Building solid security practice and culture together to empower you with technology and hands-on cyber posture support.
16 questions you need to ask to assess your cyber security posture (pdf)
Ten steps to cyber security
The National Cyber Security Centre’s ten steps to cyber security breaks down the task of defending your networks, systems and information into its essential components. Working in partnership with them, we’ve matched our key services to each step.
A good risk management approach gives you the foundations to respond to threats. Evaluate your current security posture with cyber security assessment, and test your systems and networks against real-world cyber attack scenarios with penetration testing. Underpinning the Janet Network, foundation DDoS mitigation and foundation plus reduces disruption to help avoid financial loss or reputational damage.
Key training: Test vulnerabilities by learning to think like a hacker.
Your staff can be an effective resource in preventing or detecting incidents. Using the simulated phishing and associated training framework can help users safely experience what an attack might look like so they understand wider risks and know what to do if they suspect an issue.
Information security e-learning covers phishing, malware and password security, and training around developing effective security awareness campaigns gives you the tools you need to build a strong security culture to support your staff.
It can be hard to maintain an understanding of all the assets within your environment and the risks for each one. Use cyber security assessment to meet audit and compliance needs, and vulnerability assessment service and tools supply framework to choose the right strategy to detect and assess vulnerabilities within your IT estate.
Make sure you have vital security precautions in place by gaining or renewing your Cyber Essentials certification.
Ensuring that good security is at the heart of your projects means you're mitigating the risks your organisation cares about. Choose the right strategy using vulnerability assessment service and tools supply framework, securely manage your public DNS records with primary nameserver service and ensure your users are protected from email abuse using allow and deny lists.
For peace of mind, critical services protection safeguards your business-critical services with out-of-hours coverage, whilst our managed firewall service reduces your management burden and helps you stay ahead of the current threat.
Many security incidents are caused by attackers exploiting publicly disclosed vulnerabilities. Proactively managing threats using a managed SIEM can help protect your systems, spot anomalies early and respond quickly. Add a layer of defence with Janet Network resolver which uses RPZ feeds that update to adapt to emerging threats, while our cyber threat intelligence experts analyse threats for the education and research sectors.
Top tip: make sure you choose a strategy to detect and assess vulnerabilities within your IT estate, and work towards Cyber Essentials certification for confidence that you're keeping your systems and data protected.
You need to understand who needs access to data, systems and services, as well as who needs to be kept out. Cyber Essentials helps you to make sure vital security precautions are in place and show areas you may need to improve.
Our world-leading trust and identity services can also help you manage access efficiently and effectively.
You should have confidence that your data is appropriately protected, wherever it is. Splunk gives you better visibility over ‘big data’, automating the collection, indexing and alerting of your machine data to provide real-time insights into your infrastructure and services. Managed SIEM works with Splunk to help you proactively manage threats and protect sensitive data.
A cyber security assessment can help flag any vulnerabilities you have to make sure you meet audit and compliance needs.
Understanding how your systems are being used and what impact an incident may have is the foundation of security monitoring.
Being able to quickly detect and respond to incidents will help you reduce the impact when they happen. Make the most of the CSIRT team, safeguarding your current and future computer security. By monitoring and resolving security incidents that occur on the Janet Network, we can share intelligence and advice to help keep your own networks safe.
An attack on the suppliers you rely on can be as damaging as one that targets your own organisation. Cyber security assessment helps you to evaluate, analyse and prioritise security issues according to risk.
Jisc security conference 2022
7-9 November 2022
Come together as a community at Jisc security conference 2022 to interact face to face, share stories and meet industry partners.
Training to support you
ISO 27001 is a widely recognised standard for information security management systems and is designed to help organisations of all sizes manage information security processes and support your organisation to meet these ten steps. Register for ISO 27001 foundation training, lead implementer training or join our drop-in clinic.
Test your infrastructure, policies and procedures with a realistic simulated incident on our tailored ransomware incident response workshop.
Join the cyber security community group
A trusted community that helps Jisc members increase their security posture.
Need cloud security solutions and advice?
Your cloud cyber team offers security-focused reviews to determine if platforms have been deployed in-line with platform vendor best practice and benchmarking.
As your trusted partner, contact us at firstname.lastname@example.org as you may already have solutions to strengthening your cloud security posture at your disposal.
An easy route to procurement
We are an approved supplier on the Crown Commercial Service dynamic purchasing system (DPS). This provides a simple and trusted way for public sector buyers and our members to procure Jisc cyber security services.
Explore cyber security