Vulnerability Assessment Program

The NUIT Information Security Vulnerability Assessment Program is a University-wide set of policies, procedures, tools, and services intended to assist schools and departments in the auditing, identification, and remediation of security vulnerabilities.

The program is maintained, operated, and created by NUIT's Information and Systems Security/Compliance (ISS/C) department.

The program provides a security audit of network infrastructure and all related devices.

A specialized service of the program, the Web Service Assessment, can also proactively assess Web site vulnerabilities that could allow unauthorized access to a server.

Specifically, the Vulnerability Assessment provides:

• Consultation on the benefits of vulnerability assessments
• Initial audit of a client's network infrastructure through review of documents, configurations, network diagrams, and interviews
• In-depth network-based assessment of workstations, servers, devices, and the overall security of the network infrastructure
• Coordination, collaboration, and general technical consulting before, during and after the assessment
• Follow-up documentation / reports and additional consulting as needed after the assessment
• On an ad-hoc available basis, educational presentations concerning topics relevant to vulnerability assessments such as reducing vulnerabilities and secure coding

The Web Services Assessment provides:

• Manual scans for vulnerabilities on a school or department Web site
• Review for outdated software versions and other vulnerabilities, such as Cross-Site Scripting (XSS) and SQL injection
• Printed report of assessment findings and any personally identifiable information or University data found
• Review of any existing Web security scans already completed by a school or department
• Remediation plan if vulnerabilities exist

The Web Services Assessment will be run for every University Web site, and a representative from ISS/C contacts schools and departments to schedule a four-hour window to complete it during a mutuallly agreeable time. If you are concerned about the security of your Web site and would like to request and immediate assessment, contact Jeff Holland at 847-467-3569.