Official State of Iowa Website Here is how you know
Iowa Department of Management
Home » About Iso » ISS Catalog of Services

ISS Catalog of Services

Date: 
Friday, February 10, 2023

As Iowa’s economy is becoming increasingly more reliant on technology, it’s more important than ever to take action to secure computer networks and information systems.   It is the responsibility of Information Security Services (ISS) to respond to significant cyber attacks that would have an adverse effect on the State of Iowa's ability to deliver critical services and threaten the state’s critical infrastructure.  The ISS continues to develop strategies and protections to eliminate the impact cybersecurity attacks have on our state.  The ISS services include, but are not limited to:

Anit-virusAnti-Virus: Prevents, detects, and removes malicious software.
Application Vulnerability ScanningApplication Vulnerability Scanning: Identifies potential security vulnerabilities in new and existing applications.
Audit and Compliance AssistanceAudit & Compliance Assistance: Facilitate and ensure compliance with Federal, State and third party regulations.
Cloud Services Vendor EvaluationCloud Services Vendor Evaluation: Ensure contractual terms and security controls are in place for cloud IT providers.
Computer Forensics and InvestigationsComputer Forensics and Investigations: Conduct computer forensic examinations for state agencies to determine malicious intent.
COOP/COGCOOP/COG: Assist with development, review, and maintenance of Continuity of Operations (COOP)/Continuity of Government (COG) for all state agencies for recovery of essential functions.
Cybersecurity Contract Procurement ReviewCybersecurity Contract Procurement Review: Assess contractual terms and conditions as it relates to information security controls.
Data Recovery (Backups)Data Recovery (Backups): Provide solutions to prevent unintentional data loss due to system failures.
Desktop and Laptop EncryptionDesktop & Laptop Encryption: Provide encryption for laptops and desktops to prevent unauthorized access.
Email EncryptionE-mail Encryption: Protect email in transit between sender and receiver to keep the information confidential.
Email Spam FilteringE-mail Spam Filtering: Prevent malicious messages from reaching the intended target.
Firewall and Proxy ServicesFirewall & Proxy Services: Protect internal systems from unauthorized access via the internet.
Incident ResponseIncident Response: Coordinate and facilitate a unified response to information security incidents.
Intrusion DetectionIntrusion Detection: Monitor network traffic for malicious activity such as malware and web exploits.
Malware DetectionMalware Detection: Alert for signs of malicious software identified in the network or computer systems.
Mobile Device ManagementMobile Device Management: Manage the security controls for state owned mobile devices including phones, and tablets.
Netflow (Network Traffic Analysis)Netflow (Network Traffic Analysis): Collect and analyze computer network traffic to aid incident response.
Patch Management (Third Party Applications)Patch Management (Third Party Applications): Ensure computer operating systems and software code is kept current.
Penetration TestingPenetration Testing: Identify potential vulnerabilities in our information systems that s could be exploited by an attacker.
Risk Assessment FacilitationRisk Assessment Facilitation: Risk assessments provide an in-person review of an organization’s IT practices identifying the most serious risks faced by the organization, and recommendations for reducing risk.
Security Awareness TrainingSecurity Awareness Training: Online and in-person training covering the basics of information security awareness. Topics include: Internet & email user, social engineering & phishing, malware, mobile devices, physical security and data protection.
Secure Design and ConsultingSecure Design & Consulting: ISS can assist in the design and implementation of security products.
Secure Electronic DisposalSecure Electronic Disposal: Secure disposal (shredding or incineration) of electronic media includes hard drives, backup tapes, floppies, DVDs, CDs, microfiche, microfilm, thumb drives and audio\video tapes.
Security Operations CenterSecurity Operations Center: The Security Operations Center (SOC) monitors for attacks targeted at state and local government IT resources. The SOC manages cyber incidents for the executive branch.
Security Policy and Standards DevelopmentSecurity Policy & Standards Development: The Infrastructure and Security Division (ISS) develops an enterprise-wide information security framework through security standards, procedures and best practices.
System Incident and Event ManagementSystem Incident & Event Management: The Security Incident & Event Management (SIEM) consolidates log information from systems and generates security alerts for potentially malicious events.
Threat Intelligence ManagementThreat Intelligence Management: ISS receives information security threat\vulnerability information from state\federal sources and alerts government organizations of active threats.
User Web FilteringUser Web Filtering: The Web Filter monitors internet activity and restricts access to unauthorized websites. The Web Filter provides anti-malware capabilities and prevents websites from executing drive by browser downloads.
Vulnerability ManagementVulnerability Management: Vulnerability Management tools scan networks for vulnerabilities in hardware, software and firmware. System owners are notified of vulnerabilities and provided assistance with remediation.
Web Application FirewallWeb Application Firewall: The Web Application Firewall protects web applications from common web attacks including cross-site scripting XSS and SQL injection as well as more complex signature attacks.

Printed from the website on March 28, 2024 at 11:26am.