Response to Queries Received for RFP of Security Integrator - Tender No. 63
|
|
- Marsha Pearson
- 8 years ago
- Views:
Transcription
1 Sr.N RFP Clause Original Query Reply/Remark o. 1. Perform Incident Management with respect to the following: For Forensic Analysis of logs Please clarify the systems/devices Contain attacks through for which log analysis is required. configuration of security Whether this includes network devices after prior approval system /devices or just only Forensic Analysis based on logs captured in the system security devices. Evidence collection for legal and Root cause analysis & suggest regulatory purposes- please clarify long term controls the extent or scope of evidence Evidence collection for legal collection and possible sources. Analysis of all the logs so obtained. and regulatory purposes Analyse and report incidents based on severity Escalate incidents as per process 2. Configuration of IPS and Firewall Does SI needs to manage security Please be guided as per RFP Configuration and Management of IP operations procedures like addresses, routing information, change, Config, patch and security routing tables, Multicast configuration Fault management along with for the Device operations reporting and monitoring of Patch implementation security devices? Weekly backup of configuration of all devices Configuration backup before making any changes 3. Objectives of having SI : Assist and guide the Bank to address the audit points especially the VA and Penetration test results. Does PNB requires periodic VA and PT to be conducted by SI or only assistance for GAP closure is expected? For any Incident attempt / happened, then log / evidence collection & forensic analysis for traversal through all nodes / Servers / Router / hops of PNB Advise the necessary collection of logs from 3rd party, if any. SI is expected to assist for Gap closure. 4. Does PNB looking for compliance -It is expected that SI is aware of Regulatory requirements like PCI DSS 2? requirements and best Banking practices 5. Scope of Work L1 and L2 support required at DC Please be guided by RFP 1 P a g e
2 Configuration, maintenance & monitoring of end-to-end security solutions (including products, appliances, monitoring consoles, Security log/data storage devices, Security appliance management servers etc) in the entire network of the bank. 6. Para 3- Brief The IT resources of the bank at DC and DRS are protected with perimeter defense appliances/ equipments. Checkpoint Firewall with Check point boxes and CISCO firewalls along with Intrusion Prevention System are installed in active-active and failover mode. for managing PNB end to end security solutions? Number of security devices i.e firewall/ips etc. 7. Misc. para (c) - Proposed locations for L1 and L2 engineer 8. Misc. para (h) Whenever, SI shall have Would the role require visiting to travel outside NCR for solving the PNB branch location or is static at Bank s issues at remote location, he will be paid TA/ DA as per the one location entitlement of Scale- II Manager in the Bank. 9. Misc. para (c) - One L2 Engineer should be available during banks business hours from 10 am to 8 pm on all days except all holidays and for the remaining period, one L1 engineer will be available for providing 24*7 services. 10. Misc. para (c) They (L1 & L2) will be the first point of contact and their efforts are to be supplemented and supported by expert team of the Number of onsite L1 and L2 engineer required in liason with PNB, Regional Rural banks and subsidiries banks. Is the back-end Support team for onsite engineer be part of Security operation centre Security devices like Firewall, IPS, SSL VPN approx 35 in number, however the scope covers for any number of devices those may be added/replaced in future. Security Integrator stationed at Data Centre New Delhi. They sometime require outside visit Availability is expected for L2 engineer from 10 AM to 8PM on all days except holidays. Availability of L1 engineers is expected on all other times 24*7 including holidays, except above timings when L2 is available. Please be guided by RFP item No. Misc ( c ). 2 P a g e
