Cybersecurity for Commonwealth Agencies and Employees
OA-Information Technology’s award-winning cybersecurity program provides a variety of cybersecurity resources and services to state agencies and employees.
Forward suspected spam to
Antivirus Software - Home Use -
Employees have access to free antivirus software for home use. The home use option is designed to minimize the possibility of contamination of commonwealth workstations when transferring information between home and work computers.
Security Awareness Training
All employees are required to complete mandatory online security awareness training on cybersecurity best practices, the commonwealth’s acceptable use policy and how to report security incidents. Web-based training is available to employees in LSO at
www.myworkplace.state.pa.us > My Training.
For more information about the following services, please contact
RA-CISO@pa.gov or refer to the
OA-Information Technology Service Catalog.
- Examination of the systems and related risks and threats from within and outside the organization.
- Review of the business areas supported by the infrastructure to better understand the asset risk and required controls.
- Technical review of the application or network architecture to ensure it is secured and does not pose risk to the agency or the enterprise.
- Review of the network component functions to ensure suitability.
- Development of detailed recommendations, risk mitigation plans, and documentation to assist agencies with securing their application or infrastructure.
Computer Forensic Investigations
- Provide systematic inspection of commonwealth systems and their contents for evidence or supportive evidence of cybercrime or other computer use that is being investigated.
- Collect and analyze evidence in a fashion that adheres to standards of evidence that are admissible in a court of law.
- Identify the cause of an incident.
- Contain compromised services.
- Identify policy violations.
- Recommend appropriate remediation of discovered vulnerabilities.
- Performs scanning and evaluation after remediation of device.
- Policy, procedure, and standards review.
- Physical and environmental security review.
- Communications and operations management review.
- Access control review.
- Information systems acquisition, development and maintenance.
- Information security incident management review.
- Business continuity management review.
- Compliance review.
- Includes network assessment, war dialing tests and internal and external vulnerability scanning.
- Map network and inventory systems to document vulnerabilities.
- Provide recommendations for remediation.
- Conducts interviews, inspections, assessments and policy reviews.
- Identify, quantify, and prioritize vulnerabilities in a system and infrastructure.
- Assure compliance with key security, physical, device, network, human, and policy controls.
- Detail discovered risks and provide risk mitigation options for remediation in a written report.
- Offers review and guidance on policy and procedure development.
- Perform annual extensive audits and quarterly full audits.
- Offer payment card industry (PCI) compliance reports.
- Examination of application or network to determine adequacy of security measures with vulnerability scans and testing.
- Deploy and maintain anti-virus software.
- Isolate and remotely remediate infected systems.
- Evaluate the security of a system or network through penetration testing.
- Provide customized reports outlining options for remediation.