In collaboration with ITS, Provost IT proactively and securely monitors client computers and other technology systems within the departments we support to ensure security, compliance and safe operation.
Provost IT works in collaboration with ITS to routinely conduct two types of scans against Provost infrastructure: web application security and system scans.
Web application security scans attempt to exploit a web site or application in order to detect vulnerabilities such as cross-site scripting, SQL/database query injection, open directory listing pages, authentication or brute-force password issues, and more. This type of scan can be run against systems hosted by both Provost IT, as well as those hosted by third-party vendors (with their permission or within the scope of a contract).
System security scans specifically target an individual host (or range of hosts) in order to discover open ports and their associated services, vulnerabilities within those services, missing updates or patches, outdated software that does not meet USC security requirements, and incorrectly configured services and SSL certificates, among other items. This type of scan is generally run only against systems on USC’s network, including servers, client computers (endpoints), and network devices, such as printers and copy machines.
End users and departments do not need to do anything to use this service. All Provost IT-issued and supported devices, as well as web applications and software provided to departments through Provost IT, are automatically included in periodic security scanning. If our team becomes aware of any security vulnerabilities that affect your devices or data, we will remediate them and contact you if any additional action is required.
If you have any questions as to if a specific device or web application if protected, or if you would like to request the results of a specific device or application’s security scan for auditing purposes, contact Provost IT.