TOWN STAFF REPORT RECCOMENDATIONS
title
Consider approving Resolution 23-60 authorizing the expenditure of budgeted funds for Inspira Enterprises to conduct an Information Technology Security Assessment and develop an IT Security Strategy and Roadmap; and take appropriate action (Jason Power, Director of Information Technology)
body
STAFF: Jason Power, Information Technology Director
BACKGROUND:
The Town of Westlake has received quotes from five vendors to provide an independent and impartial assessment of our network security and cyber defense capabilities as part of our effort to assess and improve organizational cyber resilience and preparedness. After careful review, staff recommends that the Council approve expending budgeted funds for a security assessment and a security strategy and roadmap deliverable with Inspira Enterprise. Inspira quoted the fixed-cost price for a 5-week cybersecurity program assessment at $25,000, with 50% due at the signing of the Statement of Work (contract) and the final 50% due at the delivery of the Final Report (final deliverables).
Inspira recommends starting with a current state maturity and IT security capabilities assessment that will provide an understanding of The Town of Westlake’s cybersecurity posture, identify high-impact and high-risk opportunities for immediate action, a target state of maturity based on The Town’s specific organizational risks and requirements, and development of both short and long-term focused enterprise-wide IT Security Strategy and Roadmap deliverable.
The assessment shall be performed against:
• National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)
• Service Organizational Control (SOC 2)
For a period of up to five (5) weeks, Inspira will leverage a team of experts to provide professional services to complete the identified activities and deliver a roadmap of recommendations resulting from any identified findings.
Further Background:
Staff received quotes from the following companies:
1) Birch Cline - Penetration testing, analysis and reporting - $24,900.
2) EIQ / SilverSky - EIQ - Purchasing audit $0; Silversky - Penetration testing, analysis, and reporting - $23,852.
3) Inspira Enterprises - $25,000
4) Tangent - Penetration testing, analysis and reporting - $7,500.
5) Versa Trust - Penetration testing, analysis and reporting - under $30,000.
Quotes and information provided from each are attached.
Birch Cline, Tangent and Versa Trust provided quotes for penetration testing services, analysis and reporting of the findings, as well as suggestions for next steps.
SilverSky provided a quote for penetration testing, analysis and reporting. A separate service would be provided by EIQ for analysis of purchasing across the entire organization at no initial cost. Some caveats to this are that the Town and Academy would need to provide all purchasing records to EIQ for them to store and maintain, and all future purchases would need to be made through EIQ without bidding or using contracted pricing from approved cooperatives.
Inspira Enterprises will provide penetration testing, analysis, and reporting of findings, as well as provide a security strategy and roadmap for moving forward with recommended changes, policies and procedures. Staff feel that this is the best overall option to pursue, and the cost is comparable to most of the other quotes received.
FISCAL IMPACT:
Quoted amount is $25,000 and is within the FY24 budgeted amount of $30,000 for the project.
STAFF RECOMMENDATION:
Staff recommends approving the expenditure of budgeted funds for Inspira Enterprises to conduct an Information Technology Security Assessment and develop an IT Security Strategy and Roadmap.
ATTACHMENT(S):
1) Birch Cline proposal
2) EIQ / SilverSky proposal
3) Inspira Enterprises proposal
4) Tangent proposal
5) Versa Trust proposal
6) Resolution 23-60
TOWN COUNCIL ACTION/OPTIONS:
7) Motion to approve
8) Motion to amend with the following stipulations (please state stipulations in motion)
9) Motion to table
10) Motion to deny