Specifications include, but are not limited to: Proposer must offer cybersecurity training services and materials that address one or more of the specific subjects within this general area of knowledge, and that are continuously updated by Proposer to remain up to date, accurate, and in alignment with applicable regulatory requirements and best practices. Subjects within this general area of knowledge include but are not limited to: 1. Cybersecurity Awareness Month Training and Materials. The State desirestraining and materials specific to the annual Cybersecurity Awareness Month, consistent with current CISA and State of Oregon initiatives. Proposer should ensure that annual content is current, and that it will provide to multi and/or enterprise-wide organizations with time for the organizations to review before disseminating materials. 2. Technical security training. The State desires technical security training services and materials, customizable to suit Authorized Purchaser’sspecific requirements and industry context. Materials and sessions should be scalable to accommodate Authorized Purchaser’s staff size, growth or reduction in the workforce, and changing technical needs over time. 2.1. Services should include tools and reports to measure the effectiveness of the technical training offerings and provide detailed reporting on effectivenessto Authorized Purchaser. 3. Regulation-specific education. The State desires information security training and materials on specific regulatory frameworks, such as: 3.1. The Health Insurance Portability and Accountability Act (HIPAA). 3.2. Payment Card Industry (PCI) standards. 3.3. The Family Education Rights and Privacy Act (FERPA).
