Skip to Content

Breadcrumb

System Security Assessments

Category: Security

​System Security Assessment Services provides customers with information regarding security threats and vulnerabilities that may exist in their environment

All information provided, discovered or reported by either party remains the property of the customer and is considered confidential and protected. Terms of the engagement do not include assumption of liability by DoIT. No warranties expressed or implied apply to such security assessments. New vulnerabilities and exploits are discovered on an on-going basis. Assessments are a "snap-shot" of the environment and limited to the vulnerabilities tested and identified. Security assessments are conducted as preventative due diligence and best practice. A list of hardware and software to be tested, along with an explanation of the testing, its scope and limitations, will be provided to establish and verify what will be included in the final report. An agreed-upon scope of work statement will be provided. Modifications to the initial agreement will follow standard change management practices. A final confidential report outlining findings, level of risk and suggested follow-up actions will be provided to the customer.

Product Features and Descriptions

Standard

Vulnerability Assessments

  • Internal Assessments: An evaluation of network security from an internal perspective.  DoIT will perform a vulnerability assessment of customer systems and networks including servers and routers. DoIT will generally try to find ways of minimizing security risks and avoid potential security breaches within the network
  • External Assessments: An evaluation of network security from an external perspective.  DoIT will perform a vulnerability assessment of customer systems and networks including web sites, servers, firewalls, switches and routers from the outside world
  • Wireless Access Point Assessment: An evaluation of the customer's wireless access network. DoIT will perform a wireless assessment to detect the presence of wireless devices and verify that wireless devices meet the customer's wireless security policies and standards
  • Remediation Recommendations: Based upon the results of the assessment, recommendations will be made around certain areas when addressing vulnerabilities

Non-Standard

  • Additional specialized testing of DoIT hosted systems can be arranged if required by regulation or mandate   

Rates and Billing

​Item ​Unit of Measure

​Rate - Applicable to

Non-DoIT Entities

​Internal Assessment ​Per Device ​$ 100.00
​External Assessment ​Per Device ​$ 100.00
​Wireless Access Scan ​Per Building ​$ 100.00
 

Ordering and Provisioning

​Service can be procured, modified or cancelled by selecting the "Order Services" button near the top of the right pane.

DoIT Responsibilities

  • Network Vulnerability testing
  • Application Vulnerability testing
  • Penetration testing
  • Coordinate a preliminary meeting to define the scope of the project
  • Recommend additional tests that might be recommended to provide a comprehensive review

Agency Responsibilities

  • Sign an agreement to allow the scan. A signed, final agreement will be required in order to initiate system security assessment services
  • Provide necessary data for the scan
  • Agree to the terms of service for the assessment
  • Provide necessary documentation and inventory information.  The scope and duration of the engagement are reduced if up-to-date information is readily available during the information gathering phase 

Service Levels and Metrics

Service Fulfillment/Provisioning
Staff will respond to service requests during the published business hours.
 
Order Services Report Problems