Also known as: Pen Testing, Security Testing, Security Assessment.
Evaluates effectiveness of information security controls and procedures
Key Features and Benefits
- Comprehensive managed and self-service security vulnerability assessment
- Penetration testing
- Code security analysis (static and dynamic)
Any Harvard-owned system on a Harvard-owned network
Requirements and Limitations
- Work closely with the Information Security team to plan evaluation process(es), including defining scope of evaluation, setting required controls and parameters, scheduling service, etc.
- Understand and acknowledge the potential for adverse impact on customer systems.
- Manage remediation of all identified risks, including prioritization and impact to the business.
- Provide and maintain currency of accurate primary and secondary contact information.
- Adhere to University Information Technology Policies and the Harvard Enterprise Information Security Policy (HEISP).
Some procedures can affect the target system or service adversely (e.g., cause a service interruption) and will be conducted only with customer participation and approval.