(a) IT infrastructure details, including network architecture, schematics, and IT system designs;
(b) Source code;
(c) Detailed hardware and software inventories;
(d) Security plans;
(e) Vulnerability reports;
(f) Security risk assessment details;
(g) Security compliance reports;
(h) Authentication credentials;
(i) Security policies and processes;
(j) Security incident reports; and
(k) Any audit, assessment, compliance report, work papers or any combination of these that if disclosed could allow unauthorized access to the state’s IT assets.