a. Enhance Cybersecurity Practices: o Implement best practices for cybersecurity. o Develop strategies to help the city become more self-sufficient in managing cybersecurity. o Assist in transitioning the city's domain from .org to .gov, ensuring compliance with federal requirements and enhancing the security and credibility of online services. o Provide support for the seamless transition of DNS records to ensure no disruption to city services during the domain switch. b. Cybersecurity Training and Compliance: o Ensure compliance with state cybersecurity and privacy requirements. o Recommend and implement training programs, including state-supplied KnowB4. o Utilize and implement SentinelOne, as supplied by the state. c. Endpoint Protection: o Deploy antivirus, anti-malware, and encryption to secure all city computers, laptops, mobile devices, and other endpoints d. Firewall and Intrusion Detection: o Install and manage firewalls and intrusion detection/prevention systems to defend against cyberattacks. e. Data Encryption: o Ensure the encryption of sensitive communications, files, and data, especially on mobile devices and laptops. f. Multi Factor Authentication (MFA): o Implement MFA across city systems and applications to enhance security. g. Security Monitoring: o Provide 24/7 real-time network monitoring for cyber threats and suspicious activity. h. Incident Response and Recovery: o Develop and execute incident response plans, including strategies for data breaches and recovery procedures. i. Vulnerability Assessments and Penetration Testing: o Conduct regular assessments to identify and address security vulnerabilities within the city's IT infrastructure. j. Security Policies and Procedures: o Collaborate with the Privacy Officer to establish and enforce policies for data protection, incident response, password management, etc. o Assist the city in managing cyber liability insurance requirements.
