Vulnerability Management: How to Identify and Remediate Security Risks at UofL

Before You Begin

  • Have your UofL login credentials available.
  • Review UofL Information Security policies and procedures for vulnerability management requirements.
  • Identify the systems, devices or applications you are responsible for.

 

Instructions

Identify Vulnerabilities

  • Use ITS-approved scanning tools or request a vulnerability scan from ITS Enterprise Security.
  • Review scan results for misconfigurations, outdated software, insecure coding practices and missing patches.

Evaluate and Prioritize Risks

  • Assess the severity and impact of identified vulnerabilities.
  • Prioritize remediation based on risk to university data, systems and compliance requirements.

Remediate Vulnerabilities

  • Apply software updates, patches and configuration changes as recommended.
  • Remove or disable unused services, accounts or applications.
  • Document remediation actions for compliance and reporting.

Report and Monitor

  • Report unresolved or high-risk vulnerabilities to secureit@louisville.edu or the ITS HelpDesk.
  • Participate in ongoing vulnerability management reviews and follow up on remediation status.

Request Vulnerability Management Services

  • To enroll your department or system in the vulnerability management program, fill out the Vulnerability Management Request Form.

Outcome

After completing these steps, you will be able to identify, remediate and report vulnerabilities, helping protect UofL’s data and systems from cyber threats.

Further Readings

  • UofL Security Information

Need Additional Help

• ITS HelpDesk

• Submit a Ticket: Use the self-service portal 

• In-Person Support: Visit the iTechConnect during business hours for individual help.  Located on the lower level of the Miller Information Technology Center (MITC) - Belknap Campus.   

Print Article

Related Services / Offerings (3)

Support process of identifying and fixing the root causes of vulnerabilities and threats within a computer system or network to eliminate them and prevent future exploitation. Service include containing an incident's impact, eradicating the threat, restoring affected systems and implementing new preventative measures.
Proactively identifies and addresses security controls, conducts regular audits and manages risks with continuous monitoring to protect data, prevent breaches, maintain reputation and avoid penalties for non-compliance.
The policies, procedures and automated actions for recognizing potential threats and vulnerabilities in technology infrastructure and classifying their severity and potential impact.