InfoSec

Security Risks and Assessments

Security and risk assessment reduces the risk of exploits to University of Missouri systems by proactively identifying vulnerabilities found in information systems and by deploying both vendor and industry best practices in order to remove or mitigate the severity of those vulnerabilities.  

Details 

There are six distinct phases to the Security and Risk Assessment: 

  1. Identification: We gather a thorough list of networks, systems, and physical locations for inspection. 
  1. Coordination: Security inspectors work with you to determine the boundaries of the inspection, including times, specific locations, networks, and systems that should be off limits to the security inspectors. 
  1. Inspection: Security inspectors collect data about the physical location, networks, and systems identified by the client either in-person or through automated means. 
  1. Evaluation: Security inspectors compile the data to create a comprehensive picture of your system’s state of security. This data is compared to industry and vendor best practices to accurately describe the vulnerabilities or risks in the system. 
  1. Recommendation: Security inspectors work with you to analyze the vulnerabilities found in the evaluation phase. Inspectors offer prioritized recommendations on how best to remediate the vulnerabilities found based on your business needs. 
  1. Repetition: If necessary, we may evaluate your systems again to make certain the recommendations have been adopted and to insure that new vulnerabilities have not crept into the system. 

The Security and Risk Assessment program currently offers two levels of service: 

  1. Information System Inspection: A detailed look at a particular information system. This inspection includes the key servers or workstations associated with a particular information system, with a high level understanding of the inter-dependencies of the system. This level of inspection is intended to inform system administrators and key decision makers about the state of security in detail, related to a particular information system. It is meant to identify specific issues related to the configuration and management of a particular information system. 
  1. Application Inspection: A detailed look at a particular application. This inspection includes inspection of application architecture, interfaces, and code. This level of inspection is intended to inform application developers and key decision makers about the state of security in detail, related to a particular application. It is meant to identify specific issues related to the application’s functionality or how it may be misused. 
Pricing 
  • Regular Security Scan:  
    no charge 
      
  • Incident Security Assessment:  
    (required after a security incident)  
    $75/hour – Average varies 
Availability 

This service is provided for MU departments and is highly recommended. Requests must be made by an IT Pro.  

Getting Started 

This service is provided for MU departments. Requests must be made by an IT Pro.  

Help 

Go to doitservices.missouri.edu and click on the Help icon. Login to the self-service portal with your University user id and password, and Search for Answers accordingly. For additional assistance, contact our Help Desk at 573-882-5000.