Cybersecurity Services

The Vendor is required to provide continuous monitoring, threat detection, incident response assistance, and cybersecurity advisory services to help the city maintain a strong security posture across its technology environment.
1. Security operations center (SOC) monitoring
•    24/7/365 monitoring of security events
•    Log aggregation and analysis
•    Security alert triage and investigation
•    Threat detection and correlation
•    Security event escalation
•    Servers
•    Endpoints
•    Network devices
•    Identity systems
•    Cloud services
•    Firewalls
•    VPN systems
2. Incident response support
•    Incident analysis and triage
•    Investigation support
•    Containment and remediation recommendations
•    Forensic analysis assistance when required
•    Incident reporting and documentation
3. Threat intelligence
•    Indicators of compromise (IOC)
•    Emerging threat advisories
•    Vulnerability alerts relevant to municipal environments
•    Threat hunting capabilities where applicable
4. Security monitoring technology
•    Security monitoring tools used by the vendor
•    Security information and event management (SIEM) capabilities
•    Endpoint detection and response capabilities
•    Integration with existing city systems
5. Reporting and communication
•    Monthly security reports
•    Incident reports
•    Summary of alerts and responses
•    Security posture recommendations
6. Cybersecurity advisory services
•    Cybersecurity best practices
•    Security architecture improvements
•    Identity and access management
•    Endpoint protection
•    Backup and recovery strategies
•    Security policy development.