Vulnerability Assessment

Northwestern IT's Information Security Office maintains and operates a Vulnerability Assessment Program to assist schools and departments in the auditing, identification, and remediation of security vulnerabilities in its own network infrastructure, related devices, and web services.


Features and Benefits

Vulnerability assessments composition
  • Consultation on the benefits of vulnerability assessments.
  • Initial audit of a client's network infrastructure through review of documents, configurations, network diagrams, and interviews
  • In-depth network-based assessment of workstations, servers, devices, and the overall security of the network infrastructure
  • Coordination, collaboration, and general technical consulting before, during, and after the assessment.
  • Follow-up documentation/reports and additional consulting as needed after the assessment.
  • On an ad-hoc basis, educational presentations concerning topics relevant to vulnerability assessments such as reducing vulnerabilities and secure coding.
System Assessments

Systems assessment are designed for systems on the front end (laptops and desktops) and back end (servers). Scans look at operating systems vulnerabilities, as well as known issues relating to software configuration; e.g., zero day vulnerabilities, expired SSL Certificates, weak passwords, et al.

The System Vulnerability Assessment provides:

  • Ad-hoc or scheduled scans for vulnerabilities on a school’s or department’s systems.
  • Comprehensive reports with details and solutions for each vulnerability found.
  • Multiple report formats to fit the needs of reviewers.
  • Review of any existing security scans already completed by a school or department.

Web Services Assessment

Web services assessments proactively assess websites for vulnerabilities that could allow unauthorized access to sites or systems.

The Web Services Assessment provides:

  • Ad-Hoc or scheduled scans for vulnerabilities on a school’s or department’s website
  • Review for outdated software versions and other vulnerabilities, such as Cross-Site Scripting (XSS) and SQL injection
  • Printed report of assessment findings
  • Review of any existing security scans already completed by a school or department.

Note: The Web Services Assessment scan can run for a prolonged period before completion, depending upon your design. The Information Security Office will work with customers to establish a mutually agreed upon window for scanning.


Available to

  • Faculty
  • Staff



Vulnerability assessment services are offered at no cost to University Clients (schools and departments). While there is no charge for these assessment services, there is an expectation that the client will take appropriate action to resolve high-risk vulnerabilities in a timely manner to prevent their exploitation. The information security team can provide some technical assistance in the remediation effort.


How to Request Service

Click the "Request Service" button to the right.


Support Resources


The Tenable Product Education YouTube Channel is a helpful resource for those using the and looking for less advanced training on the system. These videos are designed to help get you started using the Tenable Vulnerability Management Tool. For more advanced training, open a Service Request for access to the Tenable University portal.


Request Service


Service ID: 80
Thu 6/30/22 3:47 PM
Tue 2/7/23 8:59 AM