Illinois Department of Central Management Services (CMS) Bureau of Communication and Computer Services (BCCS)
Illinois Department of Central Management Services (CMS) Bureau of Communication and Computer Services (BCCS)
  Governor Pat Quinn
  
Skip to Search Skip to State Links
BCCS  Illinois

[BCCS Tips]  [Illinois Tips]
Illinois Department of Central Management Services
 
 

BCCS Services

 

Systems Security Assessment

Government is becoming more accessible and convenient to its constituents as a result of the Internet and the world-wide communication infrastructure, coined e-Government. As more and more of the State systems include a public facing presence on the Internet, it also becomes more and more essential that State computer systems are routinely tested ensuring that only the appropriate information is presented and personal information is protected.

Protection of sensitive and personal information held within State computer systems requires a uniform and consistent approach to routine security assessments. BCCS brings years of experience and training to the area of securing technology. Supporting over 2,000 custom applications and systems, BCCS staff maintains a diverse and complex network of both legacy and current technology.

BCCS offers an ala carte approach to assessing the environment of a particular system. This approach is offered and tailored primarily to the needs of the agencies, boards and commissions under the authority of the governor.

Routine security assessments are included in the standard hosting service if your application is hosted by BCCS. Additional specialized testing of BCCS hosted systems can be arranged if required by regulation or mandate.

Whatever your information technology needs might be BCCS can help you in making the right choices to keep you connected.

 

What is Included? What You Should Expect?
How Can You Help? Need More Information?
Service Order Information Rates [PDF, 8KB] Download PDF Reader

What is Included?

Based upon the needs and requested services, CMS BCCS can conduct an assessment and provide recommendations focusing on:
  • Network Vulnerability
  • Penetration Testing
  • Application Vulnerability
  • Industry Best Practices

BCCS Security and Compliance Solutions has developed a line of services to provide quality security-related vulnerability assessment services for state agencies, boards, and commissions in Illinois at inexpensive rates. These services have been developed by the Technical Safeguards Unit to help ensure the confidentiality, integrity, and availability of information in your IT environment.

Top

What You Should Expect?

Upon request to BCCS for a security assessment engagement, BCCS will determine whether the potential customer is eligible for the services. Once eligibility has been determined, there will be a preliminary meeting scheduled to define the scope of the project. Once the initial scope is defined and agreed upon, an information gathering effort is undertaken to establish and verify the scope and possible additional tests that might be recommended to provide a comprehensive review

Thereafter, a draft agreement will be emailed to the customer. A signed, final agreement will be required in order to initiate system security assessment services from BCCS. Following a signed, final agreement,the assessment is conducted and a report is prepared for customer review. Questions and possible additional recommended testing may result from this initial review culminating in a final report assessing the current health of the environment and possible recommendations.

Elements of a security assessment agreement:

  • All information provided, discovered or reported by either party remains the property of the customer and is considered confidential and protected.
  • Terms of the engagement do not include assumption of liability by CMS BCCS. No warranties expressed or implied apply to such security assessments. New vulnerabilities and exploits are discovered on an on-going basis. Assessments are a "snap-shot" of the environment and limited to the vulnerabilities tested and identified. Security assessments are conducted as preventative due diligence and best practice. Suggested follow-up and periodic reviews are always recommended.
  • A list of hardware and software to be tested, along with an explanation of the testing, its scope and limitations, will be provided to establish and verify what will be included in the final report.
  • An agreed upon scope of work statement will be provided. Modifications to the initial agreement will follow standard change management practices.
  • A final confidential report outlining findings, level of risk and suggested follow-up actions will be provided to the customer.

Top

How Can You Help?

The scope and duration of the engagement is reduced if up to date system and hardware inventories and documentation are available to BCCS security assessment staff during the information gathering phase of their work.

Top

Need More Information?


Please send inquiries for additional information to the Systems Security Assessment Group at CMS.Security.Assessments@Illinois.Govfor additional information.

Top

Place or Change Your Service Order Information

A request for a security assessment is an interactive process culminating in a scope of work and related agreements. The first step is to send an email to CMS.Security.Assessments@Illinois.Gov to begin the process. There are no obligations created until final agreements are signed.

There may be instances where CMS BCCS is limited in staff availability to conduct an assessment within the timeframe required, or, where more specialized expertise would be recommended. If third party assistance would be recommended, CMS BCCS will assist the client in identifying the requirements and scope for such an engagement.

Top
State of Illinois
Central Management Services