Vulnerability notes and other best advice documents prepared on security issues will sometimes require the assistance of competent professionals as many issues are non-trivial.
If you are not able to address a security related problem, you should seek help from:
If you still require assistance, please contact the Information Systems & Technology (IST) Security Operations Centre.
ISS service objective timelines
|Service||Service objective timeline||Notes|
|SSL Certificate (standard)||two working days|
|SSL Certificate (new domain)||four working days||Depends on vetting time.|
|Host Vulnerability Scan||two working days||Self-service, on-demand scanning is available. Contact us for details.|
|Web Application Security Assessment||ten working days||Varies based on the complexity of the application.|
|Departmental Security Assessment||six weeks||Varies based on size of the department and the complexity of information processing.|
|Firewall policy change||one working day||May vary based on complexity of required change. Changes are not made on Fridays.|
Resources for IST staff
- Information security posters
- SANS Institute
- Open Web Application Security Project (OWASP)
- Security Dark Reading
- Endpoint security product recommendations
Security working group
The Security Working Group is an ad hoc group of information technology professionals at the University of Waterloo who are concerned about security related issues. The group was formed sometime around the year 2000 as an ad hoc subgroup reporting to various computing committees. It has since evolved to a mailing list primarily concerned with sharing of vulnerability and incident information. The group meets infrequently with regular dialogue by email.
If you would like to be a member of this working group please contact the mailing list coordinator, Jason Testart, director, Information Security Services.