Case Study – University of Winchester
How the University of Winchester reduced its IT security risk by automating its vulnerability assessment and reporting.
The challenge: assessing vulnerabilities across an organisation
In today’s IT security environment, organisations know risk assessment is a vital step on the road to risk reduction. And when Sean Ashford, network and systems manager at the University of Winchester, recently conducted a wide-ranging risk assessment of his IT infrastructure, he naturally sought an up-to-date assessment of server and equipment patching levels on the network.
But with 150 servers for Sean’s team to go through, going through everything manually would take more staff time than Sean could spare.
“It would take at least a year for one person to look at patching levels on each server and do a risk assessment on each one,” he says.
The solution: Jisc’s vulnerability assessment and information service (VAS)
Then, early in 2016, Ashford attended a presentation given by KHIPU Networks, who provide the Jisc vulnerability assessment and information service. This service automates the process of vulnerability scanning – and provides reporting to help organisations prioritise and act on areas of risk.
The University of Winchester then procured the service via a Jisc framework – allowing Ashford to check his organisations’ IT assets against an extensive list of potential security vulnerabilities.
Benefits to staff, students and reputation: reduced IT security risk
The main benefit of the system, says Ashford, is that it reduces the University of Winchester’s overall vulnerability to a breach – giving him and his team greater peace of mind. “Things are more stable, more up to date and more secure,” he says.
“Previously we’ve had external companies do vulnerability reports – but in nowhere near the amount of detail,” Ashford adds. “It looks at every nook and cranny of your server and pulls out anything that’s remotely vulnerable.”
Granular reporting allows Ashford’s team to prioritise risk: the system not only supplies a list of vulnerabilities, but classifies these vulnerabilities by potential severity and by server. And best of all, it’s of practical use: “The report doesn’t only tell you what’s wrong; it also tells you how to remedy it,” says Ashford.
And in order to help improve staff and student experience, it also allows the University of Winchester to schedule vulnerability scanning at a time of its own choice.
Efficiency benefits: the advantage of buying through Jisc
Buying the system through Jisc’s purchasing framework allowed Ashford to “get cracking” on his risk assessment and reduction – saving the University of Winchester valuable time that it would otherwise have spent procuring from potential providers.
“We found the Jisc framework easy to use, and completely compatible with the university’s financial rules and regulations – which sped up procurement of the system,” he explains.
For further information, please go to the following Jisc websites:
- Vulnerability Assessment Service (VAS) Overview
About KHIPU Networks Limited
KHIPU Networks is an award winning Cyber Security provider who deliver network, wifi and security solutions, technologies and services across multiple sectors. KHIPU’s focus has always been to work in partnership with its customers, to understand their environments and challenges so that it can provide ‘best of breed’ solutions that enable them to meet their strategic goals. By Appointment to Her Majesty the Queen – Network Security Provider. www.khipu-networks.com