8c Memo Security Information and Event Management System Authorization
COMMISSION AGENDA MEMORANDUM Item No. 8c ACTION ITEM Date of Meeting January 12, 2021 DATE: December 18, 2020 TO: Stephen P. Metruck, Executive Director FROM: Ron Jimerson, Director of Information Security SUBJECT: Security Information and Event Management System Contract Authorization (Short Form) Contract Amount: $1,000,000 ACTION REQUESTED Request Commission authorization for the Executive Director to execute a contract for a Security Information and Event Management System (SIEM) in an amount not-to-exceed $1,000,000 for a term of five years. SUMMARY SIEM systems are a cornerstone for a solid information security program. These critical tools automate the monitoring of on-premise and cloud-based application event logs looking for suspect security events and alerting analysts for additional investigation. Our current SIEM, procured and implemented in 2011 does not have the features that support automation, data collection, and event management necessary to keep up with the capabilities of modern cyber security tactics. A security event, initiated by a malicious actor, could end with the exfiltration of data, damaging of reputation, and loss of revenue. A mature SIEM will better enable us to identify a threat and stop it. This request will provide authorization to contract with a firm, selected through a competitive procurement, for a SIEM product or service for a five-year term. Project staff will work with the Diversity in Contracting Department to determine if a direct women- and minority-owned business enterprise (WMBE) aspirational goal should be assigned. Typically, subcontracting opportunities under technology projects are limited. A small capital project will be utilized for implementation of the new system. No funds are authorized as part of this request. Annual costs will be budgeted in the Information Security Operating Budget. There are no attachments to this memo. Template revised April 12, 2018.
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.