CSIRT
Safeguard your computer security with ongoing support from our dedicated computer security incident response team.
The cyber threat landscape is always evolving. Threat actors are continuing to target educational institutions, causing extensive damage and lengthy, expensive disruption. Jisc’s CSIRT team provides your first line of defence against cyber threats. Our world class incident response service works to create a secure environment for your organisation by monitoring and resolving any security incidents that occur on your network.
We work closely with other cyber security organisations and members of our cyber community to detect, report and investigate incidents that pose a threat to the security of our members' information systems. We also investigate other forms of network abuse such as spam and copyright infringement.
“When faced with a complex and time-critical incident, Jisc provided the highest level of professionalism, responsiveness and technical expertise. The information was shared and presented in such a way that even non-ICT experts were able to engage with the work being done."
Vice-principal, Northampton College
Information security threats are not limited to particular networks or national boundaries, so we assist national and international law enforcement agencies in their investigations, connecting them to our trusted contacts within the community. We work with other computer security incident response teams across the UK, Europe and the rest of the world to manage and resolve incidents. Through our work, we have built strong relationships with other security researchers and sources of security reports to ensure we provide you with a fast and effective response.
Groups and organisations we work with:
- The National Cyber Security Centre
Jisc works closely with the NCSC, which provides us with actionable threat intelligence that we use to continuously improve the ability of our security services to address the dynamic threat landscape. - GÉANT Security Services
GÉANT Security Services is a task force that promotes collaboration between CSIRTs at the European level, and liaises with similar groups in other regions. - FIRST
FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organisations. - Trusted Introducer
Trusted Introducer is the backbone of the security and incident response team community in Europe.
CREST-accredited
Jisc is assured for Cyber Incident Response (CIR) Level 2.
CREST membership is an internationally-recognised badge of excellence in information security.
Key features
As part of your membership, the service provides the following benefits:
- Centralised coordination of reported security incidents
- Monitoring and mitigation of denial of service (DoS) attacks
- Improved technical awareness and engagement with peers and experts in security discussions via our cyber community, webinars and events
- Security activity statistics made available online
- One-to-one advice on security systems and recovery from compromise
- Incident management
- Unlimited access to a knowledge base of security information
- Access to a number of channels of communication for the latest security news, trends and technical information
- Regular, synthesised vulnerability alerts
Eligibility
This service is freely available to all Janet-connected institutions.
Use of this service is subject to adherence to the:
Get support
- Read our simple security advice explaining a few essential things that can help you protect the security of your network
- Report abuse through our online form
- Read the requirements and expectations in your role as a security contact
Data usage
Netflow and data protection
We process data that has been collected on various routers on the Janet Network. This information is considered valuable for the following tasks: research, security incident response, network operations and planning. Read more information about how the data is collected and processed.
Keeping logs of network activity
It's essential to monitor usage of the Janet connection to ensure we're on top of potential security incidents. Find out more about logging network activity and and how you can get involved.
Netflow and data protection
We process data that has been collected on various routers on the Janet Network. This information is considered valuable for the following tasks: research, security incident response, network operations and planning. Read more information about how the data is collected and processed.
Keeping logs of network activity
It's essential to monitor usage of the Janet connection to ensure we're on top of potential security incidents. Find out more about logging network activity and and how you can get involved.
Service level description
Service description
CSIRT is a service to safeguard the current and future Janet Network security (steering the security policies for all Janet Network connections) and Jisc members.
The primary function is to monitor, co-ordinate and resolve any security incidents that occur on the Janet Network.
Hours of service
The full service is available during 08:00 and 18:00, Mondays to Fridays.
Outside of the above service period, an on-call service is available from 18:00 to midnight, Mondays to Fridays and from 09:00 to 17:00, Saturday and Sundays.
Service is available on Christmas and New Year’s Day via the call-out process.
PGP/GPG: 0x41A8A66E4EC70D66
Key fingerprint: 5B79 575F 400D AA85 0BC4 89CE 41A8 A66E 4EC7 0D66
Security
Organisations must ensure they understand and adhere to the security policy.
Your responsibilities
You are responsible on an ongoing basis for ensuring the contact details, notified to Janet Network CSIRT or Jisc service desk, of a suitable representative from within your organisation are kept up to date and any changes in responsibility promptly notified.
You must ensure that emails from CSIRT are acknowledged within a time frame commensurate with the importance of the issue.
For guidance:
- Urgent issues should be responded to within one hour
- Non-urgent, but otherwise important issues, within two business days
- Less urgent issues, within five business days, as defined in SLD definitions
Charges
This service is centrally-funded.
Request for service
Request this service by contacting CSIRT directly on tel: 0300 999 2340 or via email: irt@jisc.ac.uk, or via the service desk on tel: 0300 300 2212 or via email: help@jisc.ac.uk.
Service delivery time
During the full service period, an initial response will be given within one hour.
During the on-call service period, an initial response will be given within two hours.
Terms and conditions
Please ensure your organisation understands and adheres to our terms and conditions.
Escalation
If you are experiencing an issue with the service and wish to escalate the issue within Janet, please contact us via the service desk on tel: 0300 300 2212 or via email: help@jisc.ac.uk.
Service description
CSIRT is a service to safeguard the current and future Janet Network security (steering the security policies for all Janet Network connections) and Jisc members.
The primary function is to monitor, co-ordinate and resolve any security incidents that occur on the Janet Network.
Hours of service
The full service is available during 08:00 and 18:00, Mondays to Fridays.
Outside of the above service period, an on-call service is available from 18:00 to midnight, Mondays to Fridays and from 09:00 to 17:00, Saturday and Sundays.
Service is available on Christmas and New Year’s Day via the call-out process.
PGP/GPG: 0x41A8A66E4EC70D66
Key fingerprint: 5B79 575F 400D AA85 0BC4 89CE 41A8 A66E 4EC7 0D66
Security
Organisations must ensure they understand and adhere to the security policy.
Your responsibilities
You are responsible on an ongoing basis for ensuring the contact details, notified to Janet Network CSIRT or Jisc service desk, of a suitable representative from within your organisation are kept up to date and any changes in responsibility promptly notified.
You must ensure that emails from CSIRT are acknowledged within a time frame commensurate with the importance of the issue.
For guidance:
- Urgent issues should be responded to within one hour
- Non-urgent, but otherwise important issues, within two business days
- Less urgent issues, within five business days, as defined in SLD definitions
Charges
This service is centrally-funded.
Request for service
Request this service by contacting CSIRT directly on tel: 0300 999 2340 or via email: irt@jisc.ac.uk, or via the service desk on tel: 0300 300 2212 or via email: help@jisc.ac.uk.
Service delivery time
During the full service period, an initial response will be given within one hour.
During the on-call service period, an initial response will be given within two hours.
Terms and conditions
Please ensure your organisation understands and adheres to our terms and conditions.
Escalation
If you are experiencing an issue with the service and wish to escalate the issue within Janet, please contact us via the service desk on tel: 0300 300 2212 or via email: help@jisc.ac.uk.
ISO certification
This service is included within the scope of our ISO9001 and ISO27001 certificates.
Get involved
Join our defend as one campaign and help us unite higher and further education in a common cause - to build robust defences across the sector. As a member, you can sign up to receive personalised instructions on how to improve your cyber security posture across your organisation.
Related resources
- Test your infrastructure, policies and procedures with a realistic simulated incident by signing up to our ransomware incident response workshop.
- Sign up to the cyber community to receive the latest threat updates and monthly and quarterly briefings to strengthen your cyber posture.
- Read how Jisc works with the National Cyber Security Centre to protect UK education
- Read about the latest cyber impact report