Cybersecurity Services

The Vendor is required to provide security program and practice, supported in part by our security professional service providers and third-party risk assessors.
- Planning, methodology, project management and engagement
• Planning that provides a clear scope statement, and explanation of the method(s) that will be used to meet the required results;
• Proposed testing, interview, or research method(s) that takes into consideration the role of the participant and are inclusive of appropriate systems and stakeholders;
• Methodology that seeks to minimize negative impact to systems and resources;
• Issues or discrepancies with scope, methodology, and timing resolved promptly;
• Final deliverables are carried out to specification, are of high quality, and are well tailored to the key audiences as required;
• Presentations of results are delivered effectively;
• Ability to provide technical expertise and recommendations for risk reduction.
- Technical security testing:
• Internal and external network and infrastructure penetration testing
• Vulnerability scanning
• Web application and OWASP top-10 testing
• Mobile application testing
• Code review
• Security validation
• Physical security testing and controls assessment
• Cloud security controls assessment
• AI adversarial testing and validation of security controls (e.g., prompt injection, model abuse, data exfiltration)
• Phishing simulation
- Security consulting
• Threat and risk assessment (TRA)
• Security architecture and requirements
• Security consulting and advisory services
• Security policy review
• Security training and awareness development and delivery
• Security audit support
• Secure coding advisory (including AI coding)
• Cloud security consulting and advisory services (multi-cloud)
• Disaster recovery and business continuity advisory and planning
• Virtual CISO advisory services.