Security & Risk Assessment

Security & Risk Assessment

Security and risk assessment reduces the risk of exploits to University of Missouri systems by proactively identifying vulnerabilities found in information systems and by deploying both vendor and industry best practices in order to remove or mitigate the severity of those vulnerabilities.

There are six distinct phases to the Security and Risk Assessment:

  1. Identification: We gather a thorough list of networks, systems, and physical locations for inspection.
  2. Coordination: Security inspectors work with you to determine the boundaries of the inspection, including times, specific locations, networks, and systems that should be off limits to the security inspectors.
  3. Inspection: Security inspectors collect data about the physical location, networks, and systems identified by the client either in-person or through automated means.
  4. Evaluation: Security inspectors compile the data to create a comprehensive picture of your system’s state of security. This data is compared to industry and vendor best practices to accurately describe the vulnerabilities or risks in the system.
  5. Recommendation: Security inspectors work with you to analyze the vulnerabilities found in the evaluation phase. Inspectors offer prioritized recommendations on how best to remediate the vulnerabilities found based on your business needs.
  6. Repetition: If necessary, we may evaluate your systems again to make certain the recommendations have been adopted and to insure that new vulnerabilities have not crept into the system.

The Security and Risk Assessment program currently offers two levels of service:

  1. Information System Inspection: A detailed look at a particular information system. This inspection includes the key servers or workstations associated with a particular information system, with a high level understanding of the inter-dependencies of the system. This level of inspection is intended to inform system administrators and key decision makers about the state of security in detail, related to a particular information system. It is meant to identify specific issues related to the configuration and management of a particular information system.
  2. Application Inspection: A detailed look at a particular application. This inspection includes inspection of application architecture, interfaces, and code. This level of inspection is intended to inform application developers and key decision makers about the state of security in detail, related to a particular application. It is meant to identify specific issues related to the application's functionality or how it may be misused.

Regular Fees

  • Regular Security Scan: 
    no charge
     
  • Incident Security Assessment: 
    (required after a security incident) 
    $75/hour - Average varies

This service is provided for MU departments and is highly recommended. Requests must be made by an IT Pro.

This service is provided for MU departments. Requests must be made by an IT Pro.

For additional assistance, contact Tech Support at 573.882.5000.