|
Service
|
Cost
|
| Controlled Penetration Testing (CPT) employs targeted network surveying, port scanning, service probing, vulnerability scanning, and, where applicable, attempting known exploits against vulnerabilities identified. DIR utilizes commercially available software, freeware, shareware, and custom scripts to perform a thorough and comprehensive external assessment of the network. DIR delivers a custom report identifying and rating vulnerabilities discovered and describing successful exploits. The report also provides recommendations on how to remediate or mitigate those vulnerabilities. |
No direct cost to state agencies. Not currently available to educational entities or local governments. |
| Cyber Security Awareness is self-paced, online cyber security training sponsored by the U.S. Department of Homeland Security. Courses include Information Security Basics, Information Security for Everyone, Business Information Continuity, Secure Software, and Network Assurance and others. Certificates are issued upon completion of each course. |
No direct cost to state agencies, universities, or local governments. |
| Disk Sanitization is a DIR-provided service that securely degausses/destroys hard drives (including IDE, SCSI, SATA, and laptop drives) that won't be reused. |
No direct cost to state agencies, universities, and local governments. |
| Information Security Assessment, Awareness and Compliance (ISAAC) system is a web-based, online tool that consists of several modules to assist state agencies and universities in assessing the security posture of their information systems and to measure or achieve compliance with information security standards. |
No direct cost to state agencies. Available at cost to universities. |
| Security Information Event Management (SIEM) provides 24/7 external monitoring, alerting, and reporting of malicious traffic based on inputs from agency-designated, external facing network components (e.g., firewalls) and intrusion detection and prevention system logs. DIR provides external monitoring and alerting through AT&T under the TEX-AN 2000 Master Agreement as a Managed Security Service. |
No direct cost to state agencies and universities. |
| Security Incident Reporting System (SIRS) is a web-based tool used to collect data as stated in the Texas Administrative Code (TAC) Subchapter B 202.26(d) (state agencies) and TAC Subchapter C 202.76(d) (institutions of higher education). |
No direct cost to state agencies and universities. |
| Vulnerability Assessment is comprised of one web application vulnerability scan (WAVS) and four quarterly network scans. When performing a Vulnerability Assessment, DIR attempt to identify security vulnerabilities on all discoverable devices and hosts within the specified IP range on a network. All discovered devices and hosts within the network and system administrative control are subject to scanning on a 24/7 basis until complete. Reports are generated from the automated vulnerability scanners based on the findings of the scan. |
No direct cost to state agencies, universities, or local governments. |
| Web Application Vulnerability Scan (WAVS) rates web application security against industry-standard vulnerabilities including Open Web Application Security Project (OWASP) Top 10, SANS Top 20, and Web Application Security Consortium (WASC) standards. |
No direct cost to state agencies, universities, or local governments. |
