(a) The department shall provide the following managed security services through the center:
(1) real-time network security monitoring to detect and respond to network security events that may jeopardize this state and the residents of this state, including vulnerability assessment services consisting of a comprehensive security posture assessment, external and internal threat analysis, and penetration testing;
(2) continuous, 24-hour alerts and guidance for defeating network security threats, including firewall preconfiguration, installation, management and monitoring, intelligence gathering, protocol analysis, and user authentication;
(3) immediate incident response to counter network security activity that exposes this state and the residents of this state to risk, including complete intrusion detection systems installation, management, and monitoring and a network operations call center;
(4) development, coordination, and execution of statewide cyber-security operations to isolate, contain, and mitigate the impact of network security incidents at state agencies;
(5) operation of a central authority for all statewide information assurance programs; and
(6) the provision of educational services regarding network security.
(b) The department may provide:
(1) implementation of best-of-breed information security architecture engineering services, including public key infrastructure development, design, engineering, custom software development, and secure web design; or
(2) certification and accreditation to ensure compliance with the applicable regulatory requirements for cyber-security and information technology risk management, including the use of proprietary tools to automate the assessment and enforcement of compliance.