Dealing with Risks to the Rice Network
This process involves the identification, classification, and remediation of various vulnerabilities within a system. It is an integral part of computer and network security and is practiced together with risk management as well as other security practices.
In order to protect Rice data and systems, the ISO regularly scans the Rice network and Rice owned systems for vulnerabilities. When those vulnerabilities are discovered, we reach out to the owners and users to resolve those risks and secure those systems from any potential threats.
You may have received an email like this from the Information Security Office to alert you about a vulnerability:
The Office of Information Technology and the Information Security Office value your security and the security of Rice data, which is why we are writing to let you know that a technology device or devices in your area have been identified as having a critical vulnerability...
If you have been identified as the owner (or responsible party) of a system with at least one vulnerability that introduces potential risk to Rice University, you are required to do one or more of the following:
- Remediate (resolve) the risk
- Mitigate the risk (minimize it through controls)
- Request a temporary acceptance of risk for that system (approved by the CIO for Rice University)
We are here to help
Resolving most vulnerabilities is simply a matter of applying the latest patches or updates to an operating system (Windows 10, iOS, Linux, etc.), or to an application or program (Adobe Acrobat, Google Chrome, etc.). In some cases applying an update is not so straight forward. We are here to help! If you need assistance, please contact the HelpDesk (firstname.lastname@example.org).