House Bill 3112 of the 79th Texas Legislature enacted Chapter 2059 as an amendment to Texas Government Code. Section 2059.056 of the code states that DIR has responsibility for network security related to external threats to the agencies. Network security management regarding internal threats remains the responsibility of the state agency.

In accordance with the code, DIR has established a secure Network and Security Operations Center utilizing a shared security architecture. DIR contracted with AT&T to provide this network security monitoring service for Agency external networks.

Controlled Penetration Testing (CPT)

The DIR CPT evaluates network vulnerabilities that are susceptible to attack from a malicious source. The service analyzes system configurations, software and hardware defects, and procedural or technical weaknesses. Conducted from a potential attacker’s point of view, the evaluation verifies and attempts to exploit actual security vulnerabilities. The purpose of a CPT is to assist the customer in determining their network’s vulnerability to attack, to identify at-risk confidential or sensitive data, and to provide suggested countermeasures to prevent intrusions or data loss.
 

CPT Benefits

• Evaluates network security from attacker’s perspective
• Determines vulnerability to attack
• Provides countermeasures
• Assists business impact analysis

• Documents Findings

For more information on controlled penetration testing, visit the CPT FAQs page or contact the Office of the CISO.