Hoyo Tech

(2023-04/02) Open call for IT Infrastructure

Copy link Inactive

About the procurement

Offers can be sent from 29.04.2023.

The deadline for submission is 01.08.2023.

 

Offers to be sent at the following e-mail: finance@hoyo.tech

Or through post office to: 15-th Korpus no.28, 6330, Struga, North Macedonia

 

Implementation period of the project is in the following quarters and can be used as a template to submit the final offer:

 

Realization period

Price (in EUR or Macedonian Denar)

Q1 - (15.05.2023-14.08.2023)

-

Q2 - (15.08.2023-14.11.2023)

-

Q3 - (15.11.2023-14.02.2024)

-

Q4 - (15.02.2024-14.05.2024)

-

Q5 - (15.05.2024-14.08.2024)

-

Q6 - (15.08.2024-14.11.2024)

-

Total

-

 

In the offer indicate which of the following activities are included for the period.

 

IT Infrastructure Security:

  • Risk Assessment: Identify potential vulnerabilities and threats within the IT infrastructure through regular assessments.
  • Access Controls: Implement strong authentication mechanisms, authorization protocols, and role-based access controls to restrict unauthorized access.
  • Endpoint Security: Deploy robust antivirus, anti-malware, and intrusion detection/prevention systems on endpoints.
  • Data Encryption: Encrypt sensitive data at rest and in transit to prevent unauthorized access.
  • Backup and Recovery: Establish a reliable backup and recovery strategy to ensure data availability and integrity.
  • Incident Response Plan: Develop and test a comprehensive incident response plan to swiftly address and mitigate security incidents.
  • Security Training: Provide cybersecurity awareness training to employees to promote safe computing practices.

 

Big Data Infrastructure Security:

  • Data Classification: Classify data based on sensitivity and apply appropriate security measures
  • Access Monitoring: Implement real-time monitoring of data access and usage to detect unusual patterns.
  • Data Lifecycle Management: Establish policies for data retention, archival, and disposal.
  • Secure APIs: Ensure APIs used for data access and integration are secure and properly authenticated.
  • Secure Processing: Implement secure processing environments for data analytics to prevent data leakage.

 

Networking Security:

  • Firewall Configuration: Set up and configure firewalls to control and monitor network traffic.
  • Network Segmentation: Implement network segmentation to isolate critical systems and limit lateral movement of attackers.
  • Intrusion Detection and Prevention: Deploy intrusion detection and prevention systems to monitor and block suspicious network activities.
  • Secure Remote Access: Implement secure remote access solutions (VPN, multi-factor authentication) for remote employees.
  • Network Traffic Encryption: Encrypt network traffic to protect data in transit and prevent eavesdropping.
  • Network Monitoring: Continuously monitor network traffic and logs to detect anomalies and potential breaches.

 

General Cybersecurity Practices:

  • Vulnerability Management: Regularly scan for vulnerabilities, prioritize them, and apply patches or remediation measures.
  • Penetration Testing: Conduct penetration testing to identify weaknesses in the infrastructure and applications.
  • Third-Party Risk Management: Assess and manage security risks posed by third-party vendors and partners.
  • Cybersecurity Policies: Develop and enforce comprehensive cybersecurity policies and procedures.
  • Regulatory Compliance: Ensure compliance with relevant data protection and cybersecurity regulations.
  • Continuous Monitoring: Implement continuous monitoring tools to detect and respond to threats in real-time.
  • Security Audits: Conduct regular internal and external security audits to assess compliance and effectiveness.
  • Security Awareness Programs: Educate employees and stakeholders about cybersecurity best practices and potential risks.