HomeMy WebLinkAboutAdden 1Kroll | 55 East 52nd Street| New York, New York 10055
T +1 (212) 593-1000
www.kroll.com
Certain Kroll companies provide investigative services.
See www.kroll.com/licensing for state licensing information.
STATEMENT OF WORK
FOR
INFORMATION SECURITY AND COMPUTER FORENSICS SERVICES
SOW 2 , 2020, is entered into by and between Kroll Associates, Inc.
Law Firm Counsel City
of Renton Client and conditions, entered into as of
August 20 Agreement . All work under this SOW is
to be performed at the direction of Law Firm and is subject to the attorney-client privilege and/or the work
product doctrine. Capitalized terms herein shall have the meaning ascribed in the master terms and conditions.
A.Description of Services Description of services; scope of Assignment
Phase 1 - Forensic Investigation/Kroll CyberDetectER® Powered by Red Canary - Budget $70k to $90k
+ $45k
Enterprise-wide (all hosts covered by CyberDetectER®Endpoint) monitoring for approximately 30
days and up to 900 end points. Historical triage collection of forensically relevant artifacts and related
analysis of pertinent artifacts to determine and document timeline of pertinent historical events, possible
malware infection, data exfiltration methods, and potential account compromise(s) related to security
incident.
Leverage CyberDetectER® Endpoint and Kroll's tools for purposes of monitoring endpoints for signs
of malware infections, known Indicators of Compromise ("IOC"), and identification of compromised
host(s) or account(s).
Kroll may use CyberDetectER® Endpoint and other remote forensic techniques and tools to gather
evidence as necessary to facilitate the investigation, including to determine timeframe and scope of
sensitive data exposure.
Provide Client with actionable leads to resolve current security events.
Locate IOCs beyond those discovered in other investigations.
Triage forensic analysis of up to six (6) + ten (10) specific system(s) that show(s) relevant evidence of
malicious or suspicious activity.
Review of up to twenty (20) systems for specific indicators of compromise.
Findings will determine if priority end points, up to three (3) additional, require forensic imaging and
deeper forensic analysis beyond triage analysis through Kroll's CyberDetectER® Endpoint service.
Review of pre-Kroll engagement Malware and/or AV scan results and potentially pre-remediated
infection(s).
Preservation and analysis of available logs to include Firewall/NetFlow, VPN, web proxy, and IDS/IPS
to identify relevant anomalies.
As requested, preserve and analyze Client firewall configuration for settings allowing external traffic into
the network.
As requested, attempt to identify or determine if internal servers, including remote access services, are
exposed to external networks.
Attempt to identify if sensitive data (PI/PII/PFI or PHI), to include areas of the network where stored,
were exposed as a result of any identified compromise.
If available, automated analysis of identified malware binaries and related malware data or
dependencies.
Provide recommendations regarding containment and remediation of data event based on results of
investigation.
Verbal presentation of findings and drafting of report as requested by Counsel and Client.
Phase 2 will commence at the direction of Client and Counsel, if and when requested.
product doctrine. Capitalized terms herein shall have the meaning ascribed in the master terms and conditions.
2 , 2020, is entered into by and between Kroll Associates, Inc.
CAG-20-356, Adden #1-20
2
Phase 2 - Additional Forensic Steps - Budget TBD; no work authorized without prior written
authorization from Client.
As determined by malware investigation and Kroll CyberDetectER Endpoint monitoring review
B. Additional Terms and Conditions Specific to Information Security and Computer Forensics
Services
If in the course of the examination of computers, telephones or other electronic devices, or the examination of
electronic media, software content or materials in hard copy form, Kroll or an affiliate observes or otherwise
encounters what may be considered illegal contraband, such as images the mere possession of which Kroll
reasonably believes to be unlawful, Kroll reserves the right to disclose such contraband to law enforcement. In
such an event, and to the extent Kroll reasonably believes is permitted by applicable laws, Kroll will notify the
Client of its intention to disclose the existence and/or content of such contraband to the appropriate authorities.
To the extent any expedited information security and/or computer forensics services are requested by Client,
including work that must be performed over a weekend or holiday, or on an overtime basis, Kroll reserves the right
to charge for such expedited services at 1.5 times its normal hourly rates for the applicable services.
To the extent Kroll is requested to provide any written testimony or reports relating to information security and/or
computer forensics s
However, oral testimony at deposition, a hearing or trial will be provided at 1.5 times such rates.
C. Fee Structure
All fees will be billed
Consulting Services ....................................................................................................................... $325/hour*
Travel Time....................................................................................... 50% of Consultant/Engineer hourly rate
Media Preservation/Replication.................................................................................................... $400/media
Media / Data Storage .......................................................................................................... $25/media/month
*Indicates Beazley preferred rate
Based on the information now available and known to Kroll, we estimate Phase 1 of this engagement will cost
between $70,000 and $135,000, plus travel time, travel expenses, media output, freight and any applicable taxes.
However, frequently the full scope of work cannot be known without further investigation, and thus this estimate
may be subject to change based on further information or other developments in the course of the Assignment.
Kroll represents that it will not conduct work exceeding $135,000 without obtaining explicit authorization from Law
Firm or Client. Kroll will provide notice to Law Firm and Client when it has hit 80% of the estimated budget.
In addition to the Professional Fees identified above, additional charges may include reasonable out-of-pocket
expenses incurred in connection with the Assignment, but in no case shall the total amount billed under this
Assignment exceed $135,000 without prior written authorization from Client.
Accepted and agreed:
BAKER & HOSTETLER LLP
___________________________________
Name:
Title:
Date:
KROLL ASSOCIATES, INC.
___________________________________
Name:
Title:
Date:
Anthony Valach
Counsel
9/22/2020
Pierson Clair
Pierson Clair
Managing Director
September 22, 2020
3
CITY OF RENTON
___________________________________
Name:
Title:
Date:
State licensing information can be found at www.kroll.com/licensing
Armondo Pavone
Mayor
Attest:
______________________________________
Jason A. Seth, City Clerk, MMC
September 21, 2020
4
END-TO-END CYBER RISK SERVICES
Additional Governance, Risk, Investigation and Diligence Services
Business Intelligence and Investigations
Compliance Risk and Diligence
Disputes Consulting
Compliance Regulatory Consulting
Legal Management Consulting
Security Risk Management