REPORT TO THE CITY COUNCIL
May 25, 2017
FROM: BRUCE RUDD, City Manager
BY: BRYON HORN, Chief Information Officer
Information Services Department
SUBJECT
Title
Approve Consultant Services Agreement with Optiv Security Inc. in an amount not to exceed $60,000 for an information security assessment focused on identifying information security threats and vulnerabilities.
Body
RECOMMENDATION
It is recommended that Council approve the Consultant Services Agreement between the City of Fresno (City) and Optiv Security Inc. (Optiv). The agreement provides for services to perform a comprehensive perimeter and internal penetration test. The cost of the service will not exceed $60,000. In accordance with Administrative Order 3-1, the services are being priced from a cooperative purchase agreement, California Multiple Award Schedules (CMAS).
EXECUTIVE SUMMARY
Cyber security is becoming more complex and prevalent in our daily lives. The Information Services Department (ISD) is responsible for protecting all of the City's information systems and data. During January 2015, an initial security assessment was performed by Accuvant, Inc., (Accuvant) which contained several recommendations for implementing a more protective, yet business-aligned security program for the City. The Accuvant assessment gave an outside perspective and compared the City's security standards with industry standards. In that assessment, Accuvant recommended that the City conduct a penetration test to ensure the City's cyber health. In the Single Audit report which was conducted by Brown Armstrong as part of the CAFR, it was also recommended that the City conduct annual penetration tests.
Penetration tests are considered best practice and are generally completed each year by a qualified third party. The specialized expertise and established procedures and proven tests of an unassociated qualified third party company offers an unbiased and more real world example of an attempt...
Click here for full text