Specifications include, but are not limited to: Complete a HIPAA, CJIS, PII, Elections, 911, PCI, Gap Analysis and best practice review. Data discovery and classification including data and process flow discovery. Security controls analysis for systems, and processes that store or process sensitive information using NIST Cybersecurity Framework. Comprehensive systems security assessment including data and process flow discovery and aspects of cyber resilience to ransomware events. Information Security policy, standard, and procedure assessment. Internal network vulnerability assessment. Identification, prioritization, and measurement of criticality for security vulnerabilities. Risk assessment for the systems and processes that store or process sensitive information including a Gap analysis and best practice review of existing Nye County security controls, policies, and procedures. Remediation to the assessment findings will be performed with coordination of Nye County IT staff to set risk-based priority objectives. Development of policies and procedures to form the basis of a security program within Nye County, based on findings during the assessment, and provided back in the format of Nye County standard policies.
