In order to accomplish its mission, BGD e-Gov CIRT will provide the following services to its constituents.

Reactive services

    Cyber security incident handling


    BGD e-GOV CIRT will receive information regarding cyber security incidents, triage incidents and coordinate response. Possible activities related to incident handling include:


    • Reporting
    • Coordination
    • Incident response support
    • Incident analysis and evidence collection

    Digital Forensic Lab


    BGD e-GOV CIRT is now capable of recovery and investigation of material found in digital device including mobile, PC, Drone or any IOT’s or computational devices. Service Workflow follows:


    • Evidence Detection
    • Evidence Acquisition
    • Evidence Analysis/Examination
    • Documenting and Reporting

Proactive services

    • Security assessments
      BGD e-Gov CIRT is constantly doing vulnerability assessments and penetration testing on assets located at the National Data Center as well as these activities can be provided to the constituency on a special official request
    • Configuration and maintenance of security tools, applications, infrastructures, and services
      BGD e-Gov CIRT maintains described set of security tools primarily used for logs collection and archive for assets located in the National Data Center which allow to trace incidents when they occur.
    • Intrusion detection
      BGD e-Gov CIRT collects cyber security threat information (compromises, accessible vulnerabilities) from various external feeds, filters and distributes them among the constituency.
    • Security consulting
      BGD e-Gov CIRT provides advice and guidance on the best security practices to implement for constituents’ business operations.
    • Awareness building
      BGD e-Gov CIRT seeks opportunities to increase security awareness through developing articles, posters, newsletters, web sites, or other informational resources that explain security best practices and provide advice on precautions to take. Activities may also include scheduling meetings and seminars to keep constituents up to date with ongoing security procedures and potential threats to organizational systems.
    • Cyber Sensor
      Detecting intrusion, suspicious activity & development of methodology of assessing maturity level of Critical Information Infrastructure in Bangladesh government IP network, thus sensor network is being implemented.
Service Name Package Package Details Service Charge
(Excl. VAT and TAX)
Cyber Sensors Installation and Commissioning CS_1G One-unit Cyber sensor Installation and Commissioning -1G Interface Capacity (One Time) 12,000,000.00 (One Time)
CS_10G One-unit Cyber sensor Installation and Commissioning – 10G interface capacity (One Time) 15,000,000.00 (One Time)
CS_SUPPORT Operations, Maintenance, monthly sensor report one unit per month (Per month) 300,000.00 (Per month)
Risk Assessment RA_DHK_01 Risk assessment per Organization within Dhaka
Duration: 3 weeks minimum (5 days onsite & 2 weeks offsite)
7,00,000.00 (One Time)
RA_OUTDHK_01 Risk assessment per Organization outside Dhaka
Duration: 3 weeks minimum (5 days onsite & 2 weeks offsite)
9,00,000.00 (One Time)
RA_Training_Basic Training on Basic Risk Assessment
Duration: 03 Working days
Maximum Participants: 10 Person
Venue: BGD e-GOV CIRT Premise
60,000.00 (One Time)
RA_Training_Advance Training on Advanced Risk Assessment
Duration: 05 Working days
Maximum Participants: 10 Person
Venue: BGD e-GOV CIRT Premise
1,00,000.00 (One Time)
Audit Assessment and Reporting ITAUDIT_DHK_01 Audit assessment & Reporting per Organization within Dhaka
Duration: 4 weeks minimum (5 days onsite & 3 weeks offsite)
8,00,000.00 (One Time)
ITAUDIT_OUTDHK_01 Audit assessment per Organization outside Dhaka
Duration: 4 weeks minimum (5 days onsite & 3 weeks offsite)
10,00,000.00 (One Time)
ITAUDIT_Training_Basic_DHK Training on Basic Information Security and Process Audit (Without Global Certification)
Duration: 05 Working days
Maximum Participants: 10 Person
Venue: BGD e-GOV CIRT Premise
250,000.00 (One Time)
TAUDIT_Training_Basic_OutDHK Training on Basic Information Security and Process Audit (Without Global Certification)
Duration: 05 Working days
Maximum Participants: 10 Person
Venue: Client Premise
350,000.00 (One Time)
Vulnerability Assessment and Penetration Test SERVER_VAPT Vulnerability assessment and penetration test on server operating system. This is a black box test which doesn’t require user credential and this test will identify possible installed services, running services, open ports, service version detection, network communications, patch information etc 46,000.00 (One Time)
WEBSITE_VAPT Vulnerability assessment and penetration test on website to detect possible vulnerabilities. This VAPT doesn’t require user credential. This test will identify web technologies and versions, SQL injection, Cross-site scripting, Unrestricted file upload, Web backdoor, Directory traversal etc.
Note: Each unique sub-domain will consider as domain.
1,11,000.00 (One Time)
WEB_APPLICATION_VAPT Vulnerability assessment and penetration test on web application to detect possible vulnerabilities. This test may require web application user credential to conduct vulnerability assessment to detect SQL injection, Cross-site scripting, Unrestricted file upload, Local or remote file inclusion, Authentication bypass, Misconfiguration etc.
Note: Each unique sub-domain will consider as domain.
1,63,000.00 (One Time)
Digital Forensic COMPUTER_FORENSIC Component: Computer Forensic
Duration: Min 5 working days / case
Description:
  • Evidence Detection
  • Evidence Acquisition
  • Evidence Analysis/Examination
  • Documenting and Reporting
6,50,000.00 (Per CASE)
MOBILE_FORENSIC Component: Mobile Forensic
Duration: Min 7 working days / case
Description:
  • Evidence Detection
  • Evidence Acquisition
  • Evidence Analysis/Examination
  • Documenting and Reporting
4,00,000.00 (Per CASE)
FORENSIC_SUPPORT Component: Forensic Support Service
Duration: Min 2 MAN days
Description:
  • On premise Forensic Technical Support
  • Technical support on Forensic Data Acquisition
  • Technical support on Forensic Data Analysis & Reporting
Note: Forensic Tools are not included in the service, Client must provide the tools. For services including tools please refer to COMPUTER_FORENSIC & MOBILE_FORENSIC.
30,000.00 /Per 2 MAN Days
FORENSIC_TRAINING Component: Digital Forensics Training
Duration: 3 days (3 hours per class) / batch (total 9 hours minimum)
Mode: On premise, hands on training.
Tools: Open source.
Participant: 20 persons / batch
Note: participant’s stationary & snacks arranged by inviting authority.
22,500.00 /per batch
Cyber Security Training Basic_Cyber_Security_Training Component: Basic Cyber Security Training
Duration: 3 working days
Description:
  • Maximum 10 number of participants
  • Basic attack and basic defense scenario simulation
  • Basic cyber security awareness
60,000.00 (One Time)
Advance_Cyber_Security_Training Component: Advance Cyber Security Training
Duration: 5 working days
Description:
  • Maximum 10 number of participants
  • Advance attack and advance defense scenario simulation
  • Hands on training on Kali
95,000.00 (One Time)
Cyber Threat Intelligence Cyber Threat Intelligence Threat Intelligence will be provided to the entities such as Critical Information Infrastructures, Banking and Financial Institutions, Law Enforcement Agencies etc.
  • Domain /entity based threat received from multiple sources will be provided on monthly basis.
  • Critical threat intelligence will be shared as and when received.
  • This service is purely on subscription basis.
BDT 1,00,000 per month. Minimum Subscription 1year.