janet security esiss
Download
Skip this Video
Download Presentation
Janet, Security & ESISS

Loading in 2 Seconds...

play fullscreen
1 / 18

Janet, Security & ESISS - PowerPoint PPT Presentation


  • 178 Views
  • Uploaded on

Janet, Security & ESISS. September 2013. Janet, Security & ESISS. Janet and Security An introduction to ESISS New services What won ’ t be changing Q&A. Janet and Security. Operates CSIRT

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Janet, Security & ESISS' - alda


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2

Janet, Security & ESISS

  • Janet and Security
  • An introduction to ESISS
  • New services
  • What won’t be changing
  • Q&A
slide3

Janet and Security

  • Operates CSIRT
  • Works with UK Gov’t Cabinet Office and Cyber security Information Sharing Partnership (CISP), collaborating as required.
  • Presence on UK e-Infrastructure Leadership Council and Security stream
  • Range of products including server certificates
  • Increasingly investing in security projects (recent funding on threat information service)
  • Reviewing ISO27001
  • And… Janet ESISS
slide4

Janet ESISS

  • From August 1st, Janet will be taking on the operations of ESISS..
  • Now some history...
slide5

A Shared Issue

  • The same challenges
  • Different resources
  • Desire to collaborate
slide7

Incorporating into Janet

  • Share Service Manager
  • Share skills between teams
  • Roadmap not shared
  • Targets not shared
  • New Business Processes!

Janet

Strategic Technologies

Operations

Product Management

Based in Loughborough University

CSIRT

ESISS

Based in Janet Offices, Harwell

Service Manager: Wally Jackson

slide8

The Initial Services

  • Automated Penetration Testing
  • Manual Penetration Testing
  • Consultancy
  • 6 month review for other services
slide9

Automated Penetration Testing

  • On demand testing for potential vulnerabilities on external systems and websites
  • Testing is specifically designed to check for the most common vulnerabilities
  • Continuously updated vulnerability database
  • Easy to use web interface for management of scanning and reporting
  • Provides remediation advice on securing vulnerabilities
slide11

Manual Penetration Testing

  • Manual testing by experienced and certified testers, carried out to industry standards
  • Team members have wide experience of common educational applications
  • A complete service from scoping, project management, through to testing and reporting
  • Report provides executive overview, graphical summary and detailed analysis
slide12

Consultancy

  • Janet has had the skills internally, however has lacked the route
  • Supporting the outcomes from penetration testing
  • ... also providing support for security issues arising from the work of CSIRT
  • ... and other security work, best practises, security management incident response training
slide13

Key Points

  • Service as normal for existing ESISS customers, including price
  • Same certified testing team
  • For the sector, by the sector
  • Several new contracts since taking ESISS into Janet
slide14

WHY?

  • How does penetration testing help your organisation?
  • Part of an audit: security, IT, financial
  • Compliance: PCI-DSS, data protection
  • To improve your security
slide15

PENETRATION TESTING AS A CONTROL

  • Penetration testing won’t make a system 100% secure (nothing will)
  • Reduces the likelihood that the system can be compromised, and so reduces the risk
  • Demonstrates a certain standard of care towards your information
slide16

HOW SHOULD IT BE USED

  • Perhaps around your most sensitive assets and applications
  • When new applications are first deployed
  • As part of the QA and release processes for software development.
  • When needed - on demand
  • Scheduled - check for unexpected changes, new vulnerabilities
  • A mix of the above depending on the risks
slide18

THANK YOU

Janet, Lumen House Library Avenue, Harwell OxfordDidcot, Oxfordshire

t: +44 (0) 1235 822200

f: +44 (0) 1235 822399

e: [email protected]

ad