AC1246 Provision of a Security Event and Incident Monitoring (SEIM) Service

Important dates

Opportunity ID

809

Deadline for asking questions

Thursday 22 March 2018 at 6PM (in Canberra)

Closing date for applications

Thursday 29 March 2018 at 6PM (in Canberra)

Published

Thursday 15 March 2018

Overview

Write a summary of your brief

Provision of Managed Security Incident and Event Monitoring (SIEM) as a Service

What is the latest start date?

May 2018

How long is the contract?

Initial contract period of 12mths, with optional 12mth extension

Where can the work take place?

New South Wales

Who will the specialist work for?

Australian Transaction Reports and Analysis Centre (AUSTRAC)

Budget range

From discussion with potential suppliers. We believe this service can be carried out for a maximum of $300K per annum (ex GST)

About the work

Why is the work being done?

At present, AUSTRAC uses a software to collect and analyse event logs. a contract commencement of April 2018, AUSTRAC is seeking provision of a Security Event and Incident Management Service

What's the key problem you need to solve?

Currently AUSTRAC utilises a SIEM, disparate systems and internal resources to monitor event logs and investigate alarms which are not deemed as routine. We are seeking a new SIEM system, available as a service, that is based on more contemporary machine learning concepts and which can collect from a wider range of event sources.

Describe the users and their needs

As a Security Manager, I need to be alerted to significant security events in real-time so that the events can be responded to and mitigated.

As an Infrastructure Manager, I need to be able to access security information across a broad range of systems in order to detect and address security concerns.

What work has already been done?

Who will the work be done with?

IT Security and Infrastructure team

Any additional relevant information?

What phase is the work in?

Discovery

Work setup

Where will the work take place?

Initially the work will require onsite consultation at either AUSTRAC Sydney or Canberra offices. Once established the service may be provided off-site.

What are the working arrangements?

To be determined - Onsite consulting and Offsite development and administration

Is security clearance required?

NV1 minimum clearance

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate sellers’ technical competence.

Essential skills and experience

• Previous delivery of similar scale SIEM systems
• Cyber security operations capability
• Demonstrated expertise in industry standard SIEM platforms
• Fitness for purpose
• Demonstrated capability to deliver in a Protected environment
• The potential seller's relevant experience and performance history
• Overall security of the offering

Nice-to-have skills and experience

Demonstrated capability to deliver in a Protected environment

How sellers will be evaluated

How many shortlisted sellers will you evaluate?

3

Proposal criteria

• Technical design
• How well the solution meets AUSTRAC's requirements
• Successful solutions for other organisations
• Ability to accommodate and handle protected data
• Value for money

Cultural fit criteria

• Work as a team with our organisation and other sellers
• Transparent and collaborative when making decisions
• Have a no-blame culture and encourage people to learn from their mistakes

Payment approach

Fixed price

Assessment methods

• Written proposal
• Work history
• Reference

Evaluation weighting

Technical competence
50%

Cultural fit
20%

Price
30%