County to Assess Information Security Posture, Identify Security Risks

A Central Texas county is soliciting requests for proposals (RFPs) to provide a security assessment of key systems to assess its information security posture and to identify existing and emerging potential security risks.

The county aims to ensure that a security risk management methodology is followed consistently and that the appropriate information security controls are implemented in its information security architecture.

The Bexar County project includes an external penetration test to pinpoint open services and vulnerabilities in hosts exposed to the Internet, and an internal penetration test to pinpoint open services and vulnerabilities in hosts on the county’s internal networks.

A social engineering campaign is planned to use email-based social engineering techniques to mimic past and current phishing attempts. And a review of Azure Government Cloud and Microsoft 365 security configurations will perform an operational security review of Bexar County’s Azure configuration to ensure that security industry best practices are being followed and that deployed controls are operating at optimal efficiency.

The external penetration test extends to 30 IP addresses across Bexar County external networks, and the internal portion of the assessment will entail review of approximately 8,000 internal network connected systems.

The social engineering test will use a single scenario email phishing campaign to target 4,500 Bexar County employees. And the configuration review will evaluate Bexar County’s two Azure and Microsoft 365 tenants with approximately 5,000 licenses in bexar.org.

Proposals are due by 8 a.m. Oct. 7. The county will not accept proposals by telephone, fax or email unless specifically authorized. Electronic submission via the supplier portal is preferred, but hard copies will be accepted along with a digital copy.

The contact person is Sana Amanullah, Bexar County Purchasing Department.