Security Awareness Learning and User Education Platform

The vendor is required to provide by security awareness learning and user education platform as provide an integrated testing platform to educate users on recognizing phishing, spoofing and business email compromise (BEC) attacks through commonly used platforms such as email.
- The county’s goal is to employ a multi-channel, context-specific, and workforce member-centric approach to security awareness education for approximately 9,000 participants annually.
- Comprehensive details on how their submission meets each requirement.
- Instructional content:
• The platform solution must be able to provide security media using diverse modalities, including posters, videos, and configurable email-based tips.
• Ability to create custom content, including unique multi-media content, which can be uploaded and integrated into the education platform.
1.This function should also have the capability of inserting or customize quizzes, user challenges and graded questions within the custom content.
• Ability to brand content and append content with disclaimers (or additional information) meant to enhance the relevance of the training with county policy or guideline information and references.
• The solution should be able to provide different levels of training (basic users, intermediate, it professionals, management).
• Content delivery format and length should be varied, from micro training of ~5 minutes to more comprehensive training lasting 30-45 minutes or more.
• Training subjects should include a broad menu of options including a variety of information on security attack types and security threats. defined training on the meaning of security terms and attack types such as, denial of service attacks (DDOS), man in the middle (MIM) attacks, recognizing business email compromise (BEC) attacks, fraudulent source emails such as spoofing, social engineering, account takeover attempts, impersonations, password security, and various forms of electronic fraud.
1.Training should also include information on acceptable employee actions when suspected attacks are occurring as well as the potential consequences of inaction and possible impacts.
• Ability to create training campaigns and validate training effectiveness through direct phishing, BEC, impersonation simulations.
1.To establish groups and assign training based on responsibilities or knowledge requirements.
• Platform should incorporate modern techniques of immersive user interaction including gamification, and fully interactive scenario-based training that resonates with users to maximize content delivery and retention.
• Ability to decentralize management of training and phishing campaigns by department in a tenant-like environment or through role-based access controlled (RBAC) environment while also maintaining the role of platform wide administration and reporting.
• The county requires all contractors and workforce members to undergo training and testing; therefore, integrations with active directory via SAML and/or the ability to register users outside of the organization are required.
• Content should be sharable to the county's LMS with the support of the sharable content object reference model (SCORM).
• The content provided by the vendor should have frequent and consistent updates to avoid repetitive or stale instructional material.
1.Updates should be on relevant topics including knowledge-based information on attack types and security threats.
• Proposers should demonstrate content relevance to the county’s unique workforce environment.
- Phishing and testing platform functionality:
1. Provide realistic phishing and other social engineering attack simulations.
2. The ability to randomize campaigns within a date range and randomize phishing tests across a department, division, or work teams as defined within active directory.
3. Platform should provide suggested areas for improvement based on test results.
4. Provide specific content pertinent to government needs or standard local governmental processes.
5. A comprehensive reporting function that can be segmented by departments, divisions, and work teams.
• Reporting function should have the ability to provide statistical comparisons with previously completed educational and phishing campaign outcomes.
• Dashboards and reports should be able to provide comparative statistical data to defined industries.
6. The platform should have the ability to identify and report on repeat success or failure at the individual user level and apply a risk score based on historical compliance and testing outcomes.
7. Provide phishing notification button to report phishing and suspicious email in outlook.
- All platform features and functions should be compatible with mobile devices and various operating systems such as iOS and android.
- Contract Period/Term: 5 years