3 company at the backend. 11. RFP- Obligations of Successful Bidder- Para C. Does SI can manage the PNB end to end security solutions from their own premises using secure channel? Please be guided by RFP (Page-24) 12. Does PNB allows to access HLD and LLD documents to review network and security solution off premises to be managed and to which new deployment has to done? 13. What new devices are to be integrated in the network 14. Does PNB going to supply VA/PT tools? 15. Does PNB allows application security review and testing off premises? 16. Eligibility Criterion notings -> that current IS Auditors/ Network Integrator of the Bank will not be eligible to bid. -> that the successful bidder (once appointed Security Integrator) shall not be entitled to submit tenders for appointment of Security Auditors/ Network Integrator. 17. Eligibility Criterion - Bidder should have a minimum 3 years experience in implementing Information Security either as security integrator, or security implementer in Will the successful bidder be allowed to bid for other security RFP from PNB in future except auditor Is it one client having multiyear contract with bidder will do or PNB requires multiple client experience in 3 year NO, Generally on-site review. May be given offpremises at discretion of Bank with NDA in force Any Security / Network device or application VA PT is not expected to be done by SI No Please be guided by RFP Successful bidder will be allowed to bid for all RFPs of PNB except Security Auditor / Network Integrator. A total of 3 years experience within given RFP Eligibility Criterion. 3 P a g e
4 any large organization which have its offices/branches at least in the National Capital region Delhi and Mumbai with wide area network, intranet and internet as well as demilitarized zone and security equipments like firewalls, IDS and IPS. Out of 3 years experience, at least 1 year s experience should be in a reputed/large organization. 18. Point No. 3, Brief of existing setup Required the Detail list of IT Infrastructure (No. Of Servers, Routers, Firewall) 19. Under Introduction Required more information about the applications (No. of applications, Size, Purpose, No. of Pages) 20. Point No. 3, Brief of existing setup Are the new servers and applications will be added in the future? Security devices like Firewall, IPS, SSL VPN approx 35 in number, however the scope covers for any number of devices those may be added/replaced in future. For Servers, Routers, please be guided by RFP. Please be guided by RFP. Yes. -- All additions / changes will come under the scope for SI vetting / recommendations. 21. Security Integrator to Review/ Suggest on the following activities 22. Security Integrator to Review/ Suggest on the following activities Will they come under the scope of work Is vetting of the network architecture is a one time activity or a periodic activity IS application security based on black box testing or grey box Vetting is regular as well as periodic activity. Be guided by the scope of RFP. 4 P a g e
5 (Page-10) 23. Security Integrator to Review/ Suggest on the following activities (Page-10) 24. Under Eligibility Criteria:- The successful bidder (Once appointed Security Integrator) shall not be entitled to submit tenders for appointment of security auditors/ network integrator testing Is development/testing environment is also part of scope Ours is WAN service providing company, If we will be appointed as security integrator, Will we be eligible for providing our other services to bank (Like Connectivity (MPLS/LL/BB, Hosting Services, Other services of us) Be guided by the scope of RFP. Please be guided by RFP Successful bidder will be allowed to bid for all RFPs of PNB except Security Auditor / Network Integrator. 25. Ref. EMD in the form of DD or pay order. We would like to request PNB to accept EMD in the form of Bank Guarantee 26. Ref. Page 9, Scope of Work section. Do you have tools for doing forensic analysis? We would like to know full scope of work in Forensic Analysis. Our understanding is that we have to do Forensic Analysis only for the logs. Please confirm. If not so, please elaborate on the scope of Forensic Analysis. EMD in the form of Bank Guarantee not accepted please be guided by RFP. No forensic tool available with the Bank. (Refer to answer of query no. 1) Other scope given in RFP and please be guided by the same. 5 P a g e
6 27. Ref. Page 9 Perform Incident Management Forensic analysis based on logs captured in the system Q:- Please provide details of the SIEM tools deployed and capabilities configured. Q:- Please provide detail on average number of Security incidents in last 3 months? Q:- Do you want us to suggest or bring our tools? Details would be shared with successful bidder only. Details would be shared with successful bidder only. Yes, the successful bidder to suggest configuration changes / improvement of existing SIEM tool. 28. Ref. Page 10 Security Devices Review & Management Q:- Provide list of the devices under scope (make/model/quantity) Q:- Do we have to provide L1 & L2 resources based out of Delhi - Security devices like Firewall, IPS, SSL VPN approx 35 in number, however the scope covers for any number of devices those may be added/replaced in future. - For Applications, Servers, Routers, please be guided by RFP. - Service Provider will arrange qualified & competent resident engineers as per skill sets mentioned. Security Integrator stationed at Data 6 P a g e
