Posted Date : April 20,2022
Product (RFP/RFQ/RFI/Solicitation/Tender/Bid Etc.) ID : ACCT-13828
Government Authority located in South Dakota; USA based organization looking for expert vendor for security risk audit services.
[A] Budget: Looking for Proposals
[B] Scope of Service:
(1) Vendor needs to provide security risk audit services to the government authority located in South Dakota.
- Information Technology Security Policy is to provide a comprehensive set of cyber security policies detailing the acceptable practices for use of State IT resources. The security policies and procedures set forth are to accomplish the following:
• Assure proper implementation of security controls within the BIT environment.
• Assure government data is protected regardless of hosting location.
• Demonstrate commitment and support to the implementation of security measures by BIT and Executive management.
• Avoid litigation by documenting acceptable use of State IT resources.
• Achieve consistent and complete security across the diverse technology infrastructure of the State and hosted State data.
- Deliver Valuable Services at Economical Costs.
Develop innovative and cost-effective solutions through collaboration, cooperation, and in partnership with our clients. The solution sets include developing customized business solutions, efficient project management services, and productive relationships with clients.
- Security is not accomplished at a single point or by a single individual! (Or in a single point in time!)
Instead of relying on one person or a firewall or anti-virus software or some other single piece of hardware or software, a series of assets and entities together build a safe computing environment. Technically, a layered approach is taken to accomplish security within the State which is called the Information Technology (IT) Security Model. A foundation is established; additional layers may build on the previous layer or may also act independently to provide separate security measures. Each point of accessibility into the wired and wireless network creates security concerns. Security is not limited to technology. A critical portion of cyber security is the human aspect.
- User Education involves the training of employees to ensure that proper awareness is brought to the topic of security including steps to take when incidents occur that are outside of the scope of the daily work routine.
• Physical Access is taking appropriate steps to physically safeguard technical equipment such as outlining procedures to prevent workstations from being stolen which can include limiting access to a particular room or locking up the device in a cabinet.
• Network Access includes protecting the State Network from unauthorized access via internal methods and from outside our physical offices. Because technology can be manipulated by individuals or workstations to create a detrimental outcome.
- The Commissioner of the Bureau of Information & Telecommunications for the State is responsible for ensuring that:
• Reasonable security measures are taken to protect sensitive files and information.
• Enforceable security rules are created and disseminated.
• System resources are managed and monitored to ensure prudent and legitimate usage.
• Alleged security violations are addressed and problems are investigated.
• Designated individuals are responsible for design, configuration, and support of technology resources.
• Employees and Contractors are responsible for:
• Taking the time to read, understand, and ask questions if necessary to clarify the policies defined herein.
• Fully adhering to these policies defined herein.
• Agreeing that use of State technologies which includes equipment, applications, and resources are for work-related purposes.
• Applying recommended password policies.
• Safeguarding sensitive information whether employee / contractor is in the office or traveling for the State.
• Reporting any unusual requests for information or obvious security incidents to the BIT Service Desk.
- Security topics included are
workstation, server, network, applications development, mobile, administrative, operational, and other IT areas.
- Chief Information Security Officer: -
• Enforcing the provisions of the Information Technology Security Policy.
• Providing for and implementing, in cooperation with the Data Center, Development, and
Telecommunications Divisions of BIT, a written process to investigate any violations or potential violations of this policy or any policy regarding system security and integrity, individually or in cooperation with any appropriate State law enforcement or investigative official.
• Implementing training and education programs to ensure government employees are aware of the risks and expected behaviors towards cyber security.
• Keeping a record of system integrity problems and incidents.
• Maintaining and updating th
[C] Eligibility:
- Onshore (USA Organization Only);
[D] Work Performance:
Performance of the work will be Offsite. Vendor needs to carry work in their office location.
Budget :
Deadline to Submit Proposals: May 05,2022
Cost to Download This RFP/RFQ/RFI/Solicitation/Tender/Bid Document : 5 US$
Product (RFP/RFQ/RFI/Solicitation/Tender/Bid Etc.) ID : ACCT-13828
Government Authority located in South Dakota; USA based organization looking for expert vendor for security risk audit services.
[A] Budget: Looking for Proposals
[B] Scope of Service:
(1) Vendor needs to provide security risk audit services to the government authority located in South Dakota.
- Information Technology Security Policy is to provide a comprehensive set of cyber security policies detailing the acceptable practices for use of State IT resources. The security policies and procedures set forth are to accomplish the following:
• Assure proper implementation of security controls within the BIT environment.
• Assure government data is protected regardless of hosting location.
• Demonstrate commitment and support to the implementation of security measures by BIT and Executive management.
• Avoid litigation by documenting acceptable use of State IT resources.
• Achieve consistent and complete security across the diverse technology infrastructure of the State and hosted State data.
- Deliver Valuable Services at Economical Costs.
Develop innovative and cost-effective solutions through collaboration, cooperation, and in partnership with our clients. The solution sets include developing customized business solutions, efficient project management services, and productive relationships with clients.
- Security is not accomplished at a single point or by a single individual! (Or in a single point in time!)
Instead of relying on one person or a firewall or anti-virus software or some other single piece of hardware or software, a series of assets and entities together build a safe computing environment. Technically, a layered approach is taken to accomplish security within the State which is called the Information Technology (IT) Security Model. A foundation is established; additional layers may build on the previous layer or may also act independently to provide separate security measures. Each point of accessibility into the wired and wireless network creates security concerns. Security is not limited to technology. A critical portion of cyber security is the human aspect.
- User Education involves the training of employees to ensure that proper awareness is brought to the topic of security including steps to take when incidents occur that are outside of the scope of the daily work routine.
• Physical Access is taking appropriate steps to physically safeguard technical equipment such as outlining procedures to prevent workstations from being stolen which can include limiting access to a particular room or locking up the device in a cabinet.
• Network Access includes protecting the State Network from unauthorized access via internal methods and from outside our physical offices. Because technology can be manipulated by individuals or workstations to create a detrimental outcome.
- The Commissioner of the Bureau of Information & Telecommunications for the State is responsible for ensuring that:
• Reasonable security measures are taken to protect sensitive files and information.
• Enforceable security rules are created and disseminated.
• System resources are managed and monitored to ensure prudent and legitimate usage.
• Alleged security violations are addressed and problems are investigated.
• Designated individuals are responsible for design, configuration, and support of technology resources.
• Employees and Contractors are responsible for:
• Taking the time to read, understand, and ask questions if necessary to clarify the policies defined herein.
• Fully adhering to these policies defined herein.
• Agreeing that use of State technologies which includes equipment, applications, and resources are for work-related purposes.
• Applying recommended password policies.
• Safeguarding sensitive information whether employee / contractor is in the office or traveling for the State.
• Reporting any unusual requests for information or obvious security incidents to the BIT Service Desk.
- Security topics included are
workstation, server, network, applications development, mobile, administrative, operational, and other IT areas.
- Chief Information Security Officer: -
• Enforcing the provisions of the Information Technology Security Policy.
• Providing for and implementing, in cooperation with the Data Center, Development, and
Telecommunications Divisions of BIT, a written process to investigate any violations or potential violations of this policy or any policy regarding system security and integrity, individually or in cooperation with any appropriate State law enforcement or investigative official.
• Implementing training and education programs to ensure government employees are aware of the risks and expected behaviors towards cyber security.
• Keeping a record of system integrity problems and incidents.
• Maintaining and updating th
[C] Eligibility:
- Onshore (USA Organization Only);
[D] Work Performance:
Performance of the work will be Offsite. Vendor needs to carry work in their office location.
Budget :
Deadline to Submit Proposals: May 05,2022
Cost to Download This RFP/RFQ/RFI/Solicitation/Tender/Bid Document : 5 US$