DOE requires the engagement of Cyber Security specialists on an ‘as needs’ basis to perform packages of work that assist the Department complete the following Cyber Security capability uplift activities across three (3) defined workstreams as follows;

 • PREVENT WORKSTREAM

• Cyber Security Awareness – Ensure all DoE personnel have an awareness of the threats posed by Cyber Attack actors and the role of all staff student and community to ensure that important information is protected. Awareness activities will leverage the materials developed by Cyber Security NSW and tailor these to the DoE context to drive culture change across diverse workforce in offices, in schools (teachers and students) and school communities. Activities will also include boosting awareness of DoE specific policies and requirements.

• Cyber Security Testing – Implement vulnerability scanning tools, Phishing Simulation, Internal and external scanning to allow hardening of the DoE environment to cyber threats. DoE testing will also use insights provided by Cyber Security NSW via their vulnerability scanning centre and analyse these across the DoE internal environment. The complex environment of legacy systems and innovative technology across DoE requires detailed assessment and ongoing vulnerability management.

• Cyber Security Governance –ensure cyber security is embedded at the core of decision making across DoE.

• DETECT WORK STREAM

Detect uplift has the following streams:

• Procedures - to define environmental context for security threat detection and adhere to compliance requirements

• Centralised tools – Multiple tools to improve the coverage and provide broader threat coverage by collating, categorising and summarising the flow of traffic through DoE

• Monitoring and Detection – Implement a cohesive suite of tools to allow constant 24/7 monitoring of the DoE environment to uplift the ability to detect a wide range of suspicious behaviour in the DoE environment and alert or respond automatically to protect systems and information.

• RESPOND WORKSTREAM

Respond uplift has the following streams:

• Cyber Incident Management – to have a clear and widely understood framework and process so that security incidents can be effectively and efficiently managed. Run regular exercises to test the response process.

• Response – to have the capability, tools and offensive countermeasures to rapidly respond to cyber security incidents by containing, blocking and remediating cyber security events and risks.

Forensic Investigations – to rapidly pin-point the root cause of security incidents and stop the spread/minimise the impact across DoE. DoE also supports investigations and evidence for NSW Cyber Crime.

The scope of the required services includes but is not limited to:

•             Security Policy and Standards compliance uplift;
•             Product and Security Testing;
•             Uplift SIEM and SOAR capabilities;
•             Uplift Essential Eight controls;
•             Platform specialist services;
•             Environment & Network Vulnerability services;
•             Security Design and Deployment; and
•             Uplift of Cyber Security Policy controls.