March 3, 2024

Jisc audit assesses CERN’s cyber resilience

Author: kate.edser@jisc.ac.uk
Go to Source

CERN, the European Organization for Nuclear Research, has been provided with an assessment by Jisc of its ability to protect information and data processing infrastructure against a new British Standard for cyber risk and resilience.

Jisc is an early adopter of auditing against the new standard, which specifically looks at executive management’s strategic understanding of the risks associated with IT activities from a governance point of view.  

As one of the world’s largest and most respected centres for scientific research, CERN has ensured the stable and secure operation of particle accelerators, physics experiments and computing resources. Its enormous computing resources as well as its valuable data shared by researchers in many different countries, including the UK, could well be a target for abuse or manipulation.

As the number and sophistication of cyber security threats increases, it has become ever more important for business leaders to understand and implement processes that help manage and protect against cyber incidents.

CERN’s spokesperson said:

“Jisc’s audit has given us a valuable insight into the overall risk profile of CERN by increasing our capability across the organisation to deliver appropriate governance, risk management processes and investment decisions aimed at increasing our resilience to cyber attacks.”

Frances Burton, head of cyber security services at Jisc, said:

“The audit at CERN shows the importance that its leadership places on integrating robust cyber security measures throughout the organisation. Too often, cyber risk is managed solely by the information technology departments or cyber security groups.

“Our audit at CERN gives strategic insight and guidance to ensure that cyber resilience is built in across all levels and functions of the organisation, informed by, but not driven by, IT.”

Jisc’s BS 31111 audit and assessment is based on the British Standard 31111:2018 – cyber risk and resilience which was published last March. The standard emphasises that cyber risk cannot be delegated away from the governing body and that the executive management will be held accountable for ensuring that informed, appropriate decisions are being made which meet, or exceed, the expectations of the organisation’s stakeholders, including regulators.

Read more