janet, security & esiss
Post on 21-Jan-2016
Embed Size (px)
DESCRIPTIONJanet, Security & ESISS. September 2013. Janet, Security & ESISS. Janet and Security An introduction to ESISS New services What won t be changing Q&A. Janet and Security. Operates CSIRT - PowerPoint PPT Presentation
Janet, Security & ESISSSeptember 2013
Janet, Security & ESISSJanet and SecurityAn introduction to ESISSNew servicesWhat wont be changingQ&A
Janet and SecurityOperates CSIRTWorks with UK Govt Cabinet Office and Cyber security Information Sharing Partnership (CISP), collaborating as required.Presence on UK e-Infrastructure Leadership Council and Security streamRange of products including server certificatesIncreasingly investing in security projects (recent funding on threat information service)Reviewing ISO27001
And Janet ESISS
Janet ESISSFrom August 1st, Janet will be taking on the operations of ESISS..
Now some history...
A Shared IssueThe same challengesDifferent resourcesDesire to collaborate
One Shared Service
Incorporating into JanetService Manager: Wally JacksonJanetOperationsESISSCSIRTShare Service ManagerShare skills between teamsRoadmap not sharedTargets not sharedNew Business Processes!Based in Loughborough UniversityBased in Janet Offices, HarwellProduct ManagementStrategic Technologies
The Initial ServicesAutomated Penetration TestingManual Penetration TestingConsultancy6 month review for other services
Automated Penetration TestingOn demand testing for potential vulnerabilities on external systems and websitesTesting is specifically designed to check for the most common vulnerabilitiesContinuously updated vulnerability databaseEasy to use web interface for management of scanning and reportingProvides remediation advice on securing vulnerabilities
Manual Penetration TestingManual testing by experienced and certified testers, carried out to industry standardsTeam members have wide experience of common educational applicationsA complete service from scoping, project management, through to testing and reportingReport provides executive overview, graphical summary and detailed analysis
ConsultancyJanet has had the skills internally, however has lacked the routeSupporting the outcomes from penetration testing... also providing support for security issues arising from the work of CSIRT... and other security work, best practises, security management incident response training
Key PointsService as normal for existing ESISS customers, including priceSame certified testing teamFor the sector, by the sectorSeveral new contracts since taking ESISS into Janet
WHY?How does penetration testing help your organisation?
Part of an audit: security, IT, financial
Compliance: PCI-DSS, data protection
To improve your security
PENETRATION TESTING AS A CONTROLPenetration testing wont make a system 100% secure (nothing will)
Reduces the likelihood that the system can be compromised, and so reduces the risk
Demonstrates a certain standard of care towards your information
HOW SHOULD IT BE USEDPerhaps around your most sensitive assets and applicationsWhen new applications are first deployedAs part of the QA and release processes for software development.
When needed - on demandScheduled - check for unexpected changes, new vulnerabilities
A mix of the above depending on the risks
THANK YOUJanet, Lumen House Library Avenue, Harwell Oxford Didcot, Oxfordshiret: +44 (0) 1235 822200f: +44 (0) 1235 822399e: firstname.lastname@example.org