Quotation are invited for Consulting Services for Cybersecurity Incident Response Plan Review for the University of Pretoria. Objectives/Scope of this RFQ The scope of the Cybersecurity Assurance Project would be to engage a Vendor/Partner to assist UP ITS to support, review and update the CSIRT and CIRPs to a level of Best Practices. This would include, at the least, the following activities: Assess the UP ITS cybersecurity landscape (technologies deployed), including the following outputs: Technology Risk Assessment from the cyber response perspective. Recommend tools and technologies for effective CSIRT operations. Gap analysis, and Best practice response capability. Document an updated CSIRT, including the following outputs: The CSIRT gaps, Forming a Response Team (CSIRT) to be made up of UP ITS staff and an external panel, where the CSIRT and the panel would consist of UP ITS staff, UP service providers, and/or other suggested experts based on the type of Incident. Create a clear process for identifying, managing, and responding to security incidents. Provide a structure for the CSIRT team, including personnel requirements, training needs, and escalation processes. Documenting the ITS CSIRT Capability Gaps recommendations plan. Document an updated CIRP including the outputs below: Develop a comprehensive Incident Response Plan (IRP) that outlines detailed processes for identifying, analysing, responding to, and recovering from cybersecurity incidents. The plan should be aligned with cybersecurity frameworks such as the NIST Cybersecurity Framework, ensuring that it incorporates the Identify, Protect, Detect, Respond, Recover (IPDRR) model. Integration with the organizations existing IT systems and infrastructure. Define procedures for maintaining and testing the IRP, including periodic review and updates. The CIRP gaps. Documenting Incident Response Plans based on capability and gaps and by incident type (page 5). Documenting the ITS Response Capability Gaps recommendations plan. Design and conduct a tabletop exercise to test the organizations readiness and response capabilities to a cybersecurity incident. The exercise should simulate realistic cybersecurity scenarios and involve key stakeholders from the CSIRT, IT, legal, compliance, and management teams. Assess the organizations ability to detect, respond to, and recover from an incident, identifying potential gaps or areas for improvement. Provide a post-exercise report with observations, recommendations, and areas requiring further improvement. Ensure the tabletop exercise incorporates a variety of incident types, including but not limited to ransomware attacks, data breaches, and insider threats. Panel of Services The CIRP is to recommend a Panel of Companies and/or experts, made up of current and/or external Vendors as dependent on the type of Incident to assist UP in dealing with network and/or computer security incidents such as large-scale computer/ server intrusions, large scale virus outbreaks, and other unacceptable events that threaten an organizations operation, effectiveness, reputation, and its more tangible assets. This could include recommending the optimum set of security technologies and tools for the various major incidents. The Panel (CSIRT) is to be engaged on an SLA basis and to work hand-in-hand with the UPExecutive management, managers, legal counsel, human resources, Information Technology staff, and other entities, to ensure a proper handling of the Incident throughout its lifespan. This would include and is not limited to: Emergency Incident Response (EIR) Incident Response and Network Forensics Malware Forensics Malware Reverse Engineering Digital Forensics Litigation support Electronic evidence discovery Expert witness support Tender Link : http://tender.up.ac.za/default.aspx
