The IT Security Office will regularly scan for vulnerabilities on Virginia Tech's network to help identify potential problems that could result in data disclosures, illegal usage, weak systems that are attractive for attacks, etc.
Security reviews are also conducted on a regular basis for areas that are required by policy (or law) to verify a secure operating environment. For example, requirements from the Payment Card Industry (PCI) for systems that collect credit card data, HIPAA in terms of health related information, and others.
In all these cases, the IT Security Office will follow-up by contacting and working with areas to eliminate problems that may be discovered.
Areas may request security reviews be done in a specific area by contacting the IT Security Office at: email@example.com
To better understand the steps taken during a security review please refer to the following documents.