The Office of the CIO Cyber Security Team scans for vulnerabilities on the state network and, with assistance from agencies, provides vulnerability scanning inside agency networks. With this scanning, we (or the agencies) remotely scan the network to identify known vulnerabilities and security weaknesses. With this approach, networks are easily analyzed from the perspective of the outside attacker. With that information, we can improve the security on those systems.
Our Cyber Security Team uses different scanning tools, some of which are used regularly to scan agency external networks. Others, as stated above, can provide the means to scan internal systems when assisted by the agency to do so. When any vulnerability is discovered and reported to an agency, the agency must mitigate the vulnerability and report their actions to us.
In order to protect the network as a whole, the entire network needs scanned for vulnerabilities. Each agency is requested to participate in our vulnerability scanning process. However, the Office of the CIO has only recently obtained this capability and is still developing an overall service.