7 29. Ref. Page 10 or other locations as well. Please specify all location. Q:- Are you open to have remote management support from Vendor NOC? Q:- Can you provide detail of number of tickets per month 1. Incident tickets 2. Change Tickets 3. Configuration request This information will help us plan L2 resources to manage the environment. 30. Ref. Page 11 daily Activity Request you to share existing daily checklist to be performed every day? 31. Page 13 - (h) Whenever, SI shall have to travel outside NCR for solving the Bank s issues at remote location, he will be paid TA/ DA as per the entitlement of Scale- II Manager in the Bank. Centre New Delhi as per Misc Para ( c ) of RFP. - No remote management from outside PNB allowed. Please be guided as per clause Misc ( c ) Page 13 The required information will be shared with successful bidder. Details given at Page of RFP. Rarely, once-twice in a year. However scope is unlimited. Q:- How frequently such visit will be there in a month? Does it include near to NCR or 7 P a g e
8 anywhere across India? 32. Ref. - Page 9 Security Integrator to Review/ Suggest on the following activities: Suggest the requisite control measures for monitoring, reporting, control selfassessment of various security components for various banking channels like CBS, ATM, Internet banking, Mobile Banking etc. and the related card based technology (debit, credit & smart cards) and the associated threats addressing security concern including cyber security. Regular on-going activity, on addition of new application or on review of information security measures. Query: What is the frequency of the above activity? 33. Ref. - Page 10. To review the various processes of the centralized application, other applications Regular on-going activity, on addition of new application or on review of information security measures. 8 P a g e
9 like card issue and pin issue etc. and the operational risk associated on a continuous basis and suggest mitigation & resolution. Query: What is the frequency of the above activity? 34. Ref. - Page 10. Review the existing information security infrastructure on all the business applications across the bank and other security postures of the bank and its subsidiaries as and when required by the bank vis-à-vis the business requirements of the Bank and regulatory standards, guidelines and best practices. 1. Regular on-going activity, on addition of new application or on review of information security measures. 2. Specific business requirement would be shared with successful bidder, however SI is expected to have broader knowledge and best practices. Query: 1. What is the frequency of the above activity? 2. It is assumed that the business requirements of the bank, regulatory 9 P a g e
10 requirements and guidelines would be shared by the bank. Pls. confirm 35. Ref. - Page 10. For improving network and IT resources availability, integrity & Confidentiality keeping in view the application architecture and access requirement. Query: 1. What is the frequency of the above activity? 2. Is this limited only to suggestion or implementation also? 36. What is the scope of the penalty? Does it include to the points listed under Security Integrator to Review/ Suggest on the following activities in page 9 of the document? 37. Annexure 4: We would like to have clarity on the Performance Certificates to be submitted 38. Ref. Annexure 4 Experience: vendor has experience providing security solutions to 1. Regular on-going activity. 2. Suggestions and implementation both. Please be guided by RFP. Name of organizations served by company for Info security with duration and Order values Please be guided by Eligibility Criterion in RFP. 10 P a g e
11 multiple organizations outside India including Fortune 10. Request you to accept such experience as part of Annexure 4 as we do not have similar experience with clients in India. 39. Ref. Page 12 Miscellaneous clause c): They will be the first point of contact and their efforts are to be supplemented and supported by expert team of the company at the backend. Q. We assume that the backend engineers will be providing support to resident engineers remotely. Is this support expected 24x7 or during prime support hours of 10 a.m. to 8 p.m.? Q. Do you need dedicated resources for remote support or shared resources would be acceptable? Q. The RFP mentions only L1 and L2 engineers. Does PNB already have L3 engineers that will be escalation points for L1 and L2 engineers? - Backend engineers support required on call basis any time on 24x7 basis - Shared resources would be acceptable as long as PNB is assigned top priority. - PNB does not have L3 engineers. (Refer Point no. 15 regarding SLA in RFP Page-21) 11 P a g e
