Information Security

5 September 2017 at 9:47am
Vulnerability management is a critical aspect of cybersecurity. Understanding and limiting the vulnerabilities in our systems reduces the chance that they will cause harm to others, to Jisc, or it’s reputation. For some products and services (such as computer operating systems), vulnerability management is a relatively mature and well understood field. In others, particularly for highly specialised software, the level of service available from suppliers to help you manage vulnerabilities in their products and systems is variable to non-existent. 
11 August 2017 at 3:55pm
Through the work done to gain ISO 27001 certification within Jisc we have had to explore, review, understand and improve how we deal with information security issues in products and services we obtain from suppliers. We must understand the requirements of our systems and services, the security implications, features and properties of our suppliers’ products and services, and how information security becomes an integral part of the relationship with the supplier.
7 April 2017 at 1:05pm
Many organizations want to check that their suppliers and partners are managing information security risk, and possession of an ISO 27001 certificate is often the preferred way to evidence this. If you are reliant upon the assurances that an ISO certificate can provide, checking that the certificate is valid is an important but not particularly difficult process.
19 April 2017 at 9:42am
[Update: Jisc has responded to the Working Party's invitation to comment on these guidelines]
16 September 2016 at 10:05am
In anything other than the smallest organisations getting insight into how e-mail is being used can be difficult. Cloud based e-mail means that you no longer know technical details of even a trivial implementation, and colleagues can quickly setup SaaS services that send e-mail from your domains without involvement from IT.
6 June 2016 at 2:00pm
The past week saw a number of breaches of usernames and passwords from well-known websites. People are prone to reuse passwords across personal and corporate accounts, and compromised social networking accounts can be used to conduct social engineering attacks.  These incidents have the potential to impact on your own organisation but it can be difficult to prioritize them alongside other incidents. For a large organisation with many thousands of users the process of notifying and supporting affected individuals can be involved and time consuming.
Subscribe to Information Security