ANALYSIS:
A successful cyber-security approach has multiple layers of protection spread across the computers, networks, programs, and data that is to be protected. In the City, the people, processes, and technology must all complement one another to create an effective defense from cyber-attacks. The City currently uses Gartner in a research and advisory role to guide the development and growth of its cybersecurity posture. For its core infrastructure the City relies on a combination of industry leading, enterprise grade solutions, proactive monitoring and implementation of security best practices. The City’s PCI (Payment Card Industry) compliance is verified annually through audits. A key component of cyber-security upgraded this year is the staff awareness and education component by utilizing the world’s largest security awareness training and simulated phishing platform to help us manage the ongoing problem of social engineering, the main attack vector for the introduction of malware and ransomware threats.
A cyber-security risk assessment is a beneficial tool to identify areas for improvement and opportunities to continue to adapt to the ever-evolving cyber threat environment. A competitive solicitation will help the City evaluate proposals for a cyber-security risk assessment, including potential costs. While the actual cost of such a review is unknown and can vary widely depending on the actual scope, the City has received an unsolicited quote in the amount of $65,000 for a methodical review to ensure emerging technologies, trends and threats are proactively addressed and policies, processes, and procedures for two semi-annual engagements. The actual budget can be further defined depending on the scope desired by the Committee.
| | |