The URL can be used to link to this page

Home My WebLink About05(G) - Resolution Approving Information Security Risk Assessment ReportMinnesota Security Consortium - MNSec Bringing Information Security to Local Minnesota Governments Page 1 of 4 80 South Eighth Street Suite 900, Minneapolis, MN 55402 www.mnsec.org Information Security Risk Assessment and Policy Development Services - 2024 Statement of Work Prepared for Prior Lake March 8, 2024 Minnesota Security Consortium - MNSec Bringing Information Security to Local Minnesota Governments Page 2 of 4 80 South Eighth Street Suite 900, Minneapolis, MN 55402 www.mnsec.org Introduction / Purpose: Traditionally only very large organizations could afford to hire and maintain a CISO (a Chief Information Security Officer) as part of their executive management team. However, now each City/City can take advantage of a consortium wide vCISO and now get the benefits of a highly trained and experienced cybersecurity expert for the unique needs of your local government organization. Our vCISOs constantly keep current on new and emerging threats as well as new and emerging security techniques that work best for local government organizations. Minnesota local governments have needed this for a long time, and we are pleased to offer this as an affordable non-profit consortium service to qualifying entities. The purpose of the Information Security Assessment conducted by the Minnesota Security Consortium (MNSec) is to establish a baseline risk analysis of the city, and its various departments. This will be a high-level risk assessment and provide a security roadmap that can then be used for an ongoing information security program in the future. This will also aid the IT Department in budgeting matters in the future security items. Scope of Work: MNSec and the City would immediately start working on following items, with an intense focus on tasks in the first two months: • Quantitative NIST based Information Security Risk Assessment • Analysis interviews of key city personnel and department heads • Development of Information Security Policies & Procedures • Internal & External Vulnerability Scans for the Risk Assessment • A Full comprehensive Report will be issued at the conclusion of the project as well as an Executive Summary • A Second re-assessment within 3 months of the start of the project to demonstrate improvement, especially in the policy areas Our vCISO is extremely skilled at getting the city the most cost-effective remediation solutions, giving the city the biggest benefit for their valuable taxpayer dollars. There is a very real threat to local government information systems, and cybersecurity is very important. You may very well have other compliancy considerations such as PCI, HIPAA, PII, CJIS, etc. Minnesota Security Consortium - MNSec Bringing Information Security to Local Minnesota Governments Page 3 of 4 80 South Eighth Street Suite 900, Minneapolis, MN 55402 www.mnsec.org Location and Time of Work: Work will be performed remotely from the Minnesota Security Consortium (MNSec) offices as well as onsite when needed to perform some of vCISO and/or Assessment work. Onsite work will generally be performed during normal City business hours. Project Start Date: TBD 2024 Project End Date: TBD 2024 Payment Fees, Terms and Schedule: Item Fee Risk Assessment and Policy Development $12,000 Second 3-month updated Risk Assessment and Reports (No extra cost) $0 Total Project Cost $12,000 Invoices are issued at the beginning of each month and are expected to be paid by the end of the month as the month’s services are completed. Invoices are issues with NET 30 Day Terms, and subject to a 1.5% late fee, per month, after 30 Days from invoice date. Minnesota Security Consortium - MNSec Bringing Information Security to Local Minnesota Governments Page 4 of 4 80 South Eighth Street Suite 900, Minneapolis, MN 55402 www.mnsec.org Authorization of Project: By signing below, the city of Prior Lake agrees to this Statement of Work to be performed by the Minnesota Security Consortium (MNSec). Any mutually agreed upon changes shall be amended in writing as an Addendum to this Statement of Work. Date: ________________ Date: ________________ ______________________________ Dimitrios Hilton, Chief Information Security Officer Minnesota Security Consortium (MNSec) dhilton@mnsec.org ______________________________ Representative City of Prior Lake Minnesota Security Consortium 80 South Eighth Street #900 Minneapolis, MN 55402 City of Prior Lake 4646 Dakota Street SE Prior Lake, MN 55372