The scope of the EA Domain Team for Security includes seven components:

1. Single Sign-on and Enterprise Authorizations
2. Enterprise Logging
3. Enterprise Security Awareness
4. Enterprise Incident Prevention/Response/Notification
5. Enterprise Network Security
6. Enterprise Security Practices
7. Enterprise Authorizations

1. Single Sign-on and Enterprise Authorizations

Current State:

• Applications utilize internal file to authenticate
• Current LDAP directories being utilized: ITD's Active Directory, ITD's SecureWay, NDS, other
• Standalone NT Domain Controllers
• Kerberos
• Platform specific, performed by operating systems (Mainframe, AS/400, UNIX,…)
• Proximity cards being used for physical access
• Thumbprint reader
• Digital certificates
• Possible third party authentication for third party hosted applications

Future State:

• Any user accessing applications that require authentication is issued one and only one set of authentication credentials. These credentials are used by all applications within the enterprise that require authentication.

Gap Analysis:

• Review current policies and recommend any additions, changes, and deletions
• Form a group to identify the requirements, processes, and procedures for establishing and utilizing a single signon solution

2. Enterprise Logging

Current State:

• Applications may perform local logging
• Platforms may perform local logging
• Firewalls, routers, and some NT systems send logs to SYSLOG servers
• Various systems send logs to separate files on the mainframe where the reports are generated
• Application specific reporting tools (e.g. Webtrends for web servers; mynetwatchman)
• General purpose reporting tools (e.g. Crystal Reports)
• In-house written reporting tools

Future State:

• Every server/application maintains logs appropriate for the server/application function. Appropriate logs are communicated to a centralized repository. Reports are created as needed for addressing incidents and trends.

Gap Analysis:

3. Enterprise Security Awareness

Current State:

• Newly hired personnel receiving training
• Some done on yearly basis
• Some formal review signoff is being used
• Some processes use emails as notification of review being performed
• Several tutorials are being utilized
• At Higher Ed, tutorial is used by students, faculty, staff
• Some hard copy records being used as proof of training
• Some electronic records being used as proof of training
• Training videos being used
• agency newsletters being used
• Posters used at agency level
• Central Personnel is offering security awareness training course 

Future State:

• An information security awareness program ensures knowledge about information security policies, standards, guidelines, procedures, and risks are maintained.

Gap Analysis:

• Review current policies and recommend any additions, changes, and deletions
• Form a group to identify the requirements, processes, and procedures for establishing and utilizing a enterprise security awareness

4. Enterprise Incident Prevention/Response/Notification

Current State:

• Knowledge of events rarely gets beyond agency level
• No formal procedures in place to respond to events on enterprise level
• Listserv's are being utilized to receive early warning of vulnerabilities (CERT, SANS, Microsoft, …)
• Some information of vulnerabilities are being posted to agency web pages
• Auto-distribution of anti-virus signatures is being used more
• Usage of enterprise anti-virus solution continues to increase
• Best practices may be followed at an agency level
• Some scanner tools are being used to test for vulnerabilities (e.g. nessus, nmap, superscan)
• Some agencies have developed internal procedures
• Email notifications are being used for major warnings and statistical information 

Future State:

• An enterprise SIRT ‘Security Incident Response Team' exists to evaluate, communicate, and respond to threats, vulnerabilities, and illegal or harmful activities

Gap Analysis:

• Review current policies and recommend any additions, changes, and deletions
• A plan will be created to build an enterprise Computer Incident Response Team (CIRT). Tasks to be included in the plan are create list of proposed members of team, document responsibilities of team, and document communication methods to be used by team.

5. Enterprise Network Security

Current State:

• DMZs (demilitarized zones) are being utilized
• Firewalls are being utilized
• Reverse proxies for web servers are being utilized
• External FTP server is in the process of being put in place
• VPNs are being utilized (network and client)
• Agency level dmz's and firewalls are optional but usage is currently low
• Desktop firewalls are starting to be used but still minimal

Future State:

• DMZ's and firewalls exist to provide secure zones which isolate threats and vulnerabilities in the enterprise

Gap Analysis:

6. Enterprise Security Practices

Current State:

• Old standards, they have not been kept current
• Acceptable use policies in place
• No process in place to monitor for compliance to standards/policies
• Responses are mostly a reaction to outside complaints
• No published enterprise-level procedures/guidelines are available
• Network performance monitoring is being done
• Desktop/server build guidelines exist only at agency 

Future State:

• Information standards, policies, guidelines, and procedures exist to ensure a safe, consistent, and functional enterprise.

Gap Analysis:

• A plan will be created to ensure scheduled review and update of standards, policies, procedures, guidelines

7. Enterprise Authorizations

Current State:

• Authorization is mostly accomplished internally by applications
• LDAP is beginning to be used for authorization via group membership and specific attribute values
• Platform specific, performed by operating systems (Mainframe, AS/400, UNIX, NT, ...) 

Future State:

• A directory exists for administration of access authorizations.

Gap Analysis:

• TBD