cover
TO: Mayor Richard C. Irvin
FROM: Michael R. Pegues, Chief Information Officer
Leela Karumuri, Manager IT Risk & Compliance
DATE: October 7, 2019
SUBJECT:
Request for Approval for Project Change Orders to Append Approved resolution 19-175 dated June 11, 2019 for IT Risk Assessment by Data Defenders in an amount not to exceed $54,000.
PURPOSE:
Due to the increase in current threat activities and ransomware attacks against municipalities around the country and the major financial losses incurred (i.e. Atlanta, Baltimore, etc.), the City's Cybersecurity team is recommending additional external penetration testing and an extension of the Incident Response Plan that was initially approved by council.
This objective will strengthen and increase the level of security and protective countermeasures for our information systems and critical infrastructure used within the City of Aurora government.
BACKGROUND:
This CHANGE ORDER #1 - EXTERNAL PENETRATION TESTING
Definition: External penetration testing is a practice that assesses the externally facing assets for an organization. During an external penetration test, the assessor attempts to enter the internal network by leveraging vulnerabilities discovered on the external assets.
Data Defenders per industry standards will conduct the necessary penetration testing to develop its final report and out-briefs.
External Network Penetration Testing Scope of Work (SOW) will include the following tasks:
Intelligence Gathering:
The information-gathering phase of network penetration testing methodology consists of service enumeration, network mapping, banner reconnaissance and more. Host and service discovery efforts results in a compiled list of all accessible systems and their respective services with the goal of obtaining as much information about the systems as possible.
Host and service discovery includes initial domain foot printing, live host detection, service enumeration and operating system and applica...
Click here for full text