Scope of work - IT Security Services - CISM/CISSP certified

Deliver the scope of work defined below:

CARBON BLACK

The management of the Endpoint Detection and Response (EDR) system shall minimally include and not limited to the following:

- Administration of Carbon Black EDR servers configuration

- Checking and recommend for new threat intelligence feeds

- Administration of Carbon Black configuration sensor group

- Administration of user account

- Management of EDR agents in servers

- Generation of reports

The current EDR system is Carbon Black EDR. The above mentioned scope of work shall apply in the event of a change in the product.

TREND MICRO / TRELLIX

The management of the Server Anti-Virus System in GDC and in HPB HQ shall minimally include and not limited to the following:

- To administrate Trend Micro Deep Security Manager

- To administrate the active update from TrendMicro update server

- To administrate of updates to the agents

- To administrate virtual patching

- To add/remove agents under monitoring

- To manage the Virtual Patching feature in the servers

- To manage the configuration of policies and the deployment of these policies

- To generate weekly report to agency

The current the Server Anti-Virus System in HPB is Trend Micro Deep Security. The abovementioned scope of work shall apply in the event of a change in the product.

IMPERVA

The management of the Imperva in shall minimally include and not limited to the following:

- To administrate Imperva SecureSphere, Imperva Data Risk Analytics

- To administrate of update gateways, management servers

- To administrate of updates to the agents

- To administrate patching

- To add/remove agents under monitoring

- To manage the configuration of policies and the deployment of these policies

- To generate daily/weekly/monthly report to agency

ARCSIGHT

The management of the ArcSight in shall minimally include and not limited to the following:

- To administrate Imperva ArcSight LMS

- To administrate of updates to the agents

- To administrate patching

- To add/remove agents under monitoring

- To manage the configuration of policies and the deployment of these policies

- To generate daily/weekly/monthly report to agency

IT Configuration Management

- Periodically review IT asset inventory (hardware, software, network equipment, network attached equipment and end-points) records maintained and updated by Client appointed Asset Officer.

- Maintain oversight and review the Obsolescence at System Family Level.

- Prepare and submit report to Client

- Incident Management

- Lead investigation and resolution of Security incident

- Conduct root cause analysis and recommend improvement solution for recurrent incident to Client.

IT Security Management

- Schedule security scan for identified systems according to policies and verify all vulnerability rectifications are satisfactorily performed.

- Conduct Security Review on System Access and administration patterns weekly, and report unusual or suspicious activities, if any, to client.

- Track, mitigate and deploy patch security vulnerabilities accordingly to the stipulated timeline. Maintain oversight and submit reports on monthly basis.

- Escalate and/or seek Client’s acceptance and approval of assessed risks.

- Manage and administer any security monitoring tools including splunk, arcsight, EDR are addon advantage.

IT Security Compliance & QA Management

- Ensure compliance status of the Systems adheres to applicable standards, polices, directives and guidelines.

- Review weekly/monthly account review based on the requirements.

- Review weekly/monthly log review based on the requirements.

- Declare, review and report compliance status to head office annually.

- During audit exercise, work with stakeholders to provide responses and evidence to auditors or compliance related declarations.