City of Aspen - Local Government Procurement Solutions- Rocky …
City of Aspen
IT Security Audit Request for Proposal
REQUEST FOR PROPOSAL
IT Security Audit
for the
City of Aspen
Issued October 1, 2015 Proposal Due Date: November 16, 2015
REQUEST FOR PROPOSALS
Sealed proposals will be received at the City of Aspen Purchasing office 2:00pm, November 16, 2015, at which time the proposals will be opened and reviewed, for the following City of Aspen project:
IT Security Audit
The project will include, but is not limited to: ensure that reasonable protection for general and specific threats of the City's IT systems and infrastructure including testing and verifying security of information technology systems and networks; verify perimeter security controls; review security and configuration of internal infrastructure; review security of SCADA and other maintenance control systems; review security associated with web applications and websites used by the City, perform exploitation of vulnerabilities in coordination with IT staff; identify and recommend safe guards to strengthen protection of the infrastructure.
Complete proposal packages are available to download from Vendors must be registered to view the bid packages. There is no charge to register. Call 1-800-8354603 if you need assistance registering.
The City reserves the right to reject any or all Proposals or accept what is, in its judgment, the Proposal which is in the City's best interest. The City further reserves the right, in the best interests of the City, to waive any technical defects or irregularities in any and all Proposals submitted.
Pursuant to the Colorado Open Records Act, C.R.S. Section 24-72-200.1 (CORA), any and all of the documents that are submitted to the City of Aspen may be deemed public records subject to examination and inspection by third parties. The City of Aspen reserves the right, at its sole discretion, to release for inspection or copying any document, plan, specification, proposal or other writing submitted pursuant to this request.
The Proposal must be placed in an envelope securely sealed therein and labeled: "Proposal for 2015-103 IT Security Audit". The City cannot accept late, faxed, or emailed proposals.
Discussion may be conducted with responsible offerors who submit Proposals determined to be reasonably susceptible to be selected for award for purpose of clarification to assure full understanding of, and responsiveness to the solicitation requirements.
In addition to price, the criteria set forth in the Instruction to Offerors and any specific criteria listed below, may be considered in judging which Proposal is in the best interests of the City: overall proposal adherence to objectives; reputation, experience, perceived ability to deliver services; reference responses.
BY ORDER OF THE CITY OF ASPEN, COLORADO
Rebecca Hodgson, Purchasing
1
City of Aspen
IT Security Audit Request for Proposal
Table of Contents
1) Objective of IT Security Audit Request........................................ 1 2) City Technology Profile ............................................................... 2 3) Proposer Creativity..................................................................... 4 4) RFP Process ............................................................................... 4 5) Response Content ...................................................................... 5 6) RFP Assumptions ...................................................................... 6 7) Evaluation of Proposals.............................................................. 7 9) Legal.......................................................................................... 7
City of Aspen
IT Security Audit Request for Proposal
1) Objective of IT Security Audit Request
The goal of this RFP and project is to ensure that reasonable protection is in place for general and specific threats that may exist for the City of Aspen's IT systems and infrastructure, including but not limited to the following:
To test and verify the security of information technology systems and networks so as to ensure the effectiveness of deployed security measures.
Verify the perimeter security controls. Review the security and configuration of internal City of Aspen IT
infrastructure. This includes the associated networks and systems with a perspective of ensuring confidentiality, integrity and availability of data and information systems. Review the security of the City's SCADA and other maintenance/control systems. Review the security associated with web applications/websites that are used by the City of Aspen. Perform exploitation of vulnerabilities in coordination with IT staff. Identify and recommend safeguards, suited to the City of Aspen's environment, with the aim to strengthen the level of protection of the City of Aspen IT infrastructure.
The engagement will be broken into four phases:
a) External Penetration Assessment ? General Government Network To be performed external to the City of Aspen General Government Network. The scope will be public-facing websites and perimeter systems that are part of the City's general government network infrastructure. The vendor will identify vulnerabilities and potential exploits. Once identified a determination will be made if and how any vulnerabilities should be verified or exploited.
b) External Penetration Assessment ? Recreation Network To be performed external to the City of Aspen Recreation Network. The scope will be the perimeter systems that are part of the City's Recreation network infrastructure. The vendor will identify any vulnerabilities and potential exploits.
c) Internal Vulnerability Assessment ? General Government Network To be performed from inside the City of Aspen General Government Network. The scope will be an overall security assessment and review of internal systems, including but not limited to:
1
City of Aspen
IT Security Audit Request for Proposal
o Firewalls ? review firewall configurations and rules, o Switches and routers ? review overall configurations and security
settings, o Servers ? review server configurations with emphasis on DMZ and
certain enterprise-wide systems, o WLAN ? review of security for City SSID's and controllers, o End-user PCs ? overall vulnerability of PC systems, and o PCI compliance ? review of process and point of sale system in use by
certain departments.
Systems will be examined for security best practices and vulnerabilities. This phase can be done using a combination of vulnerability assessment tools and review of system configurations and security processes. This phase does not need to include any penetration of systems.
d) External Penetration and Internal Vulnerability Assessment ? Control Systems
The scope will include both an external penetration assessment as well as an internal vulnerability review of the SCADA and control systems involved with water and hydroelectric production, ice rink maintenance, and certain building automation systems.
The vendor will identify vulnerabilities and potential exploits. Once identified a determination will be made if and how any vulnerabilities should be verified or exploited.
External penetration work for the different network phases can be combined under one operation as long as reporting is separate. The reporting will include one executive summary (all phases combined OK), detailed technical reports for each phase, and prioritized recommendations for near and long term security improvements for each phase.
2) City Technology Profile
a) Core City Network ? the City network provides voice and data services to 350
Customers in 25 Departments.
b) Wireless Network ? The current wireless network is implemented in 17 of the 25 City
facilities providing 802.11b and 802.11g connectivity. We currently use 37 Cisco 1242AG access points. We have created a "guest" wireless connected to a separate Comcast Internet service. A RFP was issued in August 2015 for the replacement of our
2
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- city of aspen address
- city of aspen building department
- city of aspen government
- city of aspen parks department
- city of aspen police
- importance of local government pdf
- government procurement checklist
- functions of local government pdf
- government procurement contracts
- us government procurement website
- ministry of local government seychelles
- indiana department of local government finance