Browse
Search
2024-308-E-IT Dept-Trustedsec-Penetration testing and cybersecurity consulting
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2020's
>
2024
>
2024-308-E-IT Dept-Trustedsec-Penetration testing and cybersecurity consulting
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/5/2024 8:42:32 AM
Creation date
6/5/2024 8:42:19 AM
Metadata
Fields
Template:
Contract
Date
5/30/2024
Contract Starting Date
5/30/2024
Contract Ending Date
5/31/2024
Contract Document Type
Contract
Amount
$21,500.00
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
41
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Orange County North Carolina <br />TrustedSec Confidential <br /> <br /> 10 <br /> <br />1.3.4 Remote Retest & Attestation Reporting <br />Once testing is complete, Orange County North Carolina can remediate identified issues. <br />Once the identified findings have been remediated, Orange County North Carolina can <br />request a scheduled retest of critical and high-risk findings for external penetration and <br />web application testing to confirm successful remediation. This covers one (1) retest of only <br />the externally facing critical and high-risk findings. All testing will be done remotely against <br />the hosts defined in-scope. Internal or on-site remediation testing is considered out of <br />scope, unless additional testing is provisioned in the SOW. TrustedSec will issue an in-depth <br />letter that attests to the scope of testing, and that Orange County North Carolina has <br />performed due diligence, from an Information Security standpoint, by engaging an <br />experienced, trusted, and independent third-party to evaluate the security of the network <br />environment. All testing will be done remotely against externally facing hosts, as defined <br />above. If on-site retesting is to occur, a new SOW must be prepared. All retest work will be <br />completed within sixty (60) days of the issuance of the initial draft report. <br />1.3.5 Remote Penetration Testing <br />The TrustedSec Attack Platform (TAP) device is a custom solution developed at TrustedSec <br />to perform remote Penetration Testing for clients. TrustedSec has the ability to quickly <br />deploy these remote devices, which can be connected at any point of the network, <br />establishing a secure tunnel back to the TrustedSec headquarters. This device allows <br />TrustedSec to perform internal penetration tests without requiring consultants to be on- <br />site. This helps to not only reduce travel expenses, but decreases the burden on consultant <br />travel, and allows additional consultants to join and collaborate on the assessment. <br /> <br />This system was developed internally by TrustedSec and has been improved extensively <br />over the years. The device is preconfigured with all the tools that consultants are <br />accustomed to using during an assessment. This option is highly recommended for remote <br />locations, travel cost reductions, long-term contracts, and more. The TAP device can <br />perform internal Penetration Testing services, incident response, and wireless <br />assessments. <br /> <br />Note: The TAP device must be returned to TrustedSec within four (4) weeks of report <br />delivery. Failure to do so will result in a fee of $1,500. <br /> <br /> <br />DocuSign Envelope ID: AFDC1276-5BF5-4129-B1DC-BCD00B65C8BC
The URL can be used to link to this page
Your browser does not support the video tag.