Information Security Services
The Security Administration Branch provides both complimentary services and services for a fee to agencies of the Commonwealth of Kentucky. For additional information, please contact the Service Desk at CommonwealthServiceDesk@ky.gov or click the link for the Security Services Brochure under "Additional Information" on the right side of this page.
- COT undergoes an extensive annual SAS 70 audit.
- COT is involved with national security organizations.
- COT uses an extensive network intrusion detection system, a tiered network firewall system, email and web-filtering, along with other useful tools for optimum information protection.
Complimentary Services – Free to all agencies
- Network monitoring
- The COT Security Administration Branch continually monitors the Kentucky Information Highway network for internal and external threats.
- Incident handling
- COT Security analysts coordinate responses to and remediation of scans, intrusions or other events on the network.
- Resource Access Control Facility (RACF) second level support (Agencies provide their own first level support unless they are consolidated)
- Mainframe security personnel provide additions, deletions and changes to mainframe user IDs utilizing RACF (Resource Access Control Facility) as the z/OS operating system security software.
- Alerts to customers of current threats
- The COT Security Administration Branch is constantly researching trends and threats in order to stay informed of security issues on the horizon. The branch is involved in cooperative efforts for preparedness and information sharing with other state and federal government entities.
- Enterprise security policies
- COT Security analysts assist in the development and maintenance of enterprise policies to provide the latest security best practices and guidelines to our customers.
- Vulnerability assessments
- The COT Security Administration Branch can assist customers by identifying, quantifying, and prioritizing the vulnerabilities in a system by scanning with automated tools.
- Password audits
- We perform a quarterly audit for consolidated agencies at no cost. The COT Security Administration Branch performs password audits for agencies by using automated password cracking tools that can identify weak passwords and passwords that do not comply with enterprise standards. This can be useful in ensuring security and integrity through password compliance.
- Application security – automatic and manual
- COT provides risk assessments to identify weaknesses or vulnerabilities in applications. Interpretations of the assessment findings and assistance in necessary remediation are included in the service.
- Infrastructure security consulting
- The COT Security Administration Branch provides consulting services to evaluate proposed or existing infrastructure for vulnerabilities and to improve or ensure an adequate security posture.
- Disaster recovery services for COT maintained systems
- COT coordinates disaster recovery testing of COT-maintained systems.
- Computer forensics investigations
- Investigation of security incidents can involve computer forensics to aid agencies in securing systems, recovering data, discovering evidence of misuse or enforcing policy.