Title
Village Information Technology Security Audit - Proposal
History
As part of an ongoing effort to assess various security measures in the Village, staff has budgeted to have an outside agency perform an Information Technology Security audit. The proposed audit will include various facets of technology infrastructure and will cover all Village departments, as each computer, mobile device and network node can be a point of vulnerability. In addition, the use of credit cards, storage of personal and sensitive information, and access to various State agency networks lends itself to have Village IT related systems validated as being secure.
Staff has engaged three firms specializing in Information Security to submit proposals for these auditing services. The firms were requested to base their proposals on IT assets itemized by staff, the review of existing Village IT policies and procedures, and the examination of internal and external threats outside the scope of day to day operations. The proposals were also to include interviews with departments in order to understand any distinct IT related security concerns that departments may have.
The proposed IT Security Audit was categorized into four sections in order to better review each proposal. The categories include:
1. Review of Wireless Networked Systems
2. Information Security Risk Assessment
3. Internal Network Vulnerabilities
4. External Network Vulnerability and Penetration Testing
As part of the auditing services, executive level reports will be issued detailing any potential vulnerability. In addition, the reports will prioritize any items that need to be addressed and provide remediation recommendations on any security issues found. Staff can then use these reports as a guideline to either immediately resolve issues or to use as recommendations in future planning.
Staff reviewed proposals from the following firms:
1. Sentinel Technologies of Downers Grove, Illinois
2. 403 Labs, a division ...
Click here for full text