IT system security reviews
It’s vital to regularly check our IT systems for weak spots to make sure they can’t be exploited by cyber threats.
Security reviews help us improve our system management, help us pinpoint vulnerabilities and find solutions. Ultimately, they help us keep data safe and prevent unauthorised access.
We can arrange a thorough security review of any work-related IT system or software, developed internally or managed on-site. Reviews are carried out by our trusted security experts.
Key features
- Expert advice: you’ll get guidance from experts on how to protect your systems and keep them safe.
- Penetration (pen) testing: simulated attacks uncover vulnerabilities across a wide range of scenarios.
- Code reviews: if you have software, the code will be checked in detail to find potential weaknesses.
Types of reviews available
Our external partners offer a range of penetration testing and security reviews against industry best practices. Reviews can be requested individually or as a combination.
Infrastructure
- External testing:
Checks for vulnerabilities in your publicly accessible systems. - Internal testing:
Examines your internal network for weaknesses.
Configuration
- Cloud configuration review:
Checks that your cloud setup meets NCSC cloud principles (ncsc.gov.uk) and industry best practices. - Device/host review:
Checks that your system setups comply with security guidelines from CIS (cisecurity.org), NCSC (ncsc.gov.uk) and the vendor.
Application security
- Web application testing:
Checks for security problems in web applications, using the Open Worldwide Application Security Project (OWASP) Top 10 and business logic vulnerabilities (owasp.org). - Web services/API testing:
Examines the security of your APIs using OWASP, such as the Web Security Testing Guide (WSTG) (owasp.org). - Mobile application testing:
Identifies security issues in mobile apps.
Wireless security
- Wireless assessments:
Reviews your wireless network for security risks.
Access instructions
If you think your system needs a security review, get in touch so we can help arrange it.
System security reviews are sometimes required as part of a computing risk assessment.
Available to staff
Staff can request this service.
Internal and third-party systems
Reviews can be requested for work-related systems, whether they're developed in-house or purchased via a third party.
Charges may apply
Security reviews for projects should be funded by your project budget. For non-projects, standard reviews are funded by the University, if there is budget available. Otherwise, charges may apply. Each review is subject to consultation and approval.
Access instructions
If you think your system needs a security review, get in touch so we can help arrange it.
Related tools
- Computing risk assessment (CRA): A separate process when buying or developing new systems or software. The assessments are carried out by us to identify risks and document how to reduce them.
- More accounts, access and security tools.
Contact for support
If you're unsure what you need and would like to chat about your options, contact IT Services.
Service commitments
The following policies apply to all IT services provided by the University.
Availability
- This service is provided by IT Services in affiliation with external partners.
- The availability and scope of security reviews depend on our external partners.
Standards
- Our service performance and standards have been produced in consultation with our customers. We regularly monitor the delivery, performance and availability of facilities and services.
We appreciate feedback as it helps us review and continually improve our service.