Project and Services. Breach Response & Forensics Service (the “Service”) Service Summary The aim of the Service is to provide the Customer with access to skilled security professionals that will help guide the Customer through a cyber incident. The Service is provided on a retainer basis in order assist the Customer in case of a cyber incident, that may require an Incident Response. Features of the Service include: • 24/7 hotline to the skilled security professionals (telephone number to be provided to Customer following purchase); • A range of services for effective and efficient incident handling, including but are not limited to: o Forensic image capture and analysis of system storage; o Memory and network-based forensics; o Log analysis of application, access, system, firewall, or other relevant logs; o Email analysis for suspicious or malicious activity; o Malware analysis and Indicator of Compromise identification; o Response/remediation plans; and o Post-incident monitoring. There are two editions of the Service to cater for the Customer’s requirements: Tier 1 Retainer: The Tier 1 Retainer is applicable where the Customer chooses to procure the Service and pay the applicable retainer fee (80 hours are purchased in advance for the Minimum Term) to Vodafone. The Tier 1 Retainer customers will receive the Service on a preferred basis over Tier 2 Retainer customers for the duration of the Minimum Term. Unused hours remaining at the end of the Minimum Term cannot be exchanged for any additional services and will be forfeited. If the retainer hours are completely used by Customer before expiry of the Minimum Term, and the Customer does not procure additional Tier 1 Retainer hours, any other breach response and forensic services provided during the Minimum Term shall be charged to Customer at the Tier 2 Hourly Rate. Tier 2 Retainer: The Tier 2 Retainer is applicable where Customer chooses to procure the Service as a retainer where no hours are purchased in advance for the Minimum Term from Vodafone. Any breach response and forensic services provided during the Minimum Term, pursuant to the Tier 2 Retainer, shall be charged at the Tier 2 Hourly Rate. Responses to incidents of Tier 1 Retainer Customers will take priority over responses to incidents of Tier 2 Retainer Customers if multiple concurrent incidents occur across retainer Customers. The Service shall comprise of the following deliverables: Deliverable 1: Periodic Status Report Deliverable 2: Remediation Plan Deliverable...
Project and Services. Under this Agreement, one or more students (each a ‘Student’) will be provided by the University to undertake the research project as set out in Part C: Project Schedule (‘Schedule’). The Schedule includes a description and the location of the Project, the University Supervisor name and the name of the Student(s) who will work with the Partner. The Project will commence on the Commencement Date stated in the Schedule. The Parties agree that this Agreement is conditional upon there being a student(s) selected for the Project and the Student agreeing to comply with the Student Responsibilities in this letter. The Student(s) will complete 400 hours undertaking the Project, over approximately 10 weeks (excluding public holidays).
Project and Services. 2.1 Description of PROJECT. (a) The PROJECT includes two phases as follows:
Project and Services. Penetration Testing Service (the “Service”) Edition No. of Target IP Addresses Small <25 IPs Medium <100 IPs Large < 256 IPs Edition No. of Target IP Addresses Small <50 IPs Medium <256 IPs Large < 400 IPs Customer Prerequisites External Infrastructure Penetration Test Where Customer selects an External Infrastructure Penetration Test edition of the Service, the Customer shall complete the External Infrastructure Penetration Test Questionnaire prior to the Service Commencement Date. No connectivity pre-requisites are required as testing is performed against Customer’s external public facing Environment. Internal Infrastructure Penetration Test Where Customer selects an Internal Infrastructure Penetration Test edition of the Service, the Customer shall complete the Internal Infrastructure Penetration Test Questionnaire prior to the Service Commencement Date. The Internal Infrastructure Penetration Test requires remote network connectivity into the Customer’s Environment. The Customer has the following two options available to provide Vodafone with the remote network connectivity: 1. the Customer must (a) deploy Vodafone’s custom Kali Linux image on a Virtual Machine provided by the Customer; and (b) provide Vodafone with access to the Virtual Machine (e.g. via a client virtual private network (“VPN”), Citrix or any other remote access solution). The Customer’s Virtual Machine must be deployed in an internal network so the access to all of the Target IP Addresses is not blocked by any network device. Hardware requirements for the Customer’s Virtual Machine are as follows: 2x CPU, 4 GB RAM and 20 GB HDD space; or 2. Customer must provide Vodafone with a VPN which is terminated within the Customer’s Environment and has access to all Target IP Addresses.
Project and Services. City of Peoria: 91st Avenue Butler to Mountain View (Services on pg. 5) (e) Dates: 4/2012 – 1/2015
Project and Services. City of Mesa: Elliot Road Waterline (Services on pg. 5)
Project and Services. Central Avenue & Western Avenue Sewer and Water Main Improvements (Services on pg. 5)
Project and Services. Penetration Testing Service (the “Service”) Service Summary The aim of the Service is to simulate a Cyber Attack on the Customer’s Environment, in order to test the Customer’s cyber defence capabilities and allow Vodafone to identify any vulnerabilities. The objective of the Service is not to list all vulnerabilities discovered in the Customer’s Environment, but instead to gain unauthorized access to system features and data, escalate user privileges or compromise data integrity. The findings of the Cyber Attack will be documented and prioritized, by level of risk, in the Penetration Test Report detailing any recommendations and Vodafone shall also remotely provide the 60-minute Explanatory Presentation. There are three editions of the Service to meet different sized Customer Environments: External Infrastructure Penetration Test (Black-Box Testing) Edition No. of Target IP Addresses Small <25 IPs Medium <100 IPs Large < 256 IPs Internal Infrastructure Penetration Test (Black-Box Testing or Grey-Box Testing) Edition No. of Target IP Addresses Small <50 IPs Medium <256 IPs Large < 400 IPs The Service shall comprise of the following deliverables: Deliverable 1: Simulation of the Cyber Attack Deliverable 2: Provision of the Penetration Test Report Deliverable 3: Provision of the Explanatory Presentation Customer Prerequisites External Infrastructure Penetration Test Where Customer selects an External Infrastructure Penetration Test edition of the Service, the Customer shall complete the External Infrastructure Penetration Test Questionnaire prior to the Service Commencement Date. No connectivity pre-requisites are required as testing is performed against Customer’s external public facing Environment. Internal Infrastructure Penetration Test Where Customer selects an Internal Infrastructure Penetration Test edition of the Service, the Customer shall complete the Internal Infrastructure Penetration Test Questionnaire prior to the Service Commencement Date. The Internal Infrastructure Penetration Test requires remote network connectivity into the Customer’s Environment. The Customer has the following two options available to provide Vodafone with the remote network connectivity: 1. the Customer must (a) deploy Vodafone’s custom Kali Linux image on a Virtual Machine provided by the Customer; and (b) provide Vodafone with access to the Virtual Machine (e.g. via a client virtual private network (“VPN”), Citrix or any other remote access solution). The Customer’s Vi...