12 40. Vulnerability and Pen test mentioned on page 31 and page 11 of RFP document. Q. Who is responsible for conducting Vulnerability assessment and Pen test (VAPT)? If bidder is expected to do VAPT, can he do it remotely or you have a team that does VAPT? 41. Ref. Page 20, clause 14. We would like to request you to elaborate on the uptime requirement and how do you define down time? Is bidder responsible for SLAs for devices that are not managed by it. If yes, kindly elaborate SI is not expected to conduct VA / PT. Please be guided by RFP. Directly management of Info security devices but any downtime happening due to omission - commission by SI within its work scope. 42. Bank reserves the right to extend the contract for additional one year after expiry of this contract. The terms and conditions of the contract for extended period shall be negotiated with successful bidder at the time of award of the extension. Note: 1. No further queries will be entertained by the Bank. 2. Last dates remain the same i.e. there is no change in last date for bid submission for RFP. 12 P a g e
Response of bidders' queries for RFP for Hosting of Website(s) of PNB on Dedicated Server
Response of bidders' queries for RFP for Hosting of Website(s) of PNB on Dedicated Server Srno 1 Current RFP clause Clause Details Bidder Query Our Response 2.2 (Eligibilty Criteria), Page Parent company
More informationRe-Tender RFP for Providing Dedicated Web Hosting Services for IBA Pre-Bid Queries
Re-Tender RFP for Providing Dedicated Web Hosting Services for IBA Pre-Bid Queries The pre-bid meeting for clarifications on the Re-Tender RFP for Providing Dedicated Web Hosting Services for IBA was held
More informationADDENDUM TENDER: TENDER FOR MANAGED SERVICES - I.T SECURITY OPERATIONS CENTER (SOC) ADDENDUM NO.1 CLARIFICATIONS
ADDENDUM TENDER: TENDER FOR MANAGED SERVICES - I.T SECURITY OPERATIONS CENTER (SOC) ADDENDUM NO.1 CLARIFICATIONS In accordance with the RFP for the Tender for Managed Services - I.T Security Operations
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationRajya Sabha Secretariat Rajya Sabha Television 12 A, Gurudwara Rakab Ganj Road, New Delhi 110001 TENDER NOTICE FOR INTERNET CONNECTIVITY
Rajya Sabha Secretariat Rajya Sabha Television 12 A, Gurudwara Rakab Ganj Road, New Delhi 110001 No. RSTV/TKSA/Technical/2014 Admn 07 April, 2014 TENDER NOTICE FOR INTERNET CONNECTIVITY Sealed tenders
More informationSl. No. Ref Sections/Clause requiring Clarification. RFP (Page No.)
Sl. No. RFP (Page No.) Ref Sections/Clause requiring Clarification Pre-Bid Queries for RFP Reference No: OBC/HO/DIT/RFP/SECURITY EQUIPMENTS/47/2014 Points of clarification given in the RFP Clarification
More informationSample Vulnerability Management Policy
Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director
More informationallowed. Request for inclusion and consideration of ISO 2008:9001 quality certification. CMMI Level 5 : 10 Marks CMMI Level 3 : 07 marks ISO: 05
Corrigendum for the Tender for Web Based Project Monitoring Tool & MIS System Bidders Clarification Sl. Clause /Page no Tender Clause Clarification Sought Clarification No. 1 Page No:4 No consortium Consortium
More informationFor windows erver, Which edition of Windows server 2008 is required ( i. e. Web / Standard / Enterprise )?? Kindly suggest.
Clarifications/Responses for Notice Inviting Tender From Companies/Agencies for Hiring Four Dedicated Servers (3 - Linux & 1 - Windows) Sr. No. Page No. Clause in Tender Clarification/Suggestion Sought
More informationIDBI Bank Ltd. value which should be sized on this appliance second for 2048 Bit SSL encryption." appliance/hardware and should be upgrade to 15 Gbps
1 2 3 4 Point 1-Hardware Specifications Setup A: Point C 1-Hardware Specifications Setup A: Point E 2-Hardware Specifications Setup B: point B 2-Hardware Specifications Setup B: point E The Solution should
More informationRequest For Proposal (RFP) for Empanelment of IT Consultants for Bank
RFP Reference No : OBC/HO/DIT/RFP-CONS/03 / 2010-11 Request For Proposal (RFP) for Empanelment of IT Consultants for Bank Oriental Bank of Commerce Department of Information Technology Head Office New
More informationFrequently Asked Questions (FAQ) Guidelines for quality compliance of. eprocurement System?
Frequently Asked Questions (FAQ) Guidelines for quality compliance of eprocurement System 1. What is eprocurement? Electronic Procurement (eprocurement) is the use of Information and Communication Technology
More informationRemote Services. Managing Open Systems with Remote Services
Remote Services Managing Open Systems with Remote Services Reduce costs and mitigate risk with secure remote services As control systems move from proprietary technology to open systems, there is greater
More informationThe Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:
Compliance Brief The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Using Server Isolation and Encryption as a Regulatory Compliance Solution and IT Best Practice Introduction
More informationDescription Bidder s Queries GSPC s Reply
Tender No.: GSPC/KG-OSN-2001/3/FMS for IT & Allied Services/2015-16/275 Pre-Bid Clarification No. 2 dated. 3 rd August 2015 Sr No. 1 2 3 4 5 Clause No. Clause 2 Clause 3 Clause 4 Clause 6 Description Bidder
More informationCyber Security RFP Template
About this document This RFP template was created to help IT security personnel make an informed decision when choosing a cyber security solution. In this template you will find categories for initial
More informationResponse to Questions CML 15-018 Managed Information Security
Response to Questions CML 15-018 Managed Information Security 1. What are the most critical aspects that need to be provided for this RFP, in light of the comment that multiple awards might be provided?
More informationProfessional Services Overview
Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded
More informationExpression of Interest (EOI) For. End to End Solution For Enterprise Data Warehouse Solution In Punjab National Bank
Expression of Interest (EOI) For End to End Solution For Enterprise Data Warehouse Solution In Punjab National Bank PUNJAB NATIONAL BANK INFORMATION TECHNOLOGY DIVISION HEAD OFFICE, 5 SANSAD MARG, NEW
More informationInformation Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationPierianDx - Clinical Genomicist Workstation Software as a Service FAQ s
PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s Network Security Please describe the preferred connection method(s) between the PierianDx network and a healthcare organization s
More informationAppendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD)
Appendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD) Enterprise Cloud Resource Pool Services Features Sungard AS will provide the following in connection
More informationRFP #3341-10 ADDENDUM #1 & ACKNOWLEDGMENT OF RECEIPT
RFP #3341-10 ADDENDUM #1 & ACKNOWLEDGMENT OF RECEIPT Description: Managed Services RFP #: 3341-10 Addendum #1 Date: January 28, 2016 This addendum includes the following information: Below are responses
More informationWhat s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1
What s New in PCI DSS 2.0 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or
More informationPunjab National Bank
Punjab National Bank June, 2014 Request for proposal (RFP) Security Integrator For Information Security Management System on the Bank & Security integration services for Enterprise Wide Network Punjab
More informationsaid period logs can be moved to Service
Replies to Queries by Various by vendors for Centralised Desktop management Solution S# Page# Clause Point in the RFP Queries Clarification by UIIC e) Backup and Restore: Successful bidder should provide
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationAPPENDIX 8 TO SCHEDULE 3.3
EHIBIT Q to Amendment No. 60 - APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT EHIBIT Q to Amendment No.
More informationPHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015
QUESTIONS ANSWERS Q1 What is the goal of testing? A1 We engage in this type of testing to promote our own best practices and ensure our security posture is as it should be. Q2 No of active IP s (internal):
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationRFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST
RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,
More informationADDENDUM #1 REQUEST FOR PROPOSALS 2015-151
ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151 HIPAA/HITECH/OMNIBUS Act Compliance Consulting Services TO: FROM: CLOSING DATE: SUBJECT: All Potential Responders Angie Williams, RFP Coordinator September 24,
More informationHEC Security & Compliance
HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0 Details Introduction Overview Security Offering Approach Certifications Introduction Dear Customer, Information
More informationFear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!
Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured! Presented by: Kristen Zarcadoolas, Jim Soenksen, and Ed Sale PART 2: plan, act, repeat (from the look, plan,
More informationN e t w o r k E n g i n e e r Position Description
Position Title: Group/Division/Team Network Engineer Business Technology Services / IT Operations Division Date October 2011 Reports to Roles Reporting to This Primary Objective Decision Making Authority
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationVendor Questions and Answers
OHIO DEFERRED COMPENSATION REQUEST FOR PROPOSALS (RFP) FOR COMPREHENSIVE SECURITY ASSESSMENT CONSULTANT Issue Date: December 7, 2016 Written Question Deadline: January 11, 2016 Proposal Deadline: RFP Contact:
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationDiscover what the power of one service provider can do for your bank.
N C R T O TA L AT M S E RV I C E S Discover what the power of one service provider can do for your bank. NCR TOTAL ATM SERVICES As the most touched point of interaction with customers, your ATM network
More informationService Offerings. Ensuring IT Resources are available, reliable, scalable & manageable always.
Service Offerings Ensuring IT Resources are available, reliable, scalable & manageable always. SNICare has divided its end-to-end offering into three main segments which covers all the aspects of the IT
More informationTechnical breakout session
Technical breakout session Small leaks sink great ships Managing data security, fraud and privacy risks Tarlok Birdi, Deloitte Ron Borsholm, WTS May 27, 2009 Agenda 1. PCI overview: the technical intent
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationInfrastructure Technical Support Services. Request for Proposal
Infrastructure Technical Support Services Request for Proposal 15 May 2015 ISAAC reserves the right to reject any and all proposals, with or without cause, and accept proposals that it considers most favourable
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationUNION BANK OF INDIA. minimum 1000 branches; three financial years
UNION BANK OF INDIA Central Audit & Inspection Department IS Audit Cell CORRIGENDUM RFP for Outsourcing of IS Audit for 2012 13 Modified Eligibility Criteria & response/clarification to vendor queries
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationCLOUD GUARD UNIFIED ENTERPRISE
Unified Security Anywhere CLOUD SECURITY CLOUD GUARD UNIFIED ENTERPRISE CLOUD SECURITY UNIFIED CLOUD SECURITY Cloudy with a 90% Chance of Attacks How secure is your cloud computing environment? If you
More informationOverview of Banking Application Security and PCI DSS Compliance for Banking Applications
Overview of Banking Application Security and PCI DSS Compliance for Banking Applications Thought Paper www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process
More informationWherever there is a conflict, the Addenda to the RFP document and the RFP document (in that order) override the explanations that are provided here.
Procurement of Services to Design, Develop, Implement and Maintain Centralized e-governance Application for Urban Local Bodies in Tamil Nadu Explanatory Notes 2 / Dated 17-December--2013 Explanatory Notes
More informationPCI-DSS Penetration Testing
PCI-DSS Penetration Testing Adam Goslin, Co-Founder High Bit Security May 10, 2011 About High Bit Security High Bit helps companies obtain or maintain their PCI compliance (Level 1 through Level 4 compliance)
More informationRequest for Proposal MDM0031012338. Offeror s Questions for RFP for Virtual Private Network Solution (VPN)
Request for Proposal MDM0031012338 Offeror s Questions for RFP for Virtual Private Network Solution (VPN) 1. How much throughput must the VPN support long-term? Answer: 10 GB firewall, 4 GB 3DES/AES VPN
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationPractice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited
Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident
More informationInformation Services. Standing Service Level Agreement (SLA) Firewall and VPN Services
Information Services Standing Service Level Agreement (SLA) Firewall and VPN Services Overview This service level agreement (SLA) is between Information Services (IS), and any unit at the University of
More informationNERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationS.No RFP Reference Clarification Sought Modified Clause/ Clarification
The clarification for the queries submitted by the biders in response to RFP for Managed Security Services dated 11.09.2012 is as follows: S.No RFP Reference Sought Modified Clause/ 1. The bidder will
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationWe are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review
We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationLas Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
More informationAnnex 9: Technical proposal template. Table of contents
UNFCCC/CCNUCC Page 1 Annex 9: Technical proposal template Table of contents Annex 9... 3 9.1 Technical proposal... 3 9.1.1 Vendor s name... 3 9.2 Engagement model... 3 9.2.1 Type of engagement... 3 9.2.2
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationIBM ISS Optimizacija Sigurnosti
IBM ISS Optimizacija Sigurnosti Slaven Novak IBM ISS Technical Sales Specialist slaven.novak@hr.ibm.com 1 The Business Challenge: New Methods and Motives: Adding to the complexity and sheer number of risks
More informationFINANCIAL SERVICES BOARD
ENTERPRISE SERVICE MANAGEMENT SOLUTION The following questions were received by the Financial Services Board (FSB) on bid FSB2016/17-T001 and are responded to accordingly: 1. Organisational 1.1. What are
More informationAPPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES
APPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES Application Vulnerability Scanning. A web-based application service hosted by Verizon Business to provide customers
More informationRequest for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP #12-680-004. Addendum 1.0
Request for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP #12-680-004 Addendum 1.0 ISSUE DATE: February 23, 2012 Receipt of this addendum should be acknowledged on the Proposal Form. Inquiries
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationSERVICE DEFINITION DOCUMENT
Contract Description: ANS Enhanced I3 Support Contract reference: ANS/SOS/02746/1 Service Type: Enhanced THIS CONTRACT is dated 14th May 2015 and made BETWEEN: (1) ANS Group Plc; a company registered in
More informationAlways on. Hawaiian Telcom. April 27, 2016. State of Hawaii. State Procurement Office Carey Ann Sasaki P.O. Box 119 Honolulu, HI 96810-119
Managed.. Hawaiian Telcom April 27, 2016 State of Hawaii State Procurement Office Carey Ann Sasaki P.O. Box 119 Honolulu, HI 96810-119 Subject: SPO Vendor List Contract No. 12-12 Furnish, Deliver, Install,
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationAmendment 1 - Annexure 5 (C) Technical Criteria
1 - Annexure 5 (C) Technical Criteria S. Eligibility Criteria Documents required Complied Y/N Formatted: Heading 2, Indent: Left: 0", Hanging: 0.4" C) Technical Criteria (Experience and other Technical
More informationRequest for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon
Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon Request for Proposal P a g e 2 Table of Contents 1.
More informationTENDER FOR INTERNET LEASED LINE FOR PERMANENT CAMPUS OF THE INSTITUTE AT OKHLA, PHASE-III NEW DELHI-110020
TENDER FOR INTERNET LEASED LINE FOR PERMANENT CAMPUS OF THE INSTITUTE AT OKHLA, PHASE-III NEW DELHI-110020 (Tender no. IIITD/S&P/08/2013-14) NOTICE Indraprastha Institute of Information Technology Delhi
More informationJohn M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationQuestions and Answers
1 Questions and Answers 1) EfficiencyOne currently has redundant and diverse Dark Fibre links connecting the main office and their colocation facility. Will it be a requirement to maintain this architecture,
More informationPCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR
PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR AUTHOR: UDIT PATHAK SENIOR SECURITY ANALYST udit.pathak@niiconsulting.com Public Network Intelligence India 1 Contents 1. Background... 3 2. PCI Compliance
More informationSecure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation
Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples
More informationwhitepaper 4 Best Practices for Building PCI DSS Compliant Networks
4 Best Practices for Building PCI DSS Compliant Networks Cardholder data is a lucrative and tempting target for cyber criminals. Recent highly publicized accounts of hackers breaching trusted retailers
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationSecure, Scalable and Reliable Cloud Analytics from FusionOps
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
More informationSpyders Managed Security Services
Spyders Managed Security Services To deliver world-class Managed Security Services, Spyders must maintain and invest in a strong Security Operations Centre (SOC) capability. Spyders SOC capability is built
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationCounselorMax and ORS Managed Hosting RFP 15-NW-0016
CounselorMax and ORS Managed Hosting RFP 15-NW-0016 Posting Date 4/22/2015 Proposal submission deadline 5/15/2015, 5:00 PM ET Purpose of the RFP NeighborWorks America has a requirement for managed hosting
More informationi-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors
March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation
More informationI.T. Security Specialists. Cyber Security Solutions and Services. Caretower Corporate Brochure 2015 1
I.T. Security Specialists Cyber Security Solutions and Services Caretower Corporate Brochure 2015 1 about us As an independent IT security specialist, with over 17 years experience, we provide tailored
More informationUnderstanding SCADA System Security Vulnerabilities
Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationDirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team
DirectAccess in Windows 7 and Windows Server 2008 R2 Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team 0 Introduction to DirectAccess Increasingly, people envision a world
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationCourse Outline: 6435- Designing a Windows Server 2008 Network Infrastructure
Course Outline: 6435- Designing a Network Infrastructure Learning Method: Instructor-led Classroom Learning Duration: 5.00 Day(s)/ 40 hrs Overview: This five-day course will provide students with an understanding
More information