Skip to main content

Vulnerability Assessment Program

Northwestern IT's Information Security Office maintains and operates a Vulnerability Assessment Program to assist schools and departments in the auditing, identification, and remediation of security vulnerabilities in its own network infrastructure, related devices, and web services.

Vulnerability assessment services are offered at no cost to University Clients (schools and departments). While there is no charge for these assessment services, there is an expectation that the client will take appropriate action to resolve high-risk vulnerabilities in a timely manner to prevent their exploitation. The information security team can provide some technical assistance in the remediation effort.

Vulnerability Assessment Services

Vulnerability assessments are composed of:

To discuss the assessment process and options, or to request an assessment, contact Tim LeKan at 847-467-3569.

System Assessments

Systems assessment are designed for systems on the front end (laptops and desktops) and back end (servers). Scans look at operating systems vulnerabilities, as well as known issues relating to software configuration; e.g., zero day vulnerabiltiies, expired SSL Certificates, weak passwords, et al.   

The System Vulnerability Assessment provides:

Web Services Assessments

Web services assessments proactively assess websites for vulnerabilities that could allow unauthorized access to sites or systems. 

The Web Services Assessment provides:

Note: The Web Services Assessment scan can run for a prolonged period before completion, depending upon your design.  The Information Security Office will work with customers to establish a mutually agreed upon window for scanning.

Remediation

University Clients are responsible for remediating vulnerabilities discovered through the assessment process.  The Information Security Office offers assistance in this process, including collaborative review of reports, as well as guidance in locating resources for securing systems and applications.

Clients are encouraged to reference a Northwestern-specific list of common vulnerabilities and mitigation techniques as a starting point for remediation activities, and to contribute to this list as remediation continues.

Training

The Qualys Vulnerability Management Video Series is a helpful resource for those using the Qualys CMS and looking for less advanced training on the Qualys system. These videos are designed to help get you started using the Qualys Vulnerability Management Tool.  

For more advanced training, sign up for in-person classes or WebEx training classes, which are free to Qualys customers.

Last Updated: 18 December 2017

Get Help Back to top