The Scope of work for the Consultancy shall comprise of:
i. Performing a Gap Assessment of TMRC’s existing infrastructure with respect to globally accepted cybersecurity standards and best practices:

  • Review & Identify gaps with respect to Cyber Security/Resilience Framework (gaps assessment).
  • Perform a comprehensive vulnerability assessment and penetration testing as part of gap analysis using standard tools.
  • Discuss with management existing gaps in infrastructure, architecture, process and systems.
  • Review the existing processes, procedures, and systems for their adequacy and efficiency.
  • Identify gaps in TMRC’s Cyber threat detection mechanisms.
  • Recommend controls required to mitigate the gaps.

ii. Creating an Assessment Report based on the gap analysis above including, but not limited to:

  • An executive summary with objectives, scope, background, summary of findings, and recommendations
    Identification of TMRC’s cybersecurity maturity gaps.
  • Recommendations for eliminating, or mitigating, security risks and increasing cybersecurity maturity levels.
  • Summary of areas reviewed/examined along with the methodologies/procedures used.
  • Recommendations on industry standards, security frameworks / best practices to mitigate and bridge the gaps.
  • Current Maturity level of the organization and desired level of maturity.
  • List of key initiatives/ Projects that must be undertaken to achieve the desired maturity level.
  • Implementation roadmap of remediations to reach the target maturity.

iii. Develop a Policy and Process for cybersecurity

  • Develop a policy and a process manual for cybersecurity for TMRC.
  • Provide training to TMRC staff on cybersecurity.