(1) Vendor needs to provide IT security and compliance services to the government authority located in Warwick, RI.– Information Systems security risk assessment of its physical office space and IT Security policies and procedures as well as an assessment of the security posture of agency’s line of business contractor.– Develop Cybersecurity Program Maturity Assessment Review and update current security policies and procedures.– Enter into a contract to provide monthly on–site risk management and review of cyber security procedures, analysis of system output data to identify potential breaches, suggest best practice, apprise senior management of known threats.– Controls assessment will include assessment of the risk that a single trusted user, administrator or vendor of agency’s Information Systems can accomplish and conceal the improper diversion of assets using vulnerabilities found in agency’s information systems.– Vulnerability Assessment of SaaS websites.– Websites can be a vector of attack and enable access to data even if the website is not part of the data processing cycle.– The vendor will perform a vulnerability assessment on the primary website for each service provider.– Develop a Cybersecurity Program Maturity Assessment.– Evaluate the strategy and applications used to protect endpoints from viruses, malware and other vectors of compromise.(2) All the questions must be submitted no later than January 20, 2025.
↧