1 Response to Questions CML Managed Information Security 1. What are the most critical aspects that need to be provided for this RFP, in light of the comment that multiple awards might be provided? The Library is seeking proposals from firms which can provide security consulting / practice development and/or managed security services. Multiple awards could be provided if the Library feels this is