Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 27 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

ITHC (IT Health Check) and PSN compliance: an overview and considerations

Complete an ITHC to confirm you are PSN compliant and beyond, protecting your organisation and all those who have access to the Public Services Network.

by Jason Hart
June 22, 2021
in Features, Guru's Picks, Insight
Author headshot
Share on FacebookShare on Twitter

What is an IT Health Check (ITHC)

An ITHC (IT Health Check) is a series of tests to ensure that your organisation is impenetrable to unauthorised persons. Specifically, organisations or individuals conduct an ITHC to confirm that they meet key requirements for PSN compliance.

Direct from the ITHC supporting guidance:

“Your ITHC should aim to provide assurance that your organisation’s external systems are protected from unauthorised access or change, and they do not provide an unauthorised entry point into systems that consume PSN services.

The internal systems should be tested to provide further assurance that no significant weaknesses exist on network infrastructure or individual systems that could allow one internal device to intentionally or unintentionally impact on the security of another.”

PSN compliance

Just to make sure we’re all up to speed, the PSN (Public Services Network) is a UK government network which was established to enable public-sector organizations to share resources easily. It is also used by commercial service providers to sell services so that they can be accessed safely and securely by public-sector organisations.

For obvious reasons, it’s extremely important to ensure that this network cannot be breached, which is why any person or organisation who wishes to access the PSN must first demonstrate that they meet all the requirements for PSN compliance.

ITHC Considerations

The ITHC will check your internal and external systems for significant weaknesses and potential entry points, and review your security configurations.

Internal systems

During the ITHC, your internal network should be scanned and manually analysed.

Consider the following:

  • The build and configuration of all devices: laptops, desktops, phones, tablets.
  • Don’t forget to factor in employees personal devices.
  • Consider also, people external to your organisation who may have access to your internal systems, such as clients.
  • The configuration of your wireless network
  • Check that your OS, applications and firmware are updated with appropriate patches.
  • Review network management security and internal security gateway configuration (including PSN)

External systems

Your ITHC should also entail scanning and analysing online systems such as:

  • Email servers
  • Web servers
  • Firewalls
  • Any systems you have in place to allow staff to connect into your organisation remotely, including VPN.

Passwords – your first line of defence

PSN Code of Connection (CoCo) compliance requires you to demonstrate that you have systems in place to secure password protected entry points.

With CoCo: 2. Authentication and access control, these include:

  • Ensuring all passwords are changed from defaults
  • Stopping password/account sharing
  • Ensuring that high-privilege users such as administrators use different passwords across accounts
  • Strengthen authentication by combining passwords with some other form of authentication, such as two-factor.
  • Never store passwords as plain text, but ensure they are hashed using a cryptographic function capable of multiple iterations and/or a variable work factor. See how to change the Active Directory password hash method.

For a quick win to highlight the extent of the password problem in your organisation, it is recommended to audit your Active Directory users and passwords.

One simple method to complete this is with Specops Password Auditor, a free tool enabling you to export in a detailed or high level summary accounts identified with password vulnerabilities, including expired passwords, identical passwords or blank passwords, and compares password hashes on your systems against a regularly updated list of breached passwords so that you can alert affected users to update their password as soon as possible.

Find an appropriately certified ITHC testing partner

Central government customers must choose a partner who is accredited by the CHECK scheme. Non-government customers can also choose testing partners with CREST-approved ITHC services or the Cyber Scheme.

Work with your ITHC testing partner to resolve any issues that arise and you’ll not only meet PSN compliance, but crucially, you’ll be protecting your own organisation, your clients, and your employees.

 

Contributed by Jason Hart, Cyber Security Expert

 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Biden says 16 sectors should be off limits to attack

 Next Post

Lookout expands partnership with Google Cloud to deliver endpoint to cloud security

Recent News

Synopsys discover new vulnerability in Pluck Content Management System

Synopsys discover new vulnerability in Pluck Content Management System

March 24, 2023
Dole Food Company

Dole confirms employee data was breached following February ransomware attack

March 24, 2023
call centre

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

March 23, 2023
Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information