NSW Govt gets ready to face cyber incidents

GCISO is looking for providers for three cyber security related projects

The NSW Government is looking for cyber security specialists able to assess the impacts of cyber incident affecting its IT systems and infrastructure.

An expression of interest (EoI) has been published by the Department of Finance, Services and Innovation (DFSI) covering three projects to be performed through the NSW Government Chief Information Security Officer (GCISO).

One of the projects is an assessment focusing on the community consequences and recovery requirements from a cyber security incident impacting NSW Government systems or state owned critical infrastructure.

The assessment, which is to be carried out for a period of eight weeks, needs to also identify recovery steps required to assist the community with recovery after the event. 

The EoI documents made it clear that this is not a risk assessment of "current cyber security threats in NSW Government".   

Another project is the development of a risk appetite framework model template and guiding instructions that can be used as a resource by the NSW GCISO and be provided to stakeholders, which is required to be completed within four weeks.

And lastly, the GCISO is also looking for a provider able to conduct a half day exercise in June 2019 with planning and preparation for the exercise to be conducted over eight weeks prior to the exercise. Also a post exercise report is to be completed within two weeks after the exercise. The entire contract is for a 10-weeks period.

All planning, logistics, venue hire, facilitation, scenario writing and post evaluation report are also to be provided by the vendor or partner conducting the training.

The evaluation criteria will be 50 per cent price related and the other 50 per cent non-price related.

Potential tenderers should have proven capability and experience in delivering goods and or services similar to services being requested; provide an example to demonstrate the capability, experience and reliability in the successful provision of cyber security services, resources and reporting capability.

Submissions are currently being accepted and close on the morning of 8 April.