Madison County, Ill., Prepares for Penetration Test to Assess Cybersecurity Weaknesses

Cybersecurity audits performed by the Information Technology Department showed a "penetration test" was necessary for the county.

by Scott Cousins, The Telegraph / August 8, 2018

(TNS) — EDWARDSVILLE, ILL. — Madison County, Ill.’s Information Technology Department is getting ready for a long-planned test expected to show any deficiencies in the county’s defenses against cyber attacks.

According to a presentation given to the committee, cybersecurity audits showed a “penetration test” was needed for the county.

“With the increase in cyber crimes and the amount of money that a data breach can cost, we need to have a professional company perform a penetration test and let us know where we need to tighten security,” the presentation stated.

It also noted that a major data breach could cost the county “millions of dollars.” It was also noted that the test needed to be performed by an outside company. The county also recently doubled its cybersecurity insurance, but still saved money on the rates because of the planned test.

The committee approved hiring Janus Associates, a Connecticut-based company, to perform the test. It must now go through the finance committee, which meets today, Wednesday, before going to the full County Board for approval.

The county had budgeted $100,000 for the test in the 2017 budget, but carried the money over to the 2018 budget. No timeline was given for the testing, which if approved should be completed within several months.

Janus was one of 11 companies vying for the work, and submitted a bid of $39,990.50. The bid ranges were $21,000 to $99,800.

It was noted by committee members that the Janus bid was in the middle, but the company’s proposal was scored the second highest. With a total of 110 possible points, Janus scored 109. The top scoring company, with a perfect 110 score, was NCC Group. That company was also the highest bidder, approximately $60,000 more than Janus.

Janus received high marks for a number of reasons, including almost 30 years in the security services industry, the use of in-house personnel with “extensive experience” in IT security for the test, thorough explanations of their processes and reports, and a long history of working with federal, state and local governments.

There was some discussion by IT Committee members about the selection process. Ann Gorman, D-Edwardsville, said she had some concerns that the criteria for selecting was created based on the responses, not before the Requests for Proposals were sent out.

However, it was also noted that Janus would still have been one of the highest-scoring companies, while still in the middle as far as pricing.

©2018 The Telegraph (Alton, Ill.) Distributed by Tribune Content Agency, LLC.

Platforms & Programs