Title
a. Authorize the Chief Information Officer to execute a non-Standard Agreement with Black Hills Information Security, LLC for network security evaluation for the term of January 9, 2024, through June 30, 2024, in an amount not to exceed $37,760; and
b. Authorize the Chief Information Officer or his designee to execute order forms and such documents as necessary with Black Hills Information Security, LLC; and
c. Accept non-standard contract provisions as recommended by the Chief Information Officer or his designee; and
d. Authorize the Chief Information Officer or his designee the option to execute up to two (2) future amendments to this Agreement, each extending the term by one year, where the additional costs of each Amendment do not exceed 10% ($3,776) of the original contract amount of $37,760, bringing the maximum additional compensation to $41,536 for each additional term and potential overall Agreement aggregate not to exceed amount to $120,832.
Report
RECOMMENDATION:
It is recommended that the Board of Supervisors:
a. Authorize the Chief Information Officer to execute a non-Standard Agreement with Black Hills Information Security, LLC for network security evaluation for the term of January 9, 2024, through June 30, 2024, in an amount not to exceed $37,760; and
b. Authorize the Chief Information Officer or his designee to execute order forms and such documents as necessary with Black Hills Information Security, LLC; and
c. Accept non-standard contract provisions as recommended by the Chief Information Officer or his designee; and
d. Authorize the Chief Information Officer or his designee the option to execute up to two (2) future amendments to this Agreement, each extending the term by one year, where the additional costs of each Amendment do not exceed 10% ($3,776) of the original contract amount of $37,760, bringing the maximum additional compensation to $41,536 for each additional term and potential overall Agreement aggregate not to exceed amount to $120,832.
SUMMARY:
The Information Technology Department is vigilant in its pursuit of protecting the County’s network from cyber-attacks. This agreement will assist in that mission with a penetration test. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of found security weaknesses, and their testing is performed carefully so that there is no business interruption.
DISCUSSION:
Black Hills Information Security, LLC services include threat and vulnerability assessments. Their penetration testing is designed to identify and focus an organization on key points of leverage to create the largest impact on security with the least cost and effort. They will be able to identify issues and tell the county how they found them. This approach will give the county more information to secure its environment better and is a key to lasting improvement. It addresses the county’s tools and technology and improves the capabilities and understanding of its employee's cyber activities.
The Chief Information Officer recommends the approval of this non-Standard Agreement with Black Hills Information Security, LLC for network security evaluation.
OTHER AGENCY INVOLVEMENT:
County Counsel has reviewed and approved the non-Standard Agreement with Black Hills Information Security, LLC. Auditor-Controller reviewed the contract but did not agree to the non-standard payment provisions.
FINANCING:
Required funds will be included in each respective Recommended Budget for the Information Technology Department, ITD 1930, Appropriations Unit INF002.
BOARD OF SUPERVISORS STRATEGIC INITIATIVES:
The Board’s approval of the recommended agreement will assist in the overall security of the County’s network.
__Economic Development
__Administration
__Health & Human Services
X Infrastructure
__Public Safety
Prepared by: Teresa Meister, Management Analyst II, 759-6938
Approved by:
__________________________ Date:____________________
Eric A. Chatham, Chief Information Officer, 759-6920
Attachments:
Non-Standard Agreement
Scope of Work