Opportunity

The Organisation is seeking responses to this RFT for the provision of Managed Security Service Provider (MSSP) - Security Operations Centre Services. The details for the provision of Managed Security Service Provider (MSSP) - Security Operations Centre are fully outlined in Part A.2 – Specifications.

Term of Proposed Contract

The Agreement will be for a two-year period, with the option of an additional one year.

Background

The cyber threat landscape is evolving rapidly, and protecting against potential cyberattacks requires rapid monitoring and response. The longer that a cybersecurity incident goes before it is remediated, the greater the potential damage and expense to the organisation. Addressing these threats is the responsibility of an organisation’s Security Operations Centre (SOC). A SOC should provide round-the-clock monitoring for cyber threats and the ability to engage immediately in incident response. A SOC is responsible for an organisation’s overarching cybersecurity, including prevention and incident response (IR). By its very nature, a SOC plays a crucial role in an organisation’s compliance and risk management strategy.

The Department of Transport and Planning (DTP) has a need, as indicated in the Security Operations Centre (SOC) Strategy to have a DTP-owned Security Information and Event Management (SIEM) platform to provide security incident event management. This functionality includes log collection, monitoring, threat detection, alerting, incident response, attack surface management, business governance and reporting security incidents. DTP has selected Microsoft Sentinel as their SIEM tool and currently in the process of building a SOC capability.

DTP has selected a Hybrid SOC to operate and maintain the DTP-owned SIEM tool (Microsoft Sentinel) as per the SOC Strategy. A Hybrid SOC is a combination of in-house security engineers/analysts and an external Managed Security Service Provider (MSSP). A Hybrid SOC allows DTP to maintain ownership of technology and data contained within the SIEM, provides flexibility in future technology decisions, and avoids vendor lock-in. It also allows for reducing CAPEX costs and upskilling DTP security teams to conduct advanced security functions. DTP has already defined a Target State Operating Model for their Hybrid Security Operations Centre (SOC) and plans to procure, implement, and operate a Hybrid SOC with assistance from a Managed Security Service Provider (MSSP) to achieve the following objectives:

• Establish 24x7x365 monitoring security of business assets, including the network, users, and systems.
• Establish effective and efficient alert triage and incident response capabilities through a Hybrid SOC.
• Discover the physical and digital assets, systems, risks, and vulnerabilities of the organisation’s environment.
• Establish threat detection, including identifying anomalies, and threat-hunting capabilities utilising SIEM tools and techniques.
• Facilitate incident analysis, assessing the severity of the threat, and the impact it may have on the organisation to formulate an appropriate response.
• Facilitate post-incident review to gather information about attack patterns and techniques, to assess the need for more monitoring rules.
• Support DTP in cybersecurity standards and policy compliance.
• Build a robust cybersecurity posture by automating response against foreseeable or unexpected cyberattacks.
• Facilitate excellent return on investment through cost avoidance, time saved, and improved reaction time.

Briefings

Supplier Briefing Session - Virtual – Microsoft Teams 

A briefing session will be held on 11 November 2024 04:31 pm.

Notes: Pre-registration is required to attend the briefing session. Each tenderer is allowed a maximum of two attendees. To register, please send an email to ICT.Procurement@transport.vic.gov.au, including the procurement title, the tenderer’s name, and the names and email addresses of each attendee.  Supplier Briefing will be held via Virtual Microsoft Teams.

Registration closes on 8 November 2024 04:31 pm