Cybersecurity & Information Security Services The Portfolio Action Tracker (PAT) is a transparency tool that can be used to monitor and review the real-time status of NASPO ValuePoint portfolios. Click here to view Status

Cyber Security and Information Security Services Master Agreements will allow state end users access to critical proactive and reactive Cybersecurity and Information Security Services.

Category 1 – Risk Assessment and Mitigation Services

Category 2 – Incident Response Services

Category 3 – Breach Coach Services

Category 4 – Notification and Credit Monitoring Services

CATEGORY 1 – Risk Assessment and Mitigation Services

Risk assessment and mitigation services: professional services that help organizations identify potential risks, evaluate their likelihood and impact, and then develop strategies to minimize or eliminate those risks, essentially protecting the organization's assets and ensuring business continuity by proactively addressing potential threats; it involves both analyzing potential dangers and taking proactive steps to manage them effectively. 

• Risk identification: Identifying potential hazards and threats that could affect the organization, including internal and external factors. 
• Risk analysis: Evaluating the likelihood and severity of each identified risk, often using qualitative or quantitative methods. 
• Risk prioritization: Ranking risks based on their potential impact and likelihood of guiding mitigation efforts. 
• Mitigation strategy development: Creating actionable plans to address each identified risk, including preventive measures, contingency plans, and risk transfer options. 
• Implementation and monitoring: Putting mitigation strategies into practice and regularly reviewing their effectiveness to adapt to changing circumstances. 

CATEGORY 2 - INCIDENT RESPONSE SERVICES

All incident response services must be carried out by trained experts and meet all legal standards. Incident response services assist organizations in detecting, containing, and mitigating damage from cybersecurity breaches or attacks, essentially providing a rapid response to security incidents to minimize harm and restore system functionality when a threat occurs; they aim to identify, analyze, and address security issues quickly, while also learning from past incidents to improve future preventative measures. 

Key points about incident response services:

• Function: When a security breach happens, the incident response team is activated to manage the situation, including isolating the threat, investigating its origin, and taking steps to prevent further damage. 
• Benefits:

1. Expertise: Access to specialized cybersecurity professionals who can handle complex threats. 

1. Rapid response: Quick identification and containment of incidents, minimizing potential damage. 

1. Improved security posture: Analysis of incidents to identify vulnerabilities and implement preventative measures. 

• Typical services:

1. Threat detection and analysis 

1. Incident containment and eradication 

1. Data recovery and restoration 

1. Forensics investigation 

1. Post-incident reporting and improvement planning

CATEGORY 3 – BREACH COACH SERVICES

Data breach coaching services involve specialized guidance and support for businesses experiencing or at risk of a cybersecurity incident, offered to help navigate the incident response process and mitigate potential damages. Please note: Any and all legal services on behalf of the Purchasing Entity must be approved by Purchasing Entity at the time the Work Order is executed, some Purchasing Entities may require additional internal approval of any outside legal services.

CATEGORY 4 - NOTIFICATION AND CREDIT MONITORING SERVICES

Call Center, Credit Monitoring Identity Theft Monitoring, Notification services