Janet security esiss
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

Janet, Security & ESISS PowerPoint PPT Presentation


  • 125 Views
  • Uploaded on
  • Presentation posted in: General

Janet, Security & ESISS. September 2013. Janet, Security & ESISS. Janet and Security An introduction to ESISS New services What won ’ t be changing Q&A. Janet and Security. Operates CSIRT

Download Presentation

Janet, Security & ESISS

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Janet security esiss

Janet, Security & ESISS

  • September 2013


Janet security esiss

Janet, Security & ESISS

  • Janet and Security

  • An introduction to ESISS

  • New services

  • What won’t be changing

  • Q&A


Janet security esiss

Janet and Security

  • Operates CSIRT

  • Works with UK Gov’t Cabinet Office and Cyber security Information Sharing Partnership (CISP), collaborating as required.

  • Presence on UK e-Infrastructure Leadership Council and Security stream

  • Range of products including server certificates

  • Increasingly investing in security projects (recent funding on threat information service)

  • Reviewing ISO27001

  • And… Janet ESISS


Janet security esiss

Janet ESISS

  • From August 1st, Janet will be taking on the operations of ESISS..

  • Now some history...


Janet security esiss

A Shared Issue

  • The same challenges

  • Different resources

  • Desire to collaborate


Janet security esiss

One Shared Service


Janet security esiss

Incorporating into Janet

  • Share Service Manager

  • Share skills between teams

  • Roadmap not shared

  • Targets not shared

  • New Business Processes!

Janet

Strategic Technologies

Operations

Product Management

Based in Loughborough University

CSIRT

ESISS

Based in Janet Offices, Harwell

Service Manager: Wally Jackson


Janet security esiss

The Initial Services

  • Automated Penetration Testing

  • Manual Penetration Testing

  • Consultancy

  • 6 month review for other services


Janet security esiss

Automated Penetration Testing

  • On demand testing for potential vulnerabilities on external systems and websites

  • Testing is specifically designed to check for the most common vulnerabilities

  • Continuously updated vulnerability database

  • Easy to use web interface for management of scanning and reporting

  • Provides remediation advice on securing vulnerabilities


Janet security esiss

SECTION HEADING


Janet security esiss

Manual Penetration Testing

  • Manual testing by experienced and certified testers, carried out to industry standards

  • Team members have wide experience of common educational applications

  • A complete service from scoping, project management, through to testing and reporting

  • Report provides executive overview, graphical summary and detailed analysis


Janet security esiss

Consultancy

  • Janet has had the skills internally, however has lacked the route

  • Supporting the outcomes from penetration testing

  • ... also providing support for security issues arising from the work of CSIRT

  • ... and other security work, best practises, security management incident response training


Janet security esiss

Key Points

  • Service as normal for existing ESISS customers, including price

  • Same certified testing team

  • For the sector, by the sector

  • Several new contracts since taking ESISS into Janet


Janet security esiss

WHY?

  • How does penetration testing help your organisation?

  • Part of an audit: security, IT, financial

  • Compliance: PCI-DSS, data protection

  • To improve your security


Janet security esiss

PENETRATION TESTING AS A CONTROL

  • Penetration testing won’t make a system 100% secure (nothing will)

  • Reduces the likelihood that the system can be compromised, and so reduces the risk

  • Demonstrates a certain standard of care towards your information


Janet security esiss

HOW SHOULD IT BE USED

  • Perhaps around your most sensitive assets and applications

  • When new applications are first deployed

  • As part of the QA and release processes for software development.

  • When needed - on demand

  • Scheduled - check for unexpected changes, new vulnerabilities

  • A mix of the above depending on the risks


Any questions

Any Questions


Janet security esiss

THANK YOU

Janet, Lumen House Library Avenue, Harwell OxfordDidcot, Oxfordshire

t: +44 (0) 1235 822200

f: +44 (0) 1235 822399

e: [email protected]


  • Login