Given the dynamic landscape of our University’s network and the constantly-evolving threat, regularly-performed computer security assessments are prudent. A computer compromise could have significant impact for both the affected unit and the University itself. To that end, the Office of Information Security (OIS) offers no-cost services, tailored based on each unit’s particular needs, for assessing and analyzing security risk.
OIS works together with University system administrators to enhance security by:
- Conferring with the unit regarding the assessment’s scope and expectations of the process.
- Performing fieldwork.
- Documenting findings.
- Presenting a detailed report with an executive summary, key findings and detailed technical issues.
- Meeting with the unit after wards to discuss the assessment, key countermeasures (suggesting other compensating controls if the situation warrants), and follow-up after remediation of issues.
Outcomes and Benefits of an Assessment
Following a security review, IS welcomes an ongoing, open security dialogue with the unit.
The security assessment should provide the unit with a sense of current susceptibility to computer security issues and sense of overall risk. OIS will work with the unit administrators to ensure:
- Compliance with state and federal legislation and regulatory requirements
- Congruity with University policies and guidelines and procedures
- Accordance with industry best practices for unit’s implemented resources
Services may include, but are not limited to, reviews of:
- Unit policies and procedures
- Network architecture
- Firewall and rulesets
- IDS/IPS configuration and/or rulesets
- Domain policy
- Local and remote, credentialed and non-credentialed host vulnerability assessments
- Web application assessments
- Penetration testing (when desired, to confirm findings of vulnerabilities)
Assessment Requests and Resources
To request an encompassing review of your unit, please initiate the process by filling out and submitting our Security and Risk Asessment Support Form.
For more in-depth information on components of security assessment and analysis, please visit these OIS service pages: