ICT Security Services

The Security and Risk Assessment of the IT Environment is a high-level assessment of an institution’s ICT environment. The objective is to provide an overall view on an annual basis of the institution’s security and risk posture across a range of security domains and identify areas for improvement.

ICT Security Policies play a critical and strategic role in ensuring an institution’s information is managed appropriately and securely. It is important that policies are reviewed and updated on a regular basis to ensure they are in line with business requirements and industry best practises.

Security best practices recommend frequent Vulnerability Assessments to identify potential vulnerabilities that may be exploited.

Penetration tests play a critical role within every organisation, as many of the vulnerabilities and threats identified through manual testing are normally missed by common vulnerability scanners.

One of main sources of ICT security exposure may be the users within an institution. Users may expose the institution to risks by their behaviour whether maliciously or through bad practices or lack of understanding. Educating users is an important part of an organisation’s approach to minimising and mitigating risk so that users understand potential threats that the business could be exposed to e.g.

• Password Management
• Phishing
• Ransomware
• How to stay safe online

HEAnet will provide a general security awareness training programme delivering online or face to face training. The security awareness training is aimed at Faculty staff and tailored to the needs of the Irish Education and Research sector.

Phishing simulations are a very important part of the security awareness training, as they allow institutions to assess how their staff handle phishing attacks by sending realistic phishing emails to the staff. The resulting statistics can then be used by the institution to establish a baseline security level, as well as to identify areas of improvement in terms of security awareness.

The objective of this component of the ICT Security services is for HEAnet to take a leadership role to advise and assist clients on their security and risk challenges by providing access to security and risk competencies in key areas. HEAnet has a broad range of ICT security skills which it will continue to develop and share with clients through a variety of channels.