janet, security & esiss

Download Janet, Security & ESISS

Post on 21-Jan-2016

54 views

Category:

Documents

0 download

Embed Size (px)

DESCRIPTION

Janet, Security & ESISS. September 2013. Janet, Security & ESISS. Janet and Security An introduction to ESISS New services What won t be changing Q&A. Janet and Security. Operates CSIRT - PowerPoint PPT Presentation

TRANSCRIPT

  • Janet, Security & ESISSSeptember 2013

  • Janet, Security & ESISSJanet and SecurityAn introduction to ESISSNew servicesWhat wont be changingQ&A

  • Janet and SecurityOperates CSIRTWorks with UK Govt Cabinet Office and Cyber security Information Sharing Partnership (CISP), collaborating as required.Presence on UK e-Infrastructure Leadership Council and Security streamRange of products including server certificatesIncreasingly investing in security projects (recent funding on threat information service)Reviewing ISO27001

    And Janet ESISS

  • Janet ESISSFrom August 1st, Janet will be taking on the operations of ESISS..

    Now some history...

  • A Shared IssueThe same challengesDifferent resourcesDesire to collaborate

  • One Shared Service

  • Incorporating into JanetService Manager: Wally JacksonJanetOperationsESISSCSIRTShare Service ManagerShare skills between teamsRoadmap not sharedTargets not sharedNew Business Processes!Based in Loughborough UniversityBased in Janet Offices, HarwellProduct ManagementStrategic Technologies

  • The Initial ServicesAutomated Penetration TestingManual Penetration TestingConsultancy6 month review for other services

  • Automated Penetration TestingOn demand testing for potential vulnerabilities on external systems and websitesTesting is specifically designed to check for the most common vulnerabilitiesContinuously updated vulnerability databaseEasy to use web interface for management of scanning and reportingProvides remediation advice on securing vulnerabilities

  • SECTION HEADING

  • Manual Penetration TestingManual testing by experienced and certified testers, carried out to industry standardsTeam members have wide experience of common educational applicationsA complete service from scoping, project management, through to testing and reportingReport provides executive overview, graphical summary and detailed analysis

  • ConsultancyJanet has had the skills internally, however has lacked the routeSupporting the outcomes from penetration testing... also providing support for security issues arising from the work of CSIRT... and other security work, best practises, security management incident response training

  • Key PointsService as normal for existing ESISS customers, including priceSame certified testing teamFor the sector, by the sectorSeveral new contracts since taking ESISS into Janet

  • WHY?How does penetration testing help your organisation?

    Part of an audit: security, IT, financial

    Compliance: PCI-DSS, data protection

    To improve your security

  • PENETRATION TESTING AS A CONTROLPenetration testing wont make a system 100% secure (nothing will)

    Reduces the likelihood that the system can be compromised, and so reduces the risk

    Demonstrates a certain standard of care towards your information

  • HOW SHOULD IT BE USEDPerhaps around your most sensitive assets and applicationsWhen new applications are first deployedAs part of the QA and release processes for software development.

    When needed - on demandScheduled - check for unexpected changes, new vulnerabilities

    A mix of the above depending on the risks

  • Any Questions

    THANK YOUJanet, Lumen House Library Avenue, Harwell Oxford Didcot, Oxfordshiret: +44 (0) 1235 822200f: +44 (0) 1235 822399e: service@ja.net