Report a Security Incident

• Security Service Desk

Open a Service Request

• Service Desk

Also Visit

• State ISO Website

Home Security

Security

The DTS is committed to providing a secure environment to meet the needs of its customers. As part of this commitment, the DTS maintains an extensive security program that includes physical access control 24 hours per day, 7 days per week as well as event management and audit, intrusion protection, virus protection, and numerous other deterrent and detection methods.

To provide assurance of its commitment to security, the DTS periodically engages information technology security-certified consultants to conduct vulnerability assessments, security testing, and compliance to industry standards. This process assures the security procedures and practices, used by the DTS, protect systems from potentially malicious activities. Additionally, this effort tests the DTS intrusion detection processes in order to identify opportunities to further reinforce their effectiveness.

For the protection of the DTS and its customers, the particulars of the DTS security program are withheld. To obtain information about the DTS security, please contact a DTS Customer Service Representative to schedule a confidential discussion.

Security Consulting Services Included With Current Services

• There are security descriptions for services on the following links:
  
  • Application Hosting
  • Equipment Hosting
  • CA.mail
  • Server Based Computing
  • Network

Security Consulting Services We Offer to Your Organization

In addition to security consulting services that are part of a current service, the DTS Security Management Division offers security consulting services in the following areas. If you would like our assistance, please contact the Service Desk (by using the link to the right) to open a Service Request .

Web Application Vulnerability Detection

With the industry push of Web-enabling applications, more and more sensitive data are being collected and analyzed over the Web. The DTS offers services that allow customers to identify the vulnerabilities in their applications and prescribe corrective actions. Our security professionals can assist you and your developers to focus on eliminating the security vulnerabilities in your Web applications.

The DTS uses technology that detects holes or weaknesses in the application which can be a design flaw or an implementation bug that allows an attacker access, potentially causing harm to the stakeholders of an application. The idea is to detect coding errors that leave applications susceptible to exploits. Examples of vulnerabilities include insufficient validation of user input, inadequate database error handling, and insufficient logging mechanisms.

In addition, applying security early in the development process of your Web applications may also help you meet compliance requirements, such as, PCI and HIPAA.

RFP Review

The State is committed to a program of active competition in the purchase of property and services. The State uses the Request for Proposal (RFP) procedure to solicit proposals from firms that are able to render professional service in areas desirable to an agency or organization. In the Information Technology arena, these RFP documents dictate proposed system requirements and Statements of Work (SOW) for which firms propose IT solutions. Due to the lengthiness of these RFP’s it is easy to leave important Information Security best practices absent during its creation. In these instances, applying Information Security practices to systems beyond the RFP phase are proven to be more difficult as doing so delays project deliverables and in some cases increase project costs.

This is the best time to get DTS involved. The DTS, Security Management Division (SMD), offers services to assist you in the Information Security portions of your RFP. Information Security Specialists may be consulted with during your RFP development to ensure that the system you desire is safe and secure. Consulting with an Information Security Specialist during the development phases of your RFP will minimize or eliminate delays in your project implementation processes as a result of forgotten Information Security.

Vendor Bid Reviews (Confidential Discussions and post RFP)

The State is committed to a program of active competition in the purchase of property and services. The State uses the Request for Proposal (RFP) procedure to solicit proposals from firms that is able to render professional service in areas desirable to an agency or organization. In the Information Technology arena, these RFP documents dictate proposed system requirements and Statements of Work (SOW) for which firms propose IT solutions. Upon receiving these vendor bids, it is the responsibility of the requesting agency to review and evaluate the firm and solution for its satisfaction to the RFP.

The DTS, Security Management Division (SMD), offers consulting services during these confidential discussions with vendors to ensure Information Security practices are included in their proposed solutions. Whereas consulting with an Information Security Specialist during your RFP development is best, consultations during the bid review phases can also minimize or eliminate delays in your project implementation processes as a result of forgotten Information Security measures.

Security Architecture Review

The objectives of information security involve guarding data and information technology (IT) networks against many types of threats. Well planned security architectures are one mechanism that allows an organization to take a more planned and comprehensive approach to enterprise security. Evaluating and studying your organization’s security architecture helps assess your need for security countermeasures and determine the best approach to implement. Appropriate countermeasures will protect your data from attackers whose intentions are to do harm and support authorized users by preventing them from causing damage to IT resources.

The DTS, Security Management Division, offers consulting services to analyze your organization’s security architecture. An Information Security Specialist may assist in reviewing data flow diagrams, network infrastructure diagrams, or technical architecture diagrams for upcoming projects or existing systems. Our Information Security Specialists are available to uncover possible vulnerabilities as well as make recommendations on how to mitigate security risks of your technical architectures and/or IT projects.

Information Security Subject Matter Experts (SMEs)

The Subject Matter Expert (SME or smee) is that individual who exhibits the highest level of expertise in performing a specialized job, task, or skill within an organization. The DTS, Security Management Division, offers Information Security SMEs to its customers. Have you a need to acquire information for an IT project, obtain validation for an organization’s IT security process, or simply undergo IT security question and answer discussions, the Security Management Division is available.

Security Consulting Services We Are Planning

Security Awareness Program

Security awareness addresses perhaps the largest and most overlooked risk in organizations today, the employees. The way employees interact with the organization’s data is as important as the complex physical countermeasures installed to protect the data. One user selecting a poor password or not able to handle social engineering correctly can compromise your systems quickly.

Security awareness training concepts include education for your employees through seminars, literature and evaluation of policy understanding. A simple security awareness training session for your employees can yield a high return on investment (ROI) and is probably one of the most important countermeasures you can implement in your organization.

The DTS hosts security related events throughout the year to promote security awareness for our customers. Half-day IT Security Forums are offered in each of the first three quarters of the year. These forums focus on varying security topics. Each fall, the DTS hosts the annual IT Security Awareness Fair. The IT Security Awareness Fair is a two day event featuring presentations from security professionals and a vendor zone. The topic speakers address current security trends, technologies and strategies. The vendor zone gives attendees an opportunity to talk with representatives from vendors offering security products and services.

Security Architecture

The DTS Security Management Division follows industry Best practices of network security. Security Best Practices is a slide show of the Industry Security Best Practices that the DTS has adopted in an effort to secure California's information.

Information Security Resources

View the links below to learn more about some of the common information security topics effecting automated systems today.

• Information Technology Infrastructure Library (ITIL)
• ISO Compliance
• PCI Compliance
• HIPAA – Final Ruling
• State Administrative Manual (SAM)
• The Office of Information Security and Prvacy Protection (OISPP)
• Information Systems Security Association (ISSA)
• California State ISO
• California Highway Patrol (CHP)