Security Vulnerability Consulting and Assessment

About this service

Description Data, software, service, and asset stewards can request access to security tools that allow them to assess the security of solutions or assets they manage. This enables identification of common security weaknesses or misconfigurations. A Privacy and Information Security professional can be engaged to help interpret the results and provide remediation recommendations or techniques. The Security Vulnerability Consulting and Assessment service also acts autonomously to evaluate the existing vulnerability/exposure landscape, to perform ad-hoc and scheduled vulnerability assessments according to campus policy as needs dictate, or assess exposures at the direction of leadership.
Other names Scanning Services, Vulnerability Assessment.
Documentation links None listed
Features and tools The goals of the vulnerability program include continuously probing and scanning the university’s systems and networks. Technology Services also provides a single point of contact for internal and external groups to coordinate when vulnerabilities are discovered and reported. Information regarding tools, resources, and consultation about the vulnerability program are available in the technology services KB here: https://answers.uillinois.edu/illinois/page.php...  

Requests for access to tools, vulnerability management consulting and vulnerability mitigation notifications can be submitted to securitysupport@illinois.edu

Getting and using this service

Who can use the service Faculty/Staff
How to get the service IMPORTANT NOTE on RECENT CHANGES:

For custom software developed in-house: Currently application scanning is being transitioned to software development groups for internally developed applications. Privacy & Security's Vulnerability Assessment team will no longer be performing application scans as a part of the large service offering.

3rd party applications, vended applications, and commercial solutions will undergo vendor and solution risk assessment instead of application scanning. This means that  Vulnerability Management will be coordinating with Privacy& Security's Governance, Risk, and Compliance group to complete a risk assessment process in order to assess levels of overall security assurance rather than specific application testing. Again, this is for vended, commercial products and services, not software developed custom or in-house.

Requests for access to tools, vulnerability management consulting, and vulnerability mitigation notifications may be submitted to securitysupport@illinois.edu.
Cost No charge
Usage constraints Application scanning customers must fill out questionnaire and affidavit before scanning. Requester must have authority for systems being scanned.

Support and Hours

How to get help Email: scanningservices@illinois.edu.
Training and consulting opportunities Not applicable
Maintenance hours Not applicable
Lifecycle stage Production
Provided by Technology Services