The URL can be used to link to this page

Home My WebLink AboutAdden 1Kroll | 55 East 52nd Street| New York, New York 10055 T +1 (212) 593-1000 www.kroll.com Certain Kroll companies provide investigative services. See www.kroll.com/licensing for state licensing information. STATEMENT OF WORK FOR INFORMATION SECURITY AND COMPUTER FORENSICS SERVICES SOW 2 , 2020, is entered into by and between Kroll Associates, Inc. Law Firm Counsel City of Renton Client and conditions, entered into as of August 20 Agreement . All work under this SOW is to be performed at the direction of Law Firm and is subject to the attorney-client privilege and/or the work product doctrine. Capitalized terms herein shall have the meaning ascribed in the master terms and conditions. A.Description of Services Description of services; scope of Assignment Phase 1 - Forensic Investigation/Kroll CyberDetectER® Powered by Red Canary - Budget $70k to $90k + $45k Enterprise-wide (all hosts covered by CyberDetectER®Endpoint) monitoring for approximately 30 days and up to 900 end points. Historical triage collection of forensically relevant artifacts and related analysis of pertinent artifacts to determine and document timeline of pertinent historical events, possible malware infection, data exfiltration methods, and potential account compromise(s) related to security incident. Leverage CyberDetectER® Endpoint and Kroll's tools for purposes of monitoring endpoints for signs of malware infections, known Indicators of Compromise ("IOC"), and identification of compromised host(s) or account(s). Kroll may use CyberDetectER® Endpoint and other remote forensic techniques and tools to gather evidence as necessary to facilitate the investigation, including to determine timeframe and scope of sensitive data exposure. Provide Client with actionable leads to resolve current security events. Locate IOCs beyond those discovered in other investigations. Triage forensic analysis of up to six (6) + ten (10) specific system(s) that show(s) relevant evidence of malicious or suspicious activity. Review of up to twenty (20) systems for specific indicators of compromise. Findings will determine if priority end points, up to three (3) additional, require forensic imaging and deeper forensic analysis beyond triage analysis through Kroll's CyberDetectER® Endpoint service. Review of pre-Kroll engagement Malware and/or AV scan results and potentially pre-remediated infection(s). Preservation and analysis of available logs to include Firewall/NetFlow, VPN, web proxy, and IDS/IPS to identify relevant anomalies. As requested, preserve and analyze Client firewall configuration for settings allowing external traffic into the network. As requested, attempt to identify or determine if internal servers, including remote access services, are exposed to external networks. Attempt to identify if sensitive data (PI/PII/PFI or PHI), to include areas of the network where stored, were exposed as a result of any identified compromise. If available, automated analysis of identified malware binaries and related malware data or dependencies. Provide recommendations regarding containment and remediation of data event based on results of investigation. Verbal presentation of findings and drafting of report as requested by Counsel and Client. Phase 2 will commence at the direction of Client and Counsel, if and when requested. product doctrine. Capitalized terms herein shall have the meaning ascribed in the master terms and conditions. 2 , 2020, is entered into by and between Kroll Associates, Inc. CAG-20-356, Adden #1-20 2 Phase 2 - Additional Forensic Steps - Budget TBD; no work authorized without prior written authorization from Client. As determined by malware investigation and Kroll CyberDetectER Endpoint monitoring review B. Additional Terms and Conditions Specific to Information Security and Computer Forensics Services If in the course of the examination of computers, telephones or other electronic devices, or the examination of electronic media, software content or materials in hard copy form, Kroll or an affiliate observes or otherwise encounters what may be considered illegal contraband, such as images the mere possession of which Kroll reasonably believes to be unlawful, Kroll reserves the right to disclose such contraband to law enforcement. In such an event, and to the extent Kroll reasonably believes is permitted by applicable laws, Kroll will notify the Client of its intention to disclose the existence and/or content of such contraband to the appropriate authorities. To the extent any expedited information security and/or computer forensics services are requested by Client, including work that must be performed over a weekend or holiday, or on an overtime basis, Kroll reserves the right to charge for such expedited services at 1.5 times its normal hourly rates for the applicable services. To the extent Kroll is requested to provide any written testimony or reports relating to information security and/or computer forensics s However, oral testimony at deposition, a hearing or trial will be provided at 1.5 times such rates. C. Fee Structure All fees will be billed Consulting Services ....................................................................................................................... $325/hour* Travel Time....................................................................................... 50% of Consultant/Engineer hourly rate Media Preservation/Replication.................................................................................................... $400/media Media / Data Storage .......................................................................................................... $25/media/month *Indicates Beazley preferred rate Based on the information now available and known to Kroll, we estimate Phase 1 of this engagement will cost between $70,000 and $135,000, plus travel time, travel expenses, media output, freight and any applicable taxes. However, frequently the full scope of work cannot be known without further investigation, and thus this estimate may be subject to change based on further information or other developments in the course of the Assignment. Kroll represents that it will not conduct work exceeding $135,000 without obtaining explicit authorization from Law Firm or Client. Kroll will provide notice to Law Firm and Client when it has hit 80% of the estimated budget. In addition to the Professional Fees identified above, additional charges may include reasonable out-of-pocket expenses incurred in connection with the Assignment, but in no case shall the total amount billed under this Assignment exceed $135,000 without prior written authorization from Client. Accepted and agreed: BAKER & HOSTETLER LLP ___________________________________ Name: Title: Date: KROLL ASSOCIATES, INC. ___________________________________ Name: Title: Date: Anthony Valach Counsel 9/22/2020 Pierson Clair Pierson Clair Managing Director September 22, 2020 3 CITY OF RENTON ___________________________________ Name: Title: Date: State licensing information can be found at www.kroll.com/licensing Armondo Pavone Mayor Attest: ______________________________________ Jason A. Seth, City Clerk, MMC September 21, 2020 4 END-TO-END CYBER RISK SERVICES Additional Governance, Risk, Investigation and Diligence Services Business Intelligence and Investigations Compliance Risk and Diligence Disputes Consulting Compliance Regulatory Consulting Legal Management Consulting Security Risk Management