The Vendor is required to provide cybersecurity assessment, compliance, and governance services to assess our current security posture, develop a comprehensive security and compliance framework, and deliver tailored training to our personnel.
- Risk assessment and gap analysis
• Evaluate our existing cybersecurity policies, procedures, and controls.
• Assess our current compliance to ensure alignment with relevant frameworks such as national institute of standards and technology cybersecurity framework (NIST CSF)/ health insurance portability and accountability act (HIPAA)/ criminal justice information services (CJIS)/ ISO 27001.
• Conduct analysis to identify deficiencies and potential exposure to the network and databases based upon previous penetration test results provided by the city to the selected contractor upon signed memorandum of understanding (MOU).
• Clear guidance and clarification regarding cloud-based platforms in conjunction with necessary security frameworks.
- Policy and framework development
• Access control and identity management (including multi-factor authentication).
• Data protection, privacy, and secure cryptographic storage (at rest and in transit).
• Incident response (IR) and business continuity / disaster recovery (BC/DR) planning.
• Vendor and third-party risk management
- Training and implementation support
• Deliver targeted cybersecurity awareness training for general end-users.
• Advanced operational training for it staff.
• Train-the-trainer model: establish an internal capability by equipping designated personnel to deliver ongoing cybersecurity education within their respective departments.
• An actionable roadmap and framework mapping chart ensuring clear linkage between policy components and organizational goals.
Set up free email alerts and get notified when new government bids, tenders and procurement opportunities match your industry and location. Choose daily or weekly delivery.