• Managed Security Operations: o Transition from an internally managed cybersecurity approach to a fully managed ecosystem. 1. 24/7 Security Operations Center (SOC): 24/7 comprehensive managed SOC ▪ Real-Time Analytics that provide data-driven insights into security threats and enable a proactive approach by identifying patterns and potential risks. 2. Threat Intelligence: Detection and Response ▪ Integrating real-time threat data from global security databases. Identification of emerging threats to stay ahead of attackers. ▪ Automated Detection and Response ▪ IT/OT related tailored security policies ▪ Compliance Management – by assisting in the audit preparation to ensure regulatory compliance and adherence to industry standards ▪ Immediate Incident Response in case of a security breach ▪ Minimal operation disruption and damage, and keeping business running smoothly. 3. Vulnerability Management 4. General Compliance Support 5. Advanced Tools: SIEM, IDS/IPS or similar detection and Prevention 6. Continuous Monitoring: Round-the-clock surveillance of IT infrastructure to detect suspicious activities. 7. Scalability:Scalable cybersecurity solutions that help COD to protect its digital assets and meet compliance requirements effectively. • Technology Services & Tools • Log Sources o Workstations + Servers (physical and virtual) = 4500 active computer accounts o Domain Controllers = 5 o Firewalls = ~25-30 • Centralized Systems (count as one device each) o EDR Tool = 0 o VPN = 3 (1 Cisco, 2 Netmotion) o SaaS Tools (0365, G-Suite, email security, other) = 2 (365, Proofpoint)(Hosted FTP service is being used that could be considered for DLP) o Azure Cloud o IDS/IPS and FIM o SCADA (30 Servers, 60 SCADA WS, 6 Mgmt Servers) . • Incident Response and Remediation: Handle common incidents (e.g., account resets, system containment) and support for complex incidents. o Annual Table Top Excercises • Vulnerability Management: Comprehensive management, EDR, assessments, and remediation against SLAs. o Ensure vulnerabilities are clearly assigned to appropriate departments (such as engineering, infrastructure, and help desk) and remediated against SLAs • Threat Intelligence: Quarterly threat hunting and annual penetration tests. • Compliance & Audits: Ensure adherence to NIST frameworks and perform quarterly IAM and privileged user audits. • CISA, CJIS adherence • Communication: Interact via phone, text, email, and virtual meetings. • Offer roadmap advisory, policy maintenance, and creation. Facilitate quarterly reviews and board-ready report generation. • Risk Management and Advisory • Provide comprehensive risk management strategies and conduct annual tabletop exercises. • Dedicated personnel for internal consultations. • Operational Excellence • Effective incident remediation and vulnerability management. • Proactive threat hunting and regular security reviews. • Respond to inbound reports from all sources to triage and redirect to appropriate teams. • Review and evaluate all third requests against appropriate risk and security management best practices. • Protection of City of Denton Data in transit and at rest under care
