicly disclosed vulnerabilities. Proactively managing threats using a managed SIEM can help protect your systems, spot anomalies early and respond quickly. Add a layer of defence with Janet Network resolver which uses RPZ feeds that update to adapt to emerging threats, while our cyber threat intelligence experts analyse threats for the education and research sectors.

Top tip: make sure you choose a strategy to detect and assess vulnerabilities within your IT estate, and work towards Cyber Essentials certification for confidence that you're keeping your systems and data protected.

Identity and access management

Control who and what can access your systems and data.

You need to understand who needs access to data, systems and services, as well as who needs to be kept out. Cyber Essentials helps you to make sure vital security precautions are in place and show areas you may need to improve.

Our world-leading trust and identity services can also help you manage access efficiently and effectively.

Data security

Protect data where it is vulnerable.

You should have confidence that your data is appropriately protected, wherever it is. Splunk gives you better visibility over ‘big data’, automating the collection, indexing and alerting of your machine data to provide real-time insights into your infrastructure and services. Managed SIEM works with Splunk to help you proactively manage threats and protect sensitive data.

A cyber security assessment can help flag any vulnerabilities you have to make sure you meet audit and compliance needs.

Logging and monitoring

Design your systems to be able to detect and investigate incidents.

Understanding how your systems are being used and what impact an incident may have is the foundation of security monitoring.

  • Managed SIEM monitors your systems, turning data logs into actionable insights
  • Splunk can help you to get a clearer overview of your IT environment and identify security threats and vulnerabilities

Incident management

Plan your response to cyber incidents in advance.

Being able to quickly detect and respond to incidents will help you reduce the impact when they happen. Make the most of the CSIRT team, safeguarding your current and future computer security. By monitoring and resolving security incidents that occur on the Janet Network, we can share intelligence and advice to help keep your own networks safe.

Supply chain security

Collaborate with your suppliers and partners.

An attack on the suppliers you rely on can be as damaging as one that targets your own organisation. Cyber security assessment helps you to evaluate, analyse and prioritise security issues according to risk.

Jisc security conference 2022

7-9 November 2022
Come together as a community at Jisc security conference 2022 to interact face to face, share stories and meet industry partners.

Find out more and book your place

Training to support you

ISO 27001 is a widely recognised standard for information security management systems and is designed to help organisations of all sizes manage information security processes and support your organisation to meet these ten steps. Register for ISO 27001 foundation training, lead implementer training or join our drop-in clinic.

Test your infrastructure, policies and procedures with a realistic simulated incident on our tailored ransomware incident response workshop.

Monitor your network activity

Gain insight into your network security threats, view DDoS mitigation data and have seamless access to security services.

Visit the cyber security portal

Join the cyber security community group

A trusted community that helps Jisc members increase their security posture.

Join discussion groups and share experiences about cyber security challenges and best practice.

Need cloud security solutions and advice?

Your cloud cyber team offers security-focused reviews to determine if platforms have been deployed in-line with platform vendor best practice and benchmarking.

As your trusted partner, contact us at cloud@jisc.ac.uk as you may already have solutions to strengthening your cloud security posture at your disposal.

An easy route to procurement

We are an approved supplier on the Crown Commercial Service dynamic purchasing system (DPS). This provides a simple and trusted way for public sector buyers and our members to procure Jisc cyber security services.

Find out more on the Crown Commercial Service website