Skip to main content

Vulnerability Assessment Program

The Northwestern Information Technology Information Security Vulnerability Assessment Program is a University-wide set of policies, procedures, tools, and services intended to assist schools and departments in the auditing, identification, and remediation of security vulnerabilities in its own network infrastructure, related devices, and web services. 

The program is maintained and operated by Northwestern IT's Information and Systems Security/Compliance (ISS/C) and is offered at no cost to University Clients (schools and departments). While there is no charge for these assessment services, there is an expectation that the client will take appropriate action to resolve high-risk vulnerabilities in a timely manner to prevent their exploitation. ISS/C can provide some technical assistance in the remediation effort.

The Vulnerability Assessment provides:

System Assessment

This assessment is designed for front end (laptops and desktops) and back end (servers) systems. The scan looks at operating systems vulnerabilities, as well as known issues relating to software configuration like POODLE, Expired SSL Certificates, weak passwords, et al.   

The System Vulnerability Assessment provides:

Web Services Assessment

This assessment proactively assesses websites for vulnerabilities that could allow unauthorized access to sites or systems. 

The Web Services Assessment provides:

Note: The Web Services Assessment scan can run for a prolonged period before completion, depending upon your design. 

ISS/C will work with customers to establish a mutually agreed upon window for scanning. To discuss the scanning process and options, or to request an assessment, contact Tim LeKan at 847-467-3569.

Remediation

ISS/C offers assistance in remediating vulnerabilities discovered through the Vulnerability Assessment Program. This includes collaborative review of reports, as well as guidance in locating resources for securing systems and applications. Also available is a list of common vulnerabilities and mitigation techniques that can serve as a starting point for remediation activities.

Qualys Training Resources

The Qualys Vulnerability Management Video Series is a helpful resource for those using the Qualys CMS and looking for less advanced training on the Qualys system. These videos are designed to help get you started using the Qualys Vulnerability Management Tool.  

For more advanced training, sign up for in-person classes or WebEx training classes, which are free to Qualys customers.

Last Updated: 8 December 2017

Get Help Back to top