Specifications include, but are not limited to: 1. THREAT AND VULNERABILITY MANAGEMENT OF HOSTING ENVIRONMENT – Services to include but not be limited to: vulnerability scanning of server and network devices conducted on a quarterly basis. Results shall be analyzed and recommendations provided by the Contractor on remediation of critical and high rated findings. 2. CHIEF INFORMATION SECURITY OFFICER (CISO) AS A SERVICE – Provide CISO as a Service for security overview services and recommendations to the County for up to twelve (12) hours per month. Specific areas to include: review of file scans, Qualys external vulnerability scans and security audit reports. 3. SECURITY OPERATIONS – Provide leadership for security incidents involving assets of the County. Advise the County on new and emergent threats the County should be aware of. A presentation of the new and emergent threats shall be provided to the County every quarter.
