This is the third in the Road to CE series, we’ll be talking about the written policies need to support Cyber Essentials, most of these will just be updates to existing policies. TLDR: Review and update your policies to enshrine the technical controls and accommodate for technical control feature lackings. If you don’t have an […]
Category: Cloud advice
Advice on good practice when using cloud.
Categories
Road to Cyber Essentials: The Pilot
This is the second in the Road to CE series of blog posts following Jisc’s full Cyber Essentials journey. In this part of our journey, we had a meeting with senior stakeholders as well as our IT Security teams, explored the requirements for Cyber Essentials and how best to achieve those for Jisc and scoping […]
Categories
Road to Cyber Essentials: The Start
Jisc are Cyber Essentials compliant, this will be a series of blog posts on how we achieved this. To start off you need to evaluate your digital estate, start small and expand from there. Your IdP will be your biggest asset in assisting with CE, make sure your systems use your IdP for login, try […]
Microsoft365DSC is an Open-Source initiative lead by Microsoft engineers and maintained by the community. It allows tenant admins to write a definition for how your Microsoft 365 tenant should be configured, automate the deployment of that configuration and ensures the monitoring of the defined configuration, notifying and acting on detected configuration drifts. It also allows […]
Automate automate automate, that should be part of my job title. In this post I’m going to talk about a lesser known feature of Azure AD, which is now available to anyone with A3/E3 or above, group based licensing. With Microsoft’s retirement of the AzureAD and MSOL modules (replaced with MSGraph) you will need to […]
I am hearing increasing reports of UK academic institutions suffering from ramsomware attacks. These are now happening much more frequently than in the past and the consequences, in some cases at least, can be devastating. It is no longer a question of if you will be attacked but when you will be attacked and how […]
A recording of the recent session run by Paul Martin of Fortinet at the Jisc Security Conference. The session covers Jisc’s Managed Website Protection service and how that helps institutions and organizations mitigate against the evolving security threat landscape.
A recording of the recent session run by Simon Dix of the Jisc cloud solutions team at the Jisc Security Conference. The session covers the public cloud shared responsibility model in relation to the roles and responsibilities of both cloud vendors and cloud consumers.
A recording of the recent session run by Richard Jackson and Colm Blake of the Jisc cloud solutions team at the Jisc Security Conference. The session covers best practices for the configuration of Office 365, Windows 10/11 and the Enterprise Mobility and Security (EMS) suite.
Microsoft have recently announced the Preview of Autoscale for Azure Virtual Desktop and at first blush it looks like native scaling has had some much-needed improvements. The previous incarnation was a little clumsy, requiring you to independently create an automation account, an Azure function and optionally, a Log Analytics Workspace. In addition, any parameters then […]