Security risk assessments and vulnerability management

Also appears as Vulnerability management, Vulnerability scanning, Security risk assessments


What is vulnerability management? 

We conduct vulnerability management on a routine basis to verify our systems are working properly. 

Here's how it works:  

  • Our analysts scan servers, desktops, and laptops for risks and vulnerabilities.  
  • Then we create reports on every system in the network.  
  • When we spot a potential security problem, we reach out to the appropriate system owners immediately to eliminate the threat. 


Access type:

  • Fully subsidized
  • Staff provided


Ask a question: 310-267-CARE

All you need to do is ask
If you require a security risk assessment for a new system, please create a service request ticket. A member of our team will be in touch to help you ensure your technology follows security assessment and management policies.

Security team

Safeguarding data to support important work

We work in collaboration with Information Services and Solutions (ISS) to maintain the highest level of IT security. Our technology and expertise keep data secure and systems and networks operational.

Adhering to industry standards, university-wide policies, and government regulations, we work proactively to avoid breaches by reducing the risk of compromise to institutional data, systems, and networks.

Meet the team


Service frequently asked questions

What do your risk assessment activities cover?


Our activities cover:

  • Data collection security 
  • Threat and vulnerability identification and documentation 
  • Security measure assessment 
  • Threat occurrence likelihood 
  • Threat occurrence impact 
Do I need a risk assessment?


Yes! Every new project that involves a computer system must go through a risk assessment before launch. For example, if you’re developing a website, it will need to be properly assessed by our team.

Our services are designed to help effectively guide members of the UCLA Health Sciences community in adhering to HS Policy 9455, which mandates we:

“Identify the electronic information resources that require protection and understand and document risks from potential threats and vulnerabilities to electronic resources that may cause loss of confidentiality, integrity, or availability of Restricted Information.”