The NSW Government Chief Information Security Officer with the NSW Department of Finance, Services and Innovation has released a Request For Tender (RFT 10022501) seeking a risk appetite framework, community consequences assessment in the event of a significant cyber security incident or cyber security crisis and a half-day functional exercise to be held in June 2019.
The RFT outlines the project scope as:
- Development of risk appetite framework model template and guiding instructions that can be used as a resource by the NSW Government Chief Information Security Officer (GCISO) and be provided to stakeholders (both at request and in specific awareness sessions facilitate by the GCISO). The production of a risk appetite model framework is sought within four weeks from engagement.
- Production of an assessment that describes the consequences for the NSW community if a significant cyber security incident or cyber security crisis were to occur that impacted NSW Government systems or state owned critical infrastructure.The assessment will need to identify recovery steps required to assist the community with recovery after the event. The assessment is to focus on the community consequences and recovery requirements from a cyber security incident impacting NSW Government systems or state owned critical infrastructure.
- A functional half day exercise is to be conducted in June 2019 with planning and preparation for the exercise to be conducted over eight weeks prior to the exercise. A post exercise report will be completed within two weeks after the exercise.
RFT closes 8 April 2019 and is available via https://tenders.nsw.gov.au
