Information Security Operations Center

The Information Security Operations Center (ISOC) is responsible for day-to-day administration of security controls across the state enterprise network.  Technical controls such as firewalls, intrusion detection systems, and log analysis platforms are operated by this group.  The ISOC is responsible for monitoring and protecting all systems that participate on the state enterprise network, whether part of the executive, legislative, or judicial branches of state government, or if they are local and municipal government owned. 

Perimeter Security

The perimeter security group in the ISOC is responsible for the administration and management of enterprise and gateway firewalls, as well as the state's intrusion detection devices.  Additionally, this group performs significant research and development on security technologies and tools, including COSIGHT (link to code.google.com/p/cosight), the Colorado Security Information Geolocation and Heuristics Tool.  This tool is freely distributed to interested parties.  For more information, contact scott.burger@state.co.us. 

Event Correlation and Analysis

The ISOC hosts a central log collection platform and runs an analysis engine to identify security-significant events across the enterprise in near-real time.  This capability is planned to scale to meet the needs of all executive branch agencies, and potentially legislative and judicial branches as well.  For more information, contact bill.hubbard@state.co.us.

Incident Response

When a computer security incident is detected, the ISOC mobilizes it¿s incident response team to contain, eradicate and recover from the incident.  The IR team operates under a vetted plan that governs first-responder direction, escalation and handoff to law enforcement and the attorney general, and basic forensics practices.  For more information, contact bill.hubbard@state.co.us.