Security Prevention Services

Minimize your agency’s risk of security breaches by conducting a thorough evaluation of your infrastructure. The Division of State Information Technology’s Chief Security Officer staff provide the following prevention services:

• Risk Assessment
• Network Vulnerability Assessment
• Network Penetration Testing
• Telecommunications Sweep
• Network Discovery and Mapping
• System Security Scan

Understand the Service

• Risk Assessment
  To ensure quality the state will utilize the Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE®) method as its standard for risk assessments and vulnerability testing. Chosen because it develops the required practice-based protection strategy and risk mitigation plans, this method leaves the agencies or departments with the ability to keep these plans current and viable. Additionally taking this enterprise approach will minimize risk, reduce implementation and operating costs, and set standard methods and tools for ensuring security.
  
  A risk assessment will:
    
  • Address known security vulnerabilities
  • Address requirements for protecting critical IT infrastructure
  • Establish requirements for ongoing risk assessments and remediation efforts
• Network Vulnerability Assessment
  Locate vulnerabilities in your agency’s network security architecture.
    
  A vulnerability assessment closely examines your network architecture to show your system’s security posture with respect to specific vulnerabilities. The assessment interprets and compares results against the various business processes to determine whether the perceived vulnerability is indeed valid, a false positive or whether other security controls address the perceived vulnerability. Proven to be effective on government network environments, the vulnerability assessment testing methodology has exposed serious vulnerabilities on systems previously accredited for operational use.
     
• Network Penetration Testing
  Demonstrate the ability of a security system to be bypassed.
    
  The goal of penetration testing is to determine if the protective controls of a host(s) and network can be bypassed. Characterized as either external or internal to the network, penetration testing provides evidence (sometimes to an unbelieving audience) that vulnerabilities indeed are or can be exploited. It brings a dose of reality and intense focus to the vulnerability assessment.
      
  A penetration test can be conducted with the following views: Black-Box (zero knowledge) and White-Box (full knowledge). The different types of tests available are:
    
  • External Penetration Testing
  • Internal Security Assessment
  • Application Security Assessment
  • Wireless/Remote Access Security Assessment
  • Social Engineering
  The penetration testing methodology utilized by the Division of State Information Technologyr’s (DSIT) Chief Security Officer has proven to be very effective in determining the exploitable characteristics of a given network or host system.  
     
• Telecommunications Sweep
  Scan the telephone address space to identify unauthorized or unsecured modems.
    
  A sweep of the telephone address space is used to detect unauthorized modems and authorized but insecure modems. In addition these tests are used to ensure authentication systems are in place and to exploit any vulnerability that may exist. A telecommunications sweep tests to see that no backdoor access is available to the system or network.
    
  The Chief Security Officer’s methods and procedures used in a telecommunications sweep have proven effective in verifying the existence and status of modems connected to the network and host systems.
     
• Network Discovery and Mapping
  This service consists of DSIT Chief Security Officer staff making an onsite visit to your agency to use several commercial and open source network scanning and discovery tools. A Visio drawing will be provided to your agency when all subnets and routers have been discovered. 
     
• System Security Scan
  An option for organizations with an insufficient budget to conduct a full risk or vulnerability assessment is a system or application security scan. Through the use of several commercial vulnerability and open source tools and public IP addresses, the scan will cover all areas of your system that are accessible from the Internet. These scans come with thorough reports and can even be scheduled to run on a recurring basis.

Why Use DSIT?
Our security engineers are trained, certified and experienced with all major security solutions.

Rates/Pricing
Please contact DSIT Customer Relations by calling 803-896-0330 or send an e-mail to customerservice@cio.sc.gov.

Questions? or Ready to Order
Please contact DSIT Customer Relations by calling 803-896-0330 or send an e-mail to customerservice@cio.sc.gov.

How Am I Billed?
Security Prevention services are billed via the Customer Care billing system using standard State processes.   

Top of Page