Cybersecurity Strategic and Incident Response Plan Services

The vendor is required to provide s from qualified technology security consulting firms offering proven cybersecurity assessment services and the creation of cybersecurity strategic and incident response plans.
- Cyber assessment approach:
• Project organization staff
• Provide a project organization chart highlighting proposer key staff who will be assigned to the project ▪ Provide bios for the proposer key staff
• Providing a staffing matrix that identifies the specific roles/responsibilities to be filled by proposer staff versus those to be filled by city staff.
• As part of this matrix, identify estimated level of effort for each staff person and when that person would be required.
- Project management
• Project management methodology/approach
• Provide a project schedule that identifies tasks, activities, dates, durations, resources, deliverables, and milestones
• Provide a project plan that describes your approach to schedule management, scope management, communications management, issues management, risk management, change management, etc.
• Identify any additional resource requirements for the project
- Technological assessment areas
• The approach for evaluating all the areas listed in “assessment and testing requirements”.
• Recommendations for vulnerability and penetration testing.
- Cybersecurity strategic and cyber incident response plan
• Prioritize and rank cyber resilience objectives, concerns, existing staffing, resources, services and programs based on the ability to achieve the city’s vision.
• Evaluate the city’s current operations and governance, as well as organizational structure, budget, policies and vehicles to ensure that they best meet the city’s cyber resilience programs through the most effective processes, contract provisions, service agreements, resource allocations, employee staffing and development, and reporting relationships.
• Assist in developing process/plan/policies which stimulate organizational change and acceptance related to the implementation of new security program and policies.
• Identify and estimate the initial implementation as well as ongoing lifecycle requirements in level-of-effort, skills, personnel and budget over the first five years.
• Assist with developing strategies to plan for future exploits and unknown threats.
o Identify key performance indicators (KPIS) and effectiveness metrics for continually evaluating the strategic plan’s effectiveness.
• The cyber incident response plan (CIRP) should address how effective methods for business recovery in the event of a cyber security incident.
• Provide methodologies and examples for tabletop and other practical exercises to train for responding to cyber security incidents.
• The CIRP should address managing organizational culture changes in creating a security awareness program.
• The CIRP should include staff at all levels.
- Contract Period/Term: 3 years
- Questions/Inquires Deadline: March 14, 2025