Cyber Security Ransomware Training & Business Continuity Preparedness
Tender ID: 579769
Tender Details
Tender Description
This Tender is invited by the Issuer.
DCCEEW has established an Information and Communication Technology (ICT) internal division following the successful migration of services and systems from over the past eighteen months. Part of this development is the review and assessment for cyber security vulnerabilities across the Department on behalf of the Department and its related stakeholders.
As a result of a current assessment being conducted, there has been a risk identified regarding ransomware and the lack of awareness, training and business continuity preparedness.
Seller to provide a two-phased approach to design and facilitate a cyber focused ransomware exercise (exercise 1 and 2) to be facilitated by an industry Business Continuity Planning (BCP) expert. To facilitate an exercise with the Department’s ICT Division to ensure the division understands its ICT capabilities and limitations and can ensure adequate people awareness and training of the processes in event that this occurs.
The second exercise will be focused on the ability of the DCCEEW leadership team to deal with critical systems or data not being available, government and public communications, ministerial interactions, legal ramifications (ACSC, Privacy, International Obligations etc), staff communications and welfare due to loss of key systems in hostile environments (on Ice), restoration of operations and interactions with other agencies etc. Another major component of this is how the executive work and communicate key issues.
DCCEEW systems hold personal, sensitive, and high-value value data, including bespoke applications, on-premises infrastructure and SaaS systems. The successful seller will work with DCCEEW stakeholders to design exercises to determine which systems should be included and how best to establish business continuity because of such an attack. Therefore, the primary objectives are to enhance the Department's incident response and business continuity capabilities and improve awareness and knowledge.
The successful seller will identify ways to achieve this in pragmatic and programmatic way by:
1. explore the understanding and capability of DCCEEW when identifying, responding, and managing a cyber security event that targets portfolio systems.
2. Identify the extent to which the department could operate with major systems.
3. Assist in informing the review of Business Impact Assessments and Disaster Recovery Planning of outages.
Therefore, seller must develop a working plan for DCCEEW to achieve these outcomes.
Location
New South Wales : Central West : Far North Coast : Far West : Hunter : Illawarra : Mid North Coast : Murray : New England : Orana : Riverina : Southern Highlands : Sydney
Queensland : Cairns & Far North Queensland : Gladstone : Mackay Whitsunday Region : Mount Isa & North West Region : Rockhampton : South East Queensland : South West & Darling Downs : The Central West : Townsville : Wide Bay Burnett
Victoria : Barwon South West : Gippsland : Grampians : Hume : Loddon Mallee : Melbourne
South Australia : Adelaide : Eyre & Western : Far North : Fleurieu & Kangaroo Island : Limestone Coast : Murray & Mallee : York & Mid North
Northern Territory : Barkly : Big Rivers : Central Australia : East Arnhem : Greater Darwin : Top End
Australian Capital Territory
Tasmania
