MS-ISAC Catalog of Services

SECURITY DEVICE MONITORING: MANAGED SECURITY SERVICES (MSS)
INCLUDED IN MEMBERSHIP*

Managed Security Services (MSS) comprises the monitoring of two security devices. Typically, this would include one firewall and one IDS/IPS device.

  • Security Event Analysis & Notifications 24x7
  • Technical Assistance
  • IDS/IPS Management

*Based on availability of Federal Funding and execution of a Memorandum of Agreement (MOA)

SECURITY DEVICE MONITORING: NETFLOW MONITORING & ANALYSIS (ALBERT)
INCLUDED IN MEMBERSHIP *

Netflow Monitoring and Analysis (Albert) is an automated process of collecting, correlating and analyzing computer network security information across State governments. The seven key Netflow fields are: source IP address, destination IP address, source port number, destination port number, protocol type, flags, and the router input interface.

  • Security Event Analysis & Notifications 24x7
  • Technical Assistance
  • Remediation Consulting

*Based on availability of Federal Funding and execution of a Memorandum of Agreement (MOA)

INCIDENT RESPONSE SERVICES
INCLUDED IN MEMBERSHIP

The Center for Internet Security (CIS) and its Cyber Emergency Response Team (CERT) assists partners in analyzing security information to assess the scope, magnitude, and source of intrusion when a cyber event is reported:

  • Network & Computer Forensic Analysis
  • Log & Malware Analysis
  • Access to the Malicious Code Analysis Platform (MCAP)
  • Remediation Consulting
  • Leverage Additional Resources through the National Cybersecurity and Communications Integration Center
ADVISORY SERVICES
INCLUDED IN MEMBERSHIP

The CIS Security Operations Center (SOC) receives information from a variety of different sources; the information is analyzed to determine the need for the creation of advisories or bulletins:

  • Advisories are distributed to all MS-ISAC members. They include: threats, vulnerabilities, exploits, attacks and compromises. Advisories are also posted on the MS-ISAC website.
  • Weekly threat reports
  • Monthly Situational Awareness Reports
  • Monthly Briefing via webcast
  • Conference calls may also be scheduled
THREAT NOTIFICATION
INCLUDED IN MEMBERSHIP

CIS Analysts and trusted third parties conduct research that provides intelligence in regard to targeted threats and release of information from compromised government or government affiliated systems and website defacements.

  • Notices are sent to the impacted partners based on predetermined escalation procedures
  • Recommended remediation steps are provided
  • CIS Analysts are available for technical assistance
VULNERABILITY ASSESSMENT
INCLUDED IN MEMBERSHIP

Network and web application assessments can be arranged based on a targeted threat or cyber event.
(Limited to a 30-day window)

  • Network Assessment
  • Web Application Assessment, including manual analysis and verification of reported vulnerabilities
  • Prioritization of vulnerability remediation
  • Customized reporting & vulnerability remediation support included
INFORMATION SHARING AND COMMUNICATIONS
INCLUDED IN MEMBERSHIP

CIS has a compartment on the US CERT Portal that hosts a library of cyber security resources for members.

  • Provides access to contact information and allows for secure e-mail communication and document sharing.
  • Contains the Cyber Alert Map. Each state/territory regularly updates its alert level based on cyber events.
  • A portal compartment can be created for each State to enhance communications.
EDUCATION AND AWARENESS
INCLUDED IN MEMBERSHIP

CIS provides education and awareness through the use of:

  • Daily cyber tips feed
  • Monthly cyber security newsletters
  • Bi-Monthly cyber security webcasts & hot topic webcasts
  • Monthly member webcast meetings
  • Awareness month toolkit
  • Chief Information Security Officer Mentoring Program
DHS INITIATIVES COORDINATION
INCLUDED IN MEMBERSHIP

CIS coordinates DHS initiatives on behalf of the MS-ISAC membership, which include:

  • Nationwide Cyber Security Review (NCSR)
  • Office of Cybersecurity and Communications monthly activities
  • Security Clearances for State Chief Information Security Officers
  • Regional and National Security Exercises
  • Government Emergency Telecommunications Service (GETS) Cards for States
SECURITY DEVICE MONITORING: MANAGED SECURITY SERVICES (MSS)
FEE BASED

Managed Security Services (MSS) is comprised of monitoring and/or management of security devices:

  • Security Event Analysis & Notifications 24x7
  • Monitoring and Management services are available for the following security devices.
    • Firewalls
    • IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)
    • Web Proxy
    • Endpoint
SECURITY DEVICE MONITORING: NETFLOW MONITORING & ANALYSIS (ALBERT)
FEE BASED

Netflow Monitoring and Analysis (Albert) is an automated process of collecting, correlating and analyzing computer network security information across State governments. The seven key Netflow fields are: source IP address, destination IP address, source port number, destination port number, protocol type, flags, and the router input interface.

  • Security Event Analysis & Notifications 24x7
  • Technical Assistance
  • Remediation Consulting
VULNERABILITY ASSESSMENT SERVICES
FEE BASED

Vulnerability Assessment Services can identify, prioritize and report critical vulnerabilities with CIS network and web application assessments.

  • Network Assessment
  • Web Application Assessment, including manual analysis of reported vulnerabilities
  • Prioritization of vulnerability remediation
  • Customized reporting & vulnerability remediation support included
  • Payment Card Industry (PCI) compliance scanning available
  • Scheduled (Monthly, Quarterly, Yearly)
CONSULTING SERVICES
FEE BASED*

CIS Consulting Services:

  • Security Policy Review
  • Infrastructure Architecture Review
  • Internal Systems Assessment
  • Comprehensive Security Review
  • Social Engineering (Phishing Exercises)
  • External Network Penetration Testing
  • Web Application Penetration Testing

*These services are based on a statement of work and are customized by request.

CONTACT FOR MORE INFORMATION

Mark Perry/Director of Partner Services

(518) 880-0686

Mark.Perry@cisecurity.org

24 x 7 Security Operations Center

1-866-787-4722

soc@msisac.org

To download the MS-ISAC Catalog of Services, please click here.