MS-ISAC CYBERSECURITY ADVISORY
The MS-ISAC is the focal point for cyber threat prevention, protection, response and recovery for the nation’s state, local, tribal and territorial (SLTT) governments. The MS-ISAC 24×7 cybersecurity operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response.
MS-ISAC CyberSecurity Advisories
Incidents
A security incident is considered a possible loss of sensitive, protected or confidential data that could have been potentially viewed, stolen or used by an individual unauthorized to do so.
For notification of a possible security incident it is important to notify DTS Campus Security and submit a Service Now ticket to IT Desktop or Hosting operations. DTS Desktop or Hosting will review the issue and determine if data has been compromised and will involve the Enterprise Information Security Office (EISO) to perform a forensic investigation. At this time the Cyber Security Incident Response Plan (CSIRP) comes into action.
The EISO will also receive notifications from external sources such as the MS-ISAC and FBI, which are handled directly by the Security Operations team (SOC) as documented in the CSIRP.
Investigations
Forensic Investigations refers to the use of science or technology in the establishment of facts or evidence to be used in criminal justice or other proceedings.
Various types of investigations performed by the EISO are Internal Forensic Investigations, Litigation Holds, and Grama Requests.
An example of an Internal Forensic Investigation would be to investigate an employee involved in potentially illegal activities that go against policy, such as the Acceptable Use Policy.
Litigation Holds and Grama Requests are normally requested by an outside entity to collect data for evidence in a legal dispute. All Grama Requests are reviewed and approved by DTS PIO prior to any action being taken by the EISO.
To request an Investigation by the EISO, go to Security Forms and select DTS Form 505 – Request to Initiate a Security Investigation. Complete the form and send to dts-investigations@utah.gov.
The EISO also reviews and approves Delegate Access, which is obtaining rights to emails, network files and/or Google drive documents that belonged to an ex-employee. To request this, go to Security Forms and select DTS Form 506 – Delegation Request.
Vulnerability Assessments
A process by which risks are identified and the impact of those risks are determined. Additionally, a process whereby cost-effective security/control measures may be selected by balancing the costs of various security/control measures against the losses that would be expected if these measures were not in place.
Security Review
The purpose of a Security Review is to determine the security needs in the early stages of a project. The project must be reviewed for potential security vulnerabilities throughout the development lifecycle. The Initial Security Development Checklist (SDLC) worksheet is used to assist in this review and for documenting any known issues and status.
Campus Security reviews all new servers and applications. To request this service on an existing server, please submit a Service Now ticket to Enterprise Security. Campus Security will work through this checklist with you.
Risk Assessment Scan
A Risk Assessment is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, service and application flaws, improper configurations, or risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies.
A Risk Assessment scan can consist of one or several types of scans, such as, Web Audit, Credentialed, Exhaustive or Denial of Service in order to provide more insight on a development box, web server, and other type servers or services.
To request this service, please submit a Service Now ticket to Enterprise Security.
Penetration Testing
A Penetration Test is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. Penetration Tests are performed using manual or automated technologies to systematically compromise a single vulnerability risk, such as, SQL Injections or Cross Site Scripting (XSS).
To request a Penetration Test, please submit DTS Form 599 Penetration Test.
Phishing Attempts
Phishing is a social engineering technique in which an email user is duped into revealing personal information. Through requests, the EISO provides phishing tests for agencies or departments that want to check the security awareness of their staff. To request this service, please submit a Service Now ticket to Enterprise Security.
Risk Acceptance
Risk Acceptance is an alert notification that an agency has vulnerabilities on one of their servers or services that cannot be promptly mitigated for various reasons. The agency accepts the vulnerability risks until the time that the vulnerability can be mitigated. This is done by the agency submitting a DTS Form 525 to the EISO.
Security Awareness Training
Security Awareness Training is intended to increase the security awareness of all State of Utah employees and to help them behave in a more secure manner within their work environment. While some of the information may relate to maintaining a home computer, the increased awareness is intended to help improve the overall cyber security posture.
Background Checks
The Department of Technology Service (DTS) requires Background Checks on all new hire DTS state employees and DTS contractors. Please go to Security Forms and fill out the appropriate forms as identified by Employee or Contractor.
For Employees and Local Contractors please call the Security Desk 801-538-3666 or cell 385-321-3931 and schedule your fingerprints and bring your signed forms. Appointments are taken between 7:00-3:00 Monday through Friday.
If submitting electronically (Live scan) please provide the OTN, TCN or UT certification number.
Fingerprinting for individuals working remotely, needs to be arranged through your local law enforcement and send priority mail overnight to address listed below.
Address of Security Desk:
4315 South 2700 West
Salt Lake City, UT 84184
