|
|
|
|
|
|
|
|
|
Meeting Date:
|
1/17/2024 - 5:30 PM
|
|
Category:
|
INFORMATION TECHNOLOGY
|
|
Type:
|
Action
|
|
Subject:
|
14.2 Penetration Testing – 2023-2024 School Year - BMB Consulting LLC
|
|
District Goals:
|
|
|
Enclosure
|
|
|
File Attachment:
|
|
|
Rationale:
|
Information Technology Department – GML 104B
BMB Consulting LLC (GSA Highly Adaptive Cybersecurity (HACS) Contract # 47QTCA22D0030) $54,950.00
Term – February 1, 2024 – June 30, 2024
Total Amount Not to Exceed – $54,950.00
Account Number – 450-5164-100000-2630-B2300 (2023-2024 Contractual)
Scope – The District is seeking to conduct both an Internal and External Penetration Test (“Pen Test”) of the District’s network. These tests evaluate the capabilities of external forces to compromise internal and external network devices, systems and services. The tests will assess the District’s overall network security posture with the end goal of identifying applications, systems and network potential vulnerabilities. Additionally, the testing will identify any gaps in IT security governance, assessment of patching methodologies, current network security capabilities and potential existing security incidents. The Pen Test and reporting will be based on the National Institute of Standards and Technology (NIST) control 800-53 (Security and Privacy Controls for Information Systems and Organizations). The objective of the testing is to provide feedback to the District regarding its ability to preserve the confidentiality, integrity, availability and security of the information maintained. Annual Penetration Testing has been recommended by the District’s Internal Auditors.
|
|
Funding:
|
450-5164-100000-2630-B2300 (2023-2024 Contractual)
|
|
Resolution:
|
WHEREAS the District is seeking perform Internal and External Penetration Tests (“Pen Test”) for the 2023 – 2024 school year, and,
WHEREAS The objective of the assessment is to provide feedback to the District regarding its ability to preserve the confidentiality, integrity, availability and security of the information maintained in the 2023-2024 school year, and,
WHEREAS this testing will be based on the National Institute of Standards and Technology (NIST) control 800-53 (Security and Privacy Controls for Information Systems and Organizations).
NOW THEREFORE BE IT RESOLVED: That the Yonkers Public Schools issue a purchase order to BMB Consulting LLC (GSA Highly Adaptive Cybersecurity (HACS) Contract # 47QTCA22D0030), in the amount of $54,950.00 for both Internal and External Penetration Testing.
|
|
Approvals:
|
|
Recommended By:
|
|
Signed By:
|
|
|
Christopher Carvalho - Director
|
|
|
Signed By:
|
|
|
Dr. Fenix Arias - Manager of Administration
|
|
|
Signed By:
|
|
|
Bob Cacace - Commissioner
|
|
|
Signed By:
|
|
|
Cheryl Green - Deputy Commissioner Dept. of Information Technology
|
|
|
Signed By:
|
|
|
Tom Collich - Purchasing Director
|
|
|
Signed By:
|
|
|
Finance Department - Finance Reviewer
|
|
|
Signed By:
|
|
|
Elizabeth Janocha - Deputy Commissioner
|
|
|
Signed By:
|
|
|
John Liszewski - Commissioner
|
|
|
Signed By:
|
|
|
Matthew Gallagher - Corporation Counsel
|
|
|
Signed By:
|
|
|
Dr. Luis Rodriguez - Interim Superintendent of Schools
|
|
|
|
|
Vote Results:
|
| Original Motion | Member Lawrence Sykes Moved, Member Sheila Greenwald seconded to approve the Original motion 'WHEREAS the District is seeking perform Internal and External Penetration Tests (“Pen Test”) for the 2023 – 2024 school year, and,
WHEREAS The objective of the assessment is to provide feedback to the District regarding its ability to preserve the confidentiality, integrity, availability and security of the information maintained in the 2023-2024 school year, and,
WHEREAS this testing will be based on the National Institute of Standards and Technology (NIST) control 800-53 (Security and Privacy Controls for Information Systems and Organizations).
NOW THEREFORE BE IT RESOLVED: That the Yonkers Public Schools issue a purchase order to BMB Consulting LLC (GSA Highly Adaptive Cybersecurity (HACS) Contract # 47QTCA22D0030), in the amount of $54,950.00 for both Internal and External Penetration Testing.'. Upon a Roll-Call Vote being taken, the vote was: Aye: 7 Nay: 0. | | The motion Carried 7 - 0 | | | | | Rev. Steve Lopez | Yes | | Kevin Cacace | Yes | | Gail Burns | Yes | | Sheila Greenwald | Yes | | Amjed Kuri | Yes | | Rosemarie Linton | Yes | | Lawrence Sykes | Yes | |
|
|
|
|
|
|
|