Information security mapping and audits
Units can scan their own networks with Nessus, if systems of the unit in question exist in the subject’s address space. Requests should be address to the information security team to [email protected]
Order for an information security audit (via the unit’s information security officer): [email protected]
The order should include the unit as well as the names or IP addresses of the devices audited.
The information security team implements information security mapping and audits, as well as automatic technical mapping. The various units and Aalto IT production are also given the opportunity to audit their own systems with the Nessus tool.
Information security experts can map and evaluate the information security of various systems, to ensure that they are data-secure.
The information security team implements different, data security-related mapping, evaluations and audits both via the network and by on-site analysis of the systems and services. The results are submitted to both the unit’s management and information security officer.
Furthermore, an information security audit for the sections of the unit’s technical environment can be ordered from the information security team. This is recommended, for example, when systems are taken in use or significant changes are made, and whenever necessary to ensure the basic security of a system.
The primary tool for technical mapping is the Nessus vulnerability scanner sold by Tenable. Nessus’ results are supplemented and verified by using other tools, as well. Mapping is made both automatically at regular intervals and as necessary, either at a customer’s request or when another reason requires such mapping. Mapping results can be supplemented from outside of the University, by using FUNET’s Tutkain Nessus service. In the context of this service, units are offered interpretation of the results and advice on how to process any vulnerabilities.
The Nessus vulnerability scanner is also provided for use by units and Aalto IT, to the extent applicable, for examining their own systems.
Information security team’s contact details: [email protected] If you have any questions about phone services, contact [email protected] If you are experiencing problems, please send a service request here: [email protected]
This service is only offered to systems owned and/or managed by the University.