TTUHSC IT Policies
1.4.24 VULNERABILITY ASSESSMENT
Vulnerability assessments apply to all institutional computing devices. In order to
test security measures currently in place, vulnerability assessments will be conducted
on a scheduled, and ad hoc, basis. Vulnerability assessments will only be conducted
by the TTUHSC IT Security Department, and must be approved by the TTUHSC Information
Security Officer, and the TTUHSC Chief Information Officer. When vulnerabilities are
detected that constitute an unacceptable level of risk as deemed by the TTUHSC IT
Security Department, the server administrator will be notified of the vulnerabilities.
The server administrator is responsible for ensuring that the risk is mitigated in
a timely manner.