Specifications include, but are not limited to: computer-based cybersecurity awareness training solution that will serve as the foundation for the County’s cybersecurity education and awareness program. This enterprise program is intended to reach about 18,000-20,000 County employees, contractors, volunteers, and other outside entities that comprise the County’s workforce. A series of employee focus groups were conducted in 2017 to evaluate various online training materials, methodologies, and approaches to develop the requirements. The need is for browser-based training and a Learning Management System (LMS) that can be administered by the US Cybersecurity Team. The vendor and proposed system shall have a demonstrated record of successful implementations and comply with all applicable standards, rules, regulations and guidelines whether federal, state or local. General cybersecurity courses are needed to give end users the information and skills to avoid, prevent, recognize, report and deal with a variety of threats. Phishing is the main threat users will likely face, but other social engineering, malware, malicious websites, infections from external devices (USB storage etc.) are also likely risks for end users. This effort will continue to provide annual general cybersecurity training for employees, as well as expand to specific cybersecurity courses based on an employee’s job requirements, role, leadership position,system privileges, and/or access to controlled information. Options for future courses for privacy and compliance needs of end users and system administrators are also part of this project. There is flexibility in the requirements on length of courses.
