a clock floating over the graph

Security Consulting



No Results
Forensic Investigations Request form COT-F182 (COT-F182)

This form is required to request assistance on Investigations, litigation, and Open Records (ORR). The completed form can be sent to COTForensicInvestigationsBranch@ky.gov to be processed. All requests are subject to the CS50 and FS10 rate of service.

Agency Incident Response Guidelines

Prepare for and react to threats to the Commonwealth’s network and information systems at the agency level.

CIO-072 IT Access Control and User Access Management Policy

Provides guidance in decision-making and practices to mitigate risk, protect the privacy, security, confidentiality, and integrity of the Commonwealth of Kentucky resources and data, and prevent unauthorized access to such resources.

CIO-073 Anti-Virus Policy

Helps protect computing devices (servers, desktops, laptops and tablets) from malware (viruses, Trojans, worms, hoaxes, etc.).

CIO-074 Enterprise Network Security Architecture Policy

In order to better protect and secure the resources of the state computing environment, it is necessary to enhance the Enterprise Network Security Architecture and segregate resources and types of activities.

CIO-076 Firewall and, VPN Administration Policy

The administration of firewalls and virtual private networks (VPN) is a primary component in securing the infrastructure and must conform to this policy.

CIO-090 Information Security Incident Response Policy

Identifies the necessity and procedures for agencies and COT to identify and notify appropriate personnel when a security incident occurs.

CIO-091 Enterprise Information Security Program

This policy has been created to align the Commonwealth's Enterprise Information Security Program with the security framework of the current National Institute of Security Standards (NIST) Special Publication 800-53.

CIO-093 Risk Assessment Policy

Ensures proper application of risk management principles through proactive risk identification, management and acceptance pertaining to information technology activities. It also identifies the family of controls for Risk Assessment as defined in NIST Special Publication 800-53.

CIO-106 Enterprise Privacy Policy

Provides a structured set of principles for protecting privacy and serves as a roadmap for agencies to use in identifying and implementing privacy principles for the entire life cycle of Personal Information (PI), whether in paper or electronic form.

CIO-112 Security Planning Policy

Establishes controls related to security planning. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.

CIO-114 System Maintenance Policy

Establishes controls related to maintenance of the Commonwealth of Kentucky’s information systems. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.

CIO-115 Physical and Environmental Protection

Establishes controls related to Physical and Environmental Protection. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.

CIO-116 Personnel Security Policy

Establishes controls related to Personnel Security. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.

CIO-117 System and Services Acquisition Policy

Establishes controls related to System and Services Acquisition. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.

CIO-119 Audit and Accountability Policy

Establishes controls related to audit and accountability. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.

CIO-120 Security Assessment and Authorization Policy

Establishes controls related to security assessment and authorization. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.

CIO-121 Security Awareness and Training Policy

Establishes controls related to security awareness and training. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.

CIO-123 Identification and Authentication Policy

Establishes controls related to identification and authentication. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.

ENT-201 Enterprise Security Controls and Best Practices

Details the security controls that COT’s Office of the CISO requires for information systems and activities for the Commonwealth of Kentucky. COT established this security framework using the moderate-level controls outlined in NIST Special Publication 800-53 Rev 4.

Enterprise Identity Management User Manual

Describes how EIM operates, as well as how it affects Agency request procedures for creating, modifying, and removing basic user identities.

Need some help?

Whether you are seeking more information or need help with this service, we are here to answer all your questions.

No Results
Contact Us

Other Hourly Services Services
All Services