Vulnerability Assessment Program

The NUIT Information Security Vulnerability Assessment Program is a University-wide set of policies, procedures, tools, and services intended to assist schools and departments in the auditing, identification, and remediation of security vulnerabilities.

The program is maintained, operated, and created by NUIT's Information and Systems Security/Compliance (ISS/C) department.

The program provides a security audit of network infrastructure and all related devices.

A specialized service of the program, the Web Service Assessment, can also proactively assess Web site vulnerabilities that could allow unauthorized access to a server.

Specifically, the Vulnerability Assessment provides:

Consultation on the benefits of vulnerability assessments
Initial audit of a client's network infrastructure through review of documents, configurations, network diagrams, and interviews
In-depth network-based assessment of workstations, servers, devices, and the overall security of the network infrastructure
Coordination, collaboration, and general technical consulting before, during and after the assessment
Follow-up documentation / reports and additional consulting as needed after the assessment
On an ad-hoc available basis, educational presentations concerning topics relevant to vulnerability assessments such as reducing vulnerabilities and secure coding

The Web Services Assessment provides:

Manual scans for vulnerabilities on a school or department Web site
Review for outdated software versions and other vulnerabilities, such as Cross-Site Scripting (XSS) and SQL injection
Printed report of assessment findings and any personally identifiable information or University data found
Review of any existing Web security scans already completed by a school or department
Remediation plan if vulnerabilities exist

The Web Services Assessment will be run for every University Web site, and a representative from ISS/C contacts schools and departments to schedule a four-hour window to complete it during a mutuallly agreeable time. If you are concerned about the security of your Web site and would like to request and immediate assessment, contact Jeff Holland at 847-467-3569.

Additional Information

Program Overview - Vulnerability Assessment (PowerPoint pdf)
Program Document & Agreement - Vulnerability Assessment (pdf)
Sample Report - Vulnerability Assessment (pdf)
Sample Report - Web Assessment (pdf)

Support Contact

Jeff Holland
847-467-3569
Security Vulnerability Analyst, Information & Systems Security/Compliance

Roger Safian
847-491-4058
Sr Data Security Analyst, Information & Systems Security/Compliance

Dave Kovarik
847-467-5930
Director, Information & Systems Security/Compliance

Last Updated: 09 January 2008


		Services \| Get Connected \| Support \| Academic Resources \| About NUIT Students \| Staff/Faculty \| Visitors/Media \| Site Map \| Online Directory Northwestern Home \| Northwestern Calendar: Plan-It Purple \| Northwestern Search Information Technology 1800 Sherman Avenue Evanston, Illinois 60201 E-mail: it-feedback@northwestern.edu World Wide Web Disclaimer and University Policy Statements © 2008 Northwestern University