Education
Support
Centre

ESC forms relationship with ESISS to provide valuable professional information security and digital forensic services

The ESC has recently formalised their relationship with ESISS, the Education Shared Information Security Service. This extends the ESC portfolio to provide valuable professional information security and digital forensic services.  The formal agreement was put in place with an accredited trusted provider in the Education sector as a direct result of customer suggestions and the need for dedicated security staff to deal with potentially sensitive information security incidents.  

Ealing, Hammersmith and West London College had experienced a security incident which required a critical and forensic response. A third party provider was used to initially investigate and resolve the issue, but was deemed to be expensive and did not provide the level of service that Ealing needed.  

When Ealing, Hammersmith and West London College experienced critical security incident involving a SQL injection attack, the ESC, fortunately, had just put in place an informal relationship with ESISS. With the initial triage indicating a potential SQL injection attack, this diagnosis needed to be professionally confirmed and immediate remediation put in place to prevent further attacks. With Ealing’s consent the ESC contacted ESISS.  ESISS and Ealing agreed the parameters of what was required and the associated costs.  While the confidential data and process was channelled directly between Ealing and ESISS, the ESC continued to manage the process acting as a Moderator to ensure that the college received the best possible service. ESISS performed a full test of the web and application servers and were able to provide initial remediation steps within two hours.  This was followed up with a comprehensive confidential report providing further detailed remediation steps in line with industry best practice.

“While this problem was not something within the normal remit of ESCUK they were instrumental in helping us get on top of the problem. Between them, ESCUK and ESISS were awesome, professional and empathic - with deep professional and technical skills - first class support and not just with the technical side of things” Martin King, Ealing, Hammersmith and West London College.


All team members of ESISS are currently qualified to the TigerScheme (http://www.tigerscheme.org/) QSTM (Qualified Security Tester – Team Member) level, equivalent to CHECK team member/CREST Registered Tester, and also hold a number of other IT qualifications (including CISSP, CCNA, CCNP, CCSP). ESISS is also Trusted Introducer Accredited (https://www.trusted-introducer.org/teams/esiss.html). Trusted Introducer is the trusted backbone of the Security and Incident Response Team community in Europe.

As such ESISS has been selected as a preferred partner to provide security related services to ESC customers. This service is in addition to the support the ESC already provides to customers and is therefore at extra cost. 

https://www.esiss.ac.uk/case-studies/esiss-and-escuk-case-study/