Achizitie comuna/ Joint Procurement: Teste de penetrare infrastructura informatica / Supply of IT Security Assessment Services: Penetration Testing / IT Security Assessment Services according to the TIBER-EU framework

Description du marché

The IT infrastructure of the NBR (as well as that of the other participating institutions), as it is implemented at the time of the tests, available to both internal and external customers is within the purpose of these tests. The IT infrastructure contains the components required to operate and manage the IT environments. These components include hardware, software, networking components, an operating system (OS), and data storage, all of which are used to deliver IT services and solutions. The main objective is to identify the Participating Institution's cybersecurity risks and to take appropriate technical and organizational measures to minimize/mitigate those risks. More granular objectives are defined as follows: - Identify the external exposure in terms of surface attack and determine if the implemented security controls ensure appropriate protection against malicious actors; - Measure the level of responsiveness and capability to identify and react against a cyber-attack targeted to the weakness points; - Determine if the security policy and controls implemented within the internal IT infrastructure are strong enough to be able to identify an ongoing cyber-attack and to take measures to stop it; - Measure the effectiveness of the security awareness program by testing the user’s reaction to a social engineering cyber-attack; - Determine if the sensitive data is well protected against bad actors; - Being compliant with the regulatory requirements in terms of ensuring that the IT infrastructure offers a certain level of security protection. Penetration tests are performed usually by following the stages defined below: • Pre-engagement Interactions; • Intelligence Gathering and Threat Modelling; • Vulnerability Identification and Analysis; • Exploitation; • Post Exploitation; • Reporting.

Pouvoir adjudicateur