The Scope of work for the Consultancy shall comprise of:
i. Performing a Gap Assessment of TMRC’s existing infrastructure with respect to globally accepted cybersecurity standards and best practices:
- Review & Identify gaps with respect to Cyber Security/Resilience Framework (gaps assessment).
- Perform a comprehensive vulnerability assessment and penetration testing as part of gap analysis using standard tools.
- Discuss with management existing gaps in infrastructure, architecture, process and systems.
- Review the existing processes, procedures, and systems for their adequacy and efficiency.
- Identify gaps in TMRC’s Cyber threat detection mechanisms.
- Recommend controls required to mitigate the gaps.
ii. Creating an Assessment Report based on the gap analysis above including, but not limited to:
- An executive summary with objectives, scope, background, summary of findings, and recommendations
Identification of TMRC’s cybersecurity maturity gaps. - Recommendations for eliminating, or mitigating, security risks and increasing cybersecurity maturity levels.
- Summary of areas reviewed/examined along with the methodologies/procedures used.
- Recommendations on industry standards, security frameworks / best practices to mitigate and bridge the gaps.
- Current Maturity level of the organization and desired level of maturity.
- List of key initiatives/ Projects that must be undertaken to achieve the desired maturity level.
- Implementation roadmap of remediations to reach the target maturity.
iii. Develop a Policy and Process for cybersecurity
- Develop a policy and a process manual for cybersecurity for TMRC.
- Provide training to TMRC staff on cybersecurity.