Specifications include, but are not limited to: • Provide a profile of the organization and threat modeling available to potential attackers • Identify systems and key assets exposed to attackers • Enumeration of vulnerabilities present on systems • Provide recommendations for protecting key county assets • Identify areas where sensitive information is exposed as a result of exploitation, information leakage, and/or Social Engineering • Provide understanding of the effectiveness of current defensive mechanisms and attack detection methodologies • Provide an in-depth understanding of discovered vulnerabilities and repercussions, via exploit attempts, where applicable • Provide recommendations for remediation of the identified practices and/or exposures based on the above testing.