The Office of Information Security provides assessment services to help IT service providers at CU Boulder and System Administration operate secure IT services. The vulnerability scanning services help departments identify security issues arising from out of date software or insecure configurations. Web application assessments can identify security issues in commercial or internally-developed applications that could put data or stability at risk. Beyond these two, specific services, OIS provides more general security assessments for existing or proposed IT services. OIS is currently developing future services focused on assessing security in public cloud environments, particularly Amazon Web Services (AWS) and Microsoft Azure.
Individual offerings under this service:
- Vulnerability scanning and reporting
- Periodic vulnerability scanning with direct access to results (may require licensing costs)
- Ad hoc, campus-wide scanning for critical vulnerabilities (proactively provided to all departments within campus networks)
- Web application security assessment
- Ad hoc evaluation of web applications for common application layer vulnerabilities
- General security assessment for other needs
How is CU better through this service?
Members of the CU community entrust the university with a wide variety of data, including content that could personally impact them if disclosed. Additionally, the university invests significantly in technology to enable learning, research and many other functions. As the custodians of this data and technology at CU, IT Service Providers have a responsibility to ensure appropriate security measures are in place to protect our community members and CU’s assets. The OIS assessment services help service providers identify potential gaps in security best practices so they can best meet this responsibility through continuous management of the security of CU IT services.
Who can use the service?
Any IT Service Providers at CU Boulder and System Administration. This includes both central IT departments as well as distributed IT teams.
What does it cost me?
These services generally come at no cost, but some tools used by OIS have licensing costs that increase with expanded use, so departments may be responsible for additional direct costs.