About the Client
Seward County Community College (SCCC) is a two-year institution offering 45 programs, including Adult Basic Education, certificate programs and associate of arts, associate of science, general studies, and applied sciences degrees. Ranked in the top 5% of more than 1,100 accredited community colleges in the US by the Aspen Institute, SCCC serves a student body of 2,500+ students ranging in age from 15 to 85, in a county with the highest foreign-born percentage population in the US, and a rural service area of about 50,997 in seven Southwest Kansas counties and a five-state region.
SCCC has deeply invested in their Network and Security and s highly focused on innovation and delivering enhanced services through data-driven decisions. The strategic team at SCCC had planned for a long time to partner with a network Managed and Cybersecurity services provider that will be responsible for maintaining their Network and Cybersecurity operations and help them re-visit existing security structure and re-envision the strategic goals.
For this, SCCC rolled out an RFP in July 2020 to find a qualified vendor to perform remote network management and security operation center (SOC) services. Upon award, the vendor will perform a gap analysis to determine the current state of the ””” ’college’s infrastructure. The analysis should include specifying pre-requisites a estimated timeframes for milestones or achievements in bringing network operations up to a baseline secure state. The analysis will incorporate best practices as published by NIST and FFIEC with respect to statutory guidance in GLBA, GRDP, and CCPA.
After rigorous review and assessment, SCCC awarded the RFP to OculusIT in September 2020 for three years.
The scope of work includes, but is not limited to:
- Threat Monitoring
- Review all security device data feeds, analytical systems, sensor platforms, output from networked systems
- The analysis includes searches of both open source and closed source intelligence sources, monitoring ,possible attacker communication channels, sandboxing, manual malware analysis, and other tasks useful to enriching the context of known events and identifying zero-day events.
- During analysis and investigation, any security event that is determined to be malicious and may pose a threat to the security of information systems would automatically enter the security Incident Response process.
- 24×7 Attack Monitoring/ Event Monitoring
- Call escalating for analysis, mitigation & plan implementation
- Identify threats from log alerts, IDS/IPS, firewalls, and other network devices
- Comprehensive reporting
- Access to 18 months of incident details
- Threat Protection
- Proactively inform about potential security threats/vulnerabilities and new global security threats/ zero-day attacks in circulation. Suggest and implement suitable countermeasures to safeguard IT assets and customer data against such evolving threats/ attacks along with the analysis.
- 24x7x365 monitoring of the devices/ servers /applications under scope and support for troubleshooting. As part of the response, the OculusIT will provide a detailed process for managing incidents – describing each phase of the process (prepare, identify, contain, eradicate, recover, and learn) from the incidents responded to.
- Provide detection and protection against zero-day and targeted attacks, including advanced malware (trojan, virus, worm), APT (Advanced Persistent Threats)
- OculusIT will provide timely notification and escalation of threats, anomalies, and suspicious security events along with details of events and recommendations to mitigate the risk.
- Firewall Management
- Configuration, device provisioning, deployment, upgrades, and patch management
- Tuning and configuration management
- Event monitoring and analysis
- Maintenance, backup, and recovery
- Analysis and response to firewall security and health events
- Monthly, Quarterly, and Annual reporting
- Incident Response
- Investigating Information Security (IS) incidents through various modes like forensic evidence collection & preservation, log analysis, incident and problem management, resolution, root cause analysis, reporting, etc.
- OculusIT will make eradication strategy recommendations, and once a strategy is approved, the vendor may be responsible for executing all, part, or assisting SCCC in resolving.
- OculusIT will monitor the recovery from information security incidents and provide status updates as affected systems are brought back online.
- OculusIT will recommend changes to college policy, process, or technology to prevent or more quickly detect similar incidents in the future. Depending on the scope of the incident, the vendor may need to provide root cause or lessons learned meetings to provide information about the incident.
- Alerts be provided to the college on security violations, viruses, worms, malware, and any other suspicious security activity
- Analyze and store security events from networks, hosts, and critical applications
- 24×7 logginglogging of attacks and security events
- Blocking of malicious activity
- Contain any threats
- Security and compliance reporting
- Propose modifications to tune out false-positive events.
- Network Management
- Device health monitoring (interface errors, CPU/memory utilization, etc.)
- Troubleshooting hardware issues (errors on interfaces, CRC, Collisions, etc.)
- Responding to alarms from the Network Management Systems. (Bandwidth utilization, Latency, Up/Down, CRC)
- SNMP monitoring and reporting
- Trending and historical reporting of monitored devices
- Configuration management, monthly backup of configuration files in routers, firewalls, and switches
- Internet Health and Connectivity with monitoring and support
- QoS performance-related issues troubleshooting support
- Functional changes, including firewall rules, NAT, static route changes, etc.
- On a monthly and annual basis, provide EOL/EOS notifications for -, including a recommendation for replacement products with an estimated cost of replacement-attached equipment, and a recommendation for replacement products with an estimated replacement price.
- Engineering Support
- Configuration, testing, and pre-engineering support.
- Network Architecture Review and Gap findings.
- Review individual devices for configuration, firmware, and security practices andassist in fixing the gaps.
- Facilitate upgrades and enhancements with rollout programs and technical support.
OculusIT™ is a global, managed IT and cloud services company that, together with its technology partners, serves more than 600 colleges and universities. Headquartered in Chicago, OculusIT™ has a delivery network and operations across North America and globally.
For further information, please visit www.oculusit.com
Disclaimer: OculusIT is not a partner, affiliate nor does an agency relationship exist between Ellucian®, Banner®, or Colleague®. OculusIT does not develop, market, or distribute these products or services, nor do these companies endorse the products or services of OculusIT.