Posts about Penetration Testing. To distinguish Penetration Testing from Vulnerability Scanning: VulnScanning tells you whether your patch process is being followed, PenTesting tells you whether you have the right patch process. Please do VS first: our Testers got bored otherwise…
Jisc performs a number of different activities to keep Janet and customer sites secure. Here’s a very short video on how we used a Data Protection Impact Assessment and a Legitimate Interests Assessment to check that those activities do not themselves create disproportionate risks. You can read the reports: Security Operations Centre (SOC): Data Protection Impact […]
At last week’s Jisc Security Conference I presented a talk on how we’ve assessed a couple of Jisc services (our Security Operations Centre and Penetration Testing Service) from a data protection perspective. The results have reassured us that these services create benefits rather than risks for Jisc, its customers and members, and users of the […]
In developing our Data Protection Impact Assessment for the Janet Security Operations Centre we noted that our Penetration Testing service could involve high risks, but didn’t really fit the DPIA framework. Penetration tests are much smaller scale than the SOC; they are commissioned by individual Jisc customers, usually on only parts of their operations; and […]