Official State of Iowa Website Here is how you know
Office of the Chief Information Officer
Home » Cybersecurity » Security Service Descriptions

Security Service Descriptions


Prevents, detects, and removes malicious software. 

Application Vulnerability Scanning: 

Identifies potential security vulnerabilities in new and existing applications.

Audit & Compliance Assistance: 

Facilitate and ensure compliance with Federal, State and third party regulations.

Cloud Services Vendor Evaluation: 

Ensure contractual terms and security controls are in place for cloud IT providers.

Computer Forensics and Investigations: 

Conduct computer forensic examinations for state agencies to determine malicious intent.


Assist with development, review, and maintenance of Continuity of Operations (COOP)/Continuity of Government (COG) for all state agencies for recovery of essential functions.

Cybersecurity Contract Procurement Review: 

Assess contractual terms and conditions as it relates to information security controls.

Data Recovery (Backups): 

Provide solutions to prevent unintentional data loss due to system failures.

Desktop & Laptop Encryption: 

Provide encryption for laptops and desktops to prevent unauthorized access.

E-mail Encryption: 

Protect email in transit between sender and receiver to keep the information confidential.

E-mail Spam Filtering: 

Prevent malicious messages from reaching the intended target. 

Firewall & Proxy Services:

Protect internal systems from unauthorized access via the internet.

Incident Response: 

Coordinate and facilitate a unified response to information security incidents.

Intrusion Detection: 

Monitor network traffic for malicious activity such as malware and web exploits. 

Malware Detection: 

Alert for signs of malicious software identified in the network or computer systems.

Mobile Device Management: 

Manage the security controls for state owned mobile devices including phones, and tablets.

Netflow (Network Traffic Analysis): 

Collect and analyze computer network traffic to aid incident response.

Patch Management (Third Party Applications): 

Ensure computer operating systems and software code is kept current.

Penetration Testing: 

Identify potential vulnerabilities in our information systems that s could be exploited by an attacker.

Risk Assessment Facilitation: 

Risk assessments provide an in-person review of an organization’s practices to identify risk faced by the organization. After completion of the risk assessment organizations receive a report summary.

Security Awareness Training: 

Online and in-person training covering the basics of information security awareness. Topics include: Internet & email user, social engineering & phishing, malware, mobile devices, physical security and data protection.

Secure Design & Consulting: 

The Information Security Division (ISS) can assist in the design and implementation of security products.

Secure Electronic Disposal: 

Secure disposal (shredding or incineration) of electronic media includes hard drives, backup tapes, floppies, DVDs, CDs, microfiche, microfilm, thumb drives and audio\video tapes.

Security Operations Center: 

The Security Operations Center (SOC) monitors for attacks targeted at state and local government IT resources.  The  SOC manages cyber incidents for the executive branch.

Security Policy & Standards Development: 

Information Security Services (ISS) develops an enterprise-wide information security framework through security standards, procedures and best practices.

System Incident & Event Management: 

The Security Incident & Event Management (SIEM) consolidates log information from systems and generates security alerts for potentially malicious events.

Threat Intelligence Management: 

ISS receives information security threat\vulnerability information from state\federal sources and alerts government organizations of active threats.

User Web Filtering: 

The Web Filter monitors internet activity and restricts access to unauthorized websites.  The Web Filter provides anti-malware capabilities and prevents websites from executing drive by browser downloads.

Vulnerability Management: 

The Enterprise Vulnerability Management System (EVMS) scans networks for vulnerabilities in hardware, software and firmware.  System owners are notified of vulnerabilities and provided assistance with remediation.

Web Application Firewall: 

The Web Application Firewall protects web applications from common web attacks including cross-site scripting XSS and SQL injection as well as more complex signature attacks.

Printed from the website on September 27, 2023 at 2:58am.