My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2024-125
CBCC
>
Official Documents
>
2020's
>
2024
>
2024-125
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/11/2024 10:59:33 AM
Creation date
7/11/2024 10:58:35 AM
Metadata
Fields
Template:
Official Documents
Official Document Type
Miscellaneous
Approved Date
06/18/2024
Control Number
2024-125
Agenda Item Number
8.E.
Entity Name
OTM Cyber
Subject
911 Cybersecurity Services
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
13
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
A TRUE COPY <br />CERTIFICATION ON LAST PAGE <br />RYAN L. BUTLER, CLERK <br />e. CyberBox®(es) must be returned to OTM CYBER within 14 days of the end of service <br />term. End of service may be the end of the service term, end of a trial period, or other <br />reason for termination. CyberBox®(es) can be mailed to OTM CYBER offices. <br />f. Customer Security Program. Customer acknowledges that it will provide the following <br />controls, tools, and processes to directly support the OTM CYBER Services, and that <br />failure to do so may impact OTM CYBER's ability to perform the Services effectively: <br />i. - A written governance, risk and compliance (GRC) policy or policies, approved <br />by a Senior Officer or equivalent, setting forth customer's policies and <br />procedures for the protection of its information systems and nonpublic <br />information stored on those information systems (aka "Cybersecurity Policy"); <br />ii. -A written Incident Response Action Plan (I RAP) that is exercised and/or <br />practiced with key scenario driven evaluations (i.e., tabletop exercises) on at <br />least an annual basis; <br />iii. - Designate two or more employees, executives, or agents who will respond to <br />any security alerts and take recommended actions to mitigate harm to customer's <br />network; and, <br />iv. - Although not required, it is recommended that each customer conducts a <br />periodic risk and vulnerability assessment (RVA) to address changes to <br />information systems, nonpublic information, and/or business operations. The risk <br />and vulnerability assessment should allow for revision of controls to respond to <br />technological developments and evolving threats. <br />g. Customer Incident Response and Remediation. Customer will be responsible for <br />determining and undertaking or arranging for the undertaking of any action(s) in response <br />to a security alert or report. <br />h. Customer Contacts. Customer will appoint in writing a primary and alternate technical - <br />level employee or agent to act as the primary contact person for all technical <br />communication between the customer and OTM CYBER related to the Services. <br />Customer will also designate a managerial -level contact person. <br />i. Network Change Notification. Customer will immediately inform OTM CYBER of any <br />physical change to the customer network. <br />j. Other Customer Obligations. Customer will be solely responsible for ensuring that it is not <br />subject to contractual obligations materially affecting the implementation or use of the <br />OTM CYBER Services. <br />12. Service Limitations. The following Services limitations and disclaimers apply: <br />a. Services provide information to customer to enable customer to better assess security <br />threats and take appropriate action. Although some OTM CYBER Optimized Threat <br />
The URL can be used to link to this page
Your browser does not support the video tag.