As a research and education organisation, you are under increasing pressure to demonstrate the effectiveness of your cyber security. Partners and funding bodies, for example, may want to see cyber security assessment reports – while internally, you are keen to do all you can to mitigate risks.
That’s why we offer the cyber security assessment service: a tailored, cost-effective process to help you meet audit and compliance needs.
The service helps you to evaluate, analyse and improve your security posture, on a one-off or ongoing basis, according to your needs.
All work is carried out by our in-house cyber security experts – who are experienced, trained and certified.
And because it’s a tailored service, we are able to scope the work to your exact requirements. That makes it cost-effective for you.
How does the cyber security assessment help me?
This service helps you to:
Evaluate your readiness against real-world attacks
As part of the service, we assess how vulnerable you are to cyber attacks. The evaluation has two elements:
A vulnerability assessment analyses your network for known issues – giving consistent, repeatable data on security holes and information on weaknesses. The assessment takes the form of a series of tailored, tests for misconfigurations, security patches and cryptographic flaws – which we also confirm by manual analysis.
A configuration analysis audits the security controls you already have in place – against, for example, known best practices or standards.
Analyse the cyber security risks you face
Armed with data from your vulnerability assessment and configuration analysis, we prioritise security issues according to risk – allowing you to focus your efforts on areas critical to you.
This risk analysis helps you understand the potential impacts to your organisation – and the range of approaches you could take to remain resistant to cyber attacks.
Take steps to harden your security
Using information from these assessments and analysis, we propose ways to secure your network – such as configuration improvements, processes and security controls – to help you make informed decisions on what to do next.
We can also let you know about areas of residual business risk that you may wish to mitigate, including legal or insurance issues.
Improve your posture on a regular basis
Because this is a repeatable process, we can conduct regular assessments – for example, on a yearly basis – helping you show how your security improves progressively against a baseline.
Regular assessment will also catch any new flaws in security, for example from new services or lapsed testing.
We offer a very competitive member-only rate compared to commercial equivalents
Our expertise lies in testing and analysing the systems and infrastructure unique to our members in education and research
We feed back our threat findings to the sector, for the benefit of the whole community
In collaboration with the SOC and CSIRT teams who manage security across the Janet network, our sector specific threat intelligence is always current and industry leading
We understand the security challenges facing education and research, from the annual influx of new students, to networks across different campuses, devolved IT departments and legacy systems and software
Our security experts can offer workshops as part of an engagement to upskill your internal staff and enhance your testing and security capability for the future
Case study: Cardiff Metropolitan University
Throughout the 2020 lockdowns, cyber-attacks on UK universities and colleges increased dramatically in both number and severity – and there’s nothing to indicate that this trend will stop any time soon.
Jisc have been appointed as an approved supplier on the Crown Commercial Services dynamic purchasing system (DPS). The benefit for our members in purchasing through the DPS is that it allows public sector buyers to procure an extensive variety of cyber security services from a range of pre-qualified suppliers.