Network monitoring: The Security Office continually monitors the Kentucky Information Highway network for internal and external threats.
Incident handling: COT Security analysts coordinate responses to and remediation of scans, intrusions or other events on the network.
Intrusion Prevention System Information: These network based security appliances will be placed into active blocking mode to stop certain attacks from reaching our network. For a list of blocked sites please click the following link: Intrusion Prevention System Information (IPS).
Resource Access Control Facility (RACF) second level support (Agencies provide their own first level support unless they are consolidated): Mainframe security personnel provide additions, deletions and changes to mainframe user IDs utilizing RACF (Resource Access Control Facility) as the z/OS operating system security software.
Alerts to customers of current threats: The Security Office is constantly researching trends and threats in order to stay informed of security issues on the horizon. The Office is involved in cooperative efforts for preparedness and information sharing with other state and federal government entities.
Password audits: We perform a quarterly audit for consolidated agencies. The Security Office performs password audits for agencies by using automated tools that can identify weak passwords and passwords that do not comply with enterprise standards. This can be useful in ensuring security and integrity through password compliance. If an agency wants to be included in the password audit they need to contact the Security Office.
Enterprise security policies: COT Security analysts assist in the development and maintenance of enterprise policies to provide the latest security best practices and guidelines to our customers.
SECURITY RATED SERVICES
Vulnerability assessments: The Security Office can assist customers by identifying, quantifying, and prioritizing the vulnerabilities in a system by scanning with automated tools.
Application security – automatic and manual: COT provides risk assessments to identify weaknesses or vulnerabilities in applications. Interpretations of the assessment findings and assistance in necessary remediation are included in the service.
Infrastructure security consulting: The Security Office provides consulting services to evaluate proposed or existing infrastructure for vulnerabilities and to improve or ensure an adequate security posture.
Disaster recovery services for COT maintained systems: COT coordinates disaster recovery testing of COT-maintained systems.
Computer forensics investigations: Investigation of security incidents can involve computer forensics to aid agencies in securing systems, recovering data, discovering evidence of misuse or enforcing policy.
IT Compliance: COT coordinates with the agencies on mitigation and remediation of internal, state, federal and any other compliance audits.
FIREWALL AND VIRTUAL PRIVATE NETWORK (VPN) SERVICES
The Firewall and Virtual Private Network (VPN) services are for customers interested in an additional layer of security for their network. Firewall services are managed by COT’s Core Network Operations Firewall Team and provide access control and standards-based encryption technology as the foundation for secure, high performance data communications. Agency level protection is included for customers who sign up for an offering from the Data Communications series of Rated Services. Application\server protection is provided by the FW20 (FW20 Explanation) Rated Service.
VPN services are also managed by COT’s Core Network Operations Branch via the VP10 Rated Service and can be used to secure communications with remote offices or individual users.