Security Services

What is This Service?

This service assists customers with the security and protection of information resources. The service focuses on compliance, risk reduction, and centralized security operation activities.

What is Included?

Standard Services Offered

  • Firewall Oversight and Maintenance – Operation of border, data center, and distributed customer firewalls.
  • Secure Partner Connections (Site to Site VPN) – Enablement and maintenance of secure connections to partner organizations.
  • Information Security Awareness Training – DII offers Information Security awareness training for all state entities. Specific types of training are available upon request.
  • SSL Certificate Management - DII – Security is the central point of contact for all SSL Certificates state-wide to ensure that certificates are renewed prior to expiration and that certificates that may become outdated due to changes in security requirements or NIST standards are updated accordingly.
  • Network Intrusion Detection/Prevention - DII manages the NIDS to minimize the risk of an intrusion, denial of service, or other malicious act. Metrics are collected to determine the greatest risk, and then used to adjust firewall rules as needed to meet the changing threat.
  • Incident Response – DII is the point of contact for all state computer incident response reporting.

Additional Non-Standard Services

  • Compliance Oversight – DII Security provides technical and compliance consulting for technical audits.
  • Security Architecture/design consulting – DII Security provides technical consulting to RFPs, contracts, implementation and operations of large projects.
  • Security Policy Development - DII Security is responsible for developing state-wide security policy, but is also available to assist customers in developing customer specific policies to meet unique, or non-standard requirements (example Tax, or Healthcare)
  • Penetration Testing/Vulnerability Assessments – Penetration testing and vulnerability assessments are a required element of many compliance programs and a best practice element for systems that contain high risk data. DII Security can conduct vulnerability assessments in-house, or can facilitate choosing an appropriate vendor partner for these types of tests and provides analysis services centered around reducing the risk based on resulting reports.
  • Audit logging and incident management – DII Security retains centralized services to watch audit logs for intrusion attempts, provide automated alerts and handle security incidents.
  • Software code scanning – Both static code reviews and dynamic code review services are available through DII. Either source code or compiled code may be evaluated for OWASP security vulnerabilities.

How Do I Obtain This Service?

User Request Process for Service Features

How Do I Obtain Support for this Service?

To request support for this service, contact the Service Desk to open a support ticket

Self Service Portal – Log into LANDesk

Service Maintenance Schedule

  • Routine security operations maintenance that has a low risk of disruption may occur at any time.
  • Maintenance that has been identified to cause an outage or has a high to moderate risk of disruption will be scheduled outside of business hours with notification to all potentially impacted areas.
  • High/moderate risk outage window 8:00 p.m. – 10:00 p.m. on Thursdays

Service Performance

Availability Goal

Service/Application Availability
  • Firewall Availability at Site or Office Location: 99%
  • Site to Site Availability at Border: 99%
Support Availability
  • DII Service Desk: Monday –Friday 7:45 a.m. to 4:30 pm
Non-Business Hours

DII does not traditionally respond to issues after business hours. DII staff is only available via "best effort" after hours. Support calls placed after 4:30 PM and weekends/holidays will be redirected to Contact Communications. Issues requiring immediate attention will be forwarded to the appropriate DII employee who will triage the reported issue and follow proper procedures to restore activities to normal operations

Request Fulfillment Goal

  • Depends on the type of request.

Resolution Goal

  • See Resolution Goal in the Customer Support (Service Desk) description.

User Connectivity issues

  • Resolution Goal: 2 business days
  • Issues will be prioritized and resolved based on priority. Please refer to Customer Support for definitions of priority levels and resolution goals for each level.

Firewall issues in state offices

  • Resolution Goal: 1 business day
  • Issues will be prioritized and resolved based on priority. Please refer to the Customer Support section for definitions of priority levels and resolution goals for each level.

Note: Major outages will be addressed as soon as feasible. A Global ticket will provide information about the incident, locations that are impacted, and expected time for recovery. This information will also be posted on DII’s Home page.

Service Costing

  • Standard services are funded through the DII Allocation.
  • The Non-Standard services may involve an additional fee.
  • For rates, view the Security Rates document.

Department of Information and Innovation
133 State Street
Montpelier, VT 05633
(802) 828-4141

For Customer Support, please call 802-828-6620 or toll free 855-828-6620

  • DII Service Desk:   Option 1
  • DII Telecom Helpdesk:  Option 2
  • DII Mainframe Helpdesk:   Option 3
     
  • Vision/HR Helpdesk: 802-828-6700