Security Service Descriptions
Prevents, detects, and removes malicious software.
Identifies potential security vulnerabilities in new and existing applications.
Facilitate and ensure compliance with Federal, State and third party regulations.
Ensure contractual terms and security controls are in place for cloud IT providers.
Conduct computer forensic examinations for state agencies to determine malicious intent.
Assist with development, review, and maintenance of Continuity of Operations (COOP)/Continuity of Government (COG) for all state agencies for recovery of essential functions.
Assess contractual terms and conditions as it relates to information security controls.
Provide solutions to prevent unintentional data loss due to system failures.
Provide encryption for laptops and desktops to prevent unauthorized access.
Protect email in transit between sender and receiver to keep the information confidential.
Prevent malicious messages from reaching the intended target.
Protect internal systems from unauthorized access via the internet.
Coordinate and facilitate a unified response to information security incidents.
Monitor network traffic for malicious activity such as malware and web exploits.
Alert for signs of malicious software identified in the network or computer systems.
Manage the security controls for state owned mobile devices including phones, and tablets.
Collect and analyze computer network traffic to aid incident response.
Ensure computer operating systems and software code is kept current.
Identify potential vulnerabilities in our information systems that s could be exploited by an attacker.
Risk assessments provide an in-person review of an organization’s practices to identify risk faced by the organization. After completion of the risk assessment organizations receive a report summary.
Online and in-person training covering the basics of information security awareness. Topics include: Internet & email user, social engineering & phishing, malware, mobile devices, physical security and data protection.
The Information Security Division (ISS) can assist in the design and implementation of security products.
Secure disposal (shredding or incineration) of electronic media includes hard drives, backup tapes, floppies, DVDs, CDs, microfiche, microfilm, thumb drives and audio\video tapes.
The Security Operations Center (SOC) monitors for attacks targeted at state and local government IT resources. The SOC manages cyber incidents for the executive branch.
Information Security Services (ISS) develops an enterprise-wide information security framework through security standards, procedures and best practices.
The Security Incident & Event Management (SIEM) consolidates log information from systems and generates security alerts for potentially malicious events.
ISS receives information security threat\vulnerability information from state\federal sources and alerts government organizations of active threats.
The Web Filter monitors internet activity and restricts access to unauthorized websites. The Web Filter provides anti-malware capabilities and prevents websites from executing drive by browser downloads.
The Enterprise Vulnerability Management System (EVMS) scans networks for vulnerabilities in hardware, software and firmware. System owners are notified of vulnerabilities and provided assistance with remediation.
The Web Application Firewall protects web applications from common web attacks including cross-site scripting XSS and SQL injection as well as more complex signature attacks.