VILLAGE OF ORLAND PARK - File #: 2015-0403

• File #: 2015-0403
• Version: 1
• Name: Village Information Technology Security Audit - Proposal
• Type: MOTION
• Status: PASSED
• File created: 6/29/2015
• In control: Board of Trustees
• On agenda: 7/20/2015
• Final action: 7/20/2015
• Title: Village Information Technology Security Audit - Proposal

Date	Ver.	Action By	Action	Result
7/20/2015	1	Board of Trustees
7/7/2015	1	Finance Department	INTRODUCED TO BOARD
7/6/2015	0	Finance and Information Technology Committee	RECOMMENDED FOR APPROVAL	Pass
6/29/2015	0	Finance Department	INTRODUCED TO COMMITTEE

Title

Village Information Technology Security Audit - Proposal

History

As part of an ongoing effort to assess various security measures in the Village, staff has budgeted to have an outside agency perform an Information Technology Security audit. The proposed audit will include various facets of technology infrastructure and will cover all Village departments, as each computer, mobile device and network node can be a point of vulnerability. In addition, the use of credit cards, storage of personal and sensitive information, and access to various State agency networks lends itself to have Village IT related systems validated as being secure.

Staff has engaged three firms specializing in Information Security to submit proposals for these auditing services.  The firms were requested to base their proposals on IT assets itemized by staff, the review of existing Village IT policies and procedures, and the examination of internal and external threats outside the scope of day to day operations.  The proposals were also to include interviews with departments in order to understand any distinct IT related security concerns that departments may have.

The proposed IT Security Audit was categorized into four sections in order to better review each proposal. The categories include:

1.                     Review of Wireless Networked Systems

2.                     Information Security Risk Assessment

3.                     Internal Network Vulnerabilities

4.                     External Network Vulnerability and Penetration Testing

As part of the auditing services, executive level reports will be issued detailing any potential vulnerability. In addition, the reports will prioritize any items that need to be addressed and provide remediation recommendations on any security issues found.  Staff can then use these reports as a guideline to either immediately resolve issues or to use as recommendations in future planning.

Staff reviewed proposals from the following firms:
1. Sentinel Technologies of Downers Grove, Illinois

2. 403 Labs, a division of Sikich LLP, Naperville, Illinois

3. SWC Technology Partners, Oak Brook, Illinois

After an internal review of applied services and costs, staff is recommending 403 Labs, a division of Sikich LLP of Naperville, Illinois to execute an Information Technology Security Audit for the Village. Due to the sensitivity of this item, details of the Village IT related platforms that will be covered were intentionally left out of this agenda item. Should you require additional information, please do not hesitate to contact Norm Johnsonfor details.  A breakdown of proposal costs is attached.

On July 6, 2015, this item was reviewed and approved by the Finance Committee and referred to the Board for approval.

Financial Impact

Funds are available in the 2015 fiscal year budget for these services. Funds will be divided between internal department funds where appropriate.

Recommended Action/Motion

I move to approve the proposal for an Information Technology Security Audit from 403 Labs, a division of Sikich LLC, of Naperville, Illinois, in an amount not to exceed $41,000.