Ministry of Communicationand InformationTechnology (MCIT)
IslamicRepublicof Afghanistan
Requestfor“Expressions of Interest” forIndividualConsultant
Consultancy Services:Local Expert Cyber Security & Information Systems
Project: E-Government Resource Center
Position:
Local Expert Cyber Security & Information Systems
Number of Positions: 1
Contract Type:
Services Contract (Advisory Services)
Duration:
Closing Date:
DutyStation:
3Months (Possibility of Extension)
30-Sep 2015
Kabul
Background
MCIT would establish An E-Government Resource Centre (EGRC-II) in the premises of MCIT to be
the center of excellence in E-Government in the country and to be the source of technical expertise
and skills, advice and guidance for development and deployment of E-Government in the agencies
and departments of the GIRoA. The proposed E-Government Resource Centre will assist in the
development of National E-Government Information Management and Data Standards and policies
within the framework of the already developed e-GIF (E-Gov Interoperability Framework) and eGovernment Strategic Master Plan. The proposed center will provide guidance, advice and technical
expertise to GIRoA for design and development of the E-Government program as a whole and for
specific projects within it. The Centre will also provide services to donor supported projects and other
agencies of the government at the central and provincial levels in the development and deployment of
ICT for governance and development including training and capacity building in the agencies and in
the development and implementation of E-Government projects in various application areas. As it is
apparent that huge number of projects are being designed and implemented by donor organizations
directly, which include the ICT module in it, the EGRC will have a unit tasked to monitor such
projects by liaising with donor organization and also monitoring their websites and bilateral
agreements with the Ministry of Finance of GIRoA. EGRC will also deploy CIOs in 10 Ministries for
the first phase of the project, which will report on the ICT deployments in these organizations on time
to time bases; this will insure the implementation of common ICT policies and platforms throughout
the government sector. MCIT will arrange MoUs with donor organizations, which will enable the
EGRC to carry forward the coordination tasks in this area.
Services to be rendered by the proposed E-Government Resource Centre can be classified into the
following major categories:
1.
E-Government Consulting and Advisory Services
2.
E- Government Human Resource Capacity Development
3.
E-GIF Implementation and IT standardization Services
4.
IT and e-Gov Audit
Basic Function of the Position
Cyber Security Services include data audit, policy enforcement, information assurance and
incident responses. Participate in training on Cyber Security Technologies, Access Controls,
Authentication Procedures, Intrusion Detection &Incident Responses, Risk Management,
Vulnerability Assessment &Audit and Cyber Security Policies, Regulations and Procedures.
Major Duties and Responsibilities













Participate in training regarding Cyber Security Basics: Goals of cyber security, structure of
the Internet, common types of attacks and review of the players in the cyber security arena.
Understanding Cyber Technology: Cyber technology, TCP/IP, networked applications and
network components.
Intrusion Detection and Incident Response: Intrusion prevention and detection, incident
response, forensic analysis and the evidence lifecycle;
Risk Management: Identifying assets, determining exposures, considering controls to reduce
cyber risk and mechanisms to secure critical systems.
Security Policies and Best Practices: Designing and implementing policies, standards
and procedures developing best practices.
Vulnerability Assessment and Audit: Scanning systems of MOCIT, performing vulnerability
assessments on MOCIT’s Systems executing penetration tests and mechanisms to review log
files and working with syslog servers.
Securing Network Communications: Securing remote access networks, creating VPNs and
assessing the need for secure communications;
The expert will carry out any other Tasks within the broad scope of cyber security.
Developing firewalls policies and guidelines, data encryption and other security measures.
Deep Packet level knowledge till layer 7 Inspection with good understanding of IPS/IDS.
Recommending security enhancements and purchases.
Analyzes newly discovered computer viruses, and designs and develop software to defend
against them.
Developing training manual and training staff on network and information security procedure.
Required Skills



Must have Knowledge of industry standards, e.g.ISO2700 series and other industry related
security standards.
Prior experience with the utilization of Information Security tools NMAP, Ethereal, Web
Inspect, etc. and manual techniques to exploit the viler abilities in the OWASP top 10
including but not limited to cross-site scripting, SQL injections, session hi-jacking and buffer
over flows to obtain access to target systems.
Good understanding of systems design and analysis; Understanding of international policies
and standards in areas of network securities; Understanding of Cisco platforms being used by
the Government; Understanding of network security standards; Good understanding of
computer hardware; Good understanding of server applications and operating systems;
Understanding of international policies and standards in areas of computer networks and
hardware.
Ability to perform network traffic forensic analysis, utilizing packet capturing software, to
isolate malicious network behavior, in appropriate network use, or identification of in secure
network protocols; Attack and Penetration experience in testing of internet infrastructure and
web-based applications utilizing manual and automated tools.





Basic understanding of networks, including TCP/IP and network security concepts.
Must be able to troubleshoot complex PC configurations.
Computer literacy and ability to effectively use office technology equipment, IT tools.
A thorough knowledge of English is essential.
Communication and soft skills.
Qualification / Evaluation Criteria









Educational requirements include a bachelor's degree in information security, management
information systems or a related discipline.
Master’s degree in information security will be preferred.
Must possess Professional Certifications such as CISSP,CISA,CISM ,CEH,ISMS or
Higher/Equivalents;
CCNA (Security), CCNP (Security), CCIE (Security)-Preferred.
At least 5 years of experience in IT security principles, IT network architecture, the
Government IT accreditation process and associated standards and of developing security
requirements and architectures.Hands on technical experience in Cyber security, information
assurance, and related technologies;
Experience of both public sector and private sector client bases
Ability to write clear concise documents
Project management experience would be advantageous as would previous experience of
technical bid writing/input
The ability to apply technical knowledge, with creative and innovative thinking in a broad
range of complex and non-routine contexts is a pre-requisite.
Expressions of interest and the latest CVs must be delivered or sent by e-mail to the addressees
below.
E- Government Recourses Center;
Attn: HR Officer EGRC-II Project 15th floor, Ministry of Communications and IT
(MCIT);Mohammad Jan Khan Watt; Kabul, Afghanistan
Cell phone: +93 794403754; Email:hr.project@mcit.gov.af ;Web site: www.mcit.gov.af
Copy to:
1) Abdul Mujeeb Mohmand; E – Government Director; Ministry of Communication and
IT, I.R of Afghanistan ; Mohammad Jan Khan Watt, Kabul Afghanistan ;
Email:m.mohmand@mcit.gov.af
2) Sayed Masoud Samim; Human Recourses Director; Ministry of Communication and IT,
I.R of Afghanistan ; Mohammad Jan Khan Watt, Kabul Afghanistan ;
Email: masood.samim@mcit.gov.af
Any queries on the position may also be addressed to the above mentioned email addresses, latest 3
working days before the deadline for submission of applications.