Specifications include, but are not limited to: 1Security Monitoring Service •Security information and event management (SIEM) solution, with 24x7x365 monitoring and notification services provided by asecurity operations center (SOC).•A formal process for the maintenance, monitoring, and analysis of audit logs.•Alarm collection from deployed sensors.•Sensor profiling and base lining.•Develop correlation rules that trigger an alert for suspicious activity and/or security violations.•Provide reporting on security events and alerts.•Continuous monitoring of the SIEM application and triage outage, failure, negative trends or anomalies.2Troubleshoot and Initiate Corrective Action•Begin problem diagnoses based upon SLA of trouble notification. •Alert City staff of security event.•Help identify root cause and provide findings report.•Work directly with City staff to resolve issues related to identified security events.•When requested, provide advanced support for troubleshooting highly complex security incidents until resolution and remediation is complete.•Provide post-incident forensic support.3Security and Compliance Reporting•Automated compliance reporting that can be leveraged for periodic audits.•Provide use-case specific reporting as requested (PCI compliance, Firewall events, etc.).4Vulnerability Scanning and Penetration Testing •Perform penetration testing of City’s network at least once per year. •Perform vulnerability scanning of the City’s network resources at least twice per year. •Provide findings and mitigation steps to resolve security vulnerabilities. 5Quarterly Security Health Reviews•Participate in quarterly reviews covering the City’s overall security plan and overall system health.•Summary of month-to-monthsecurity health comparisons.•Review of security successes and failures.•Provide solutions to identified failures.•Recommend security best practices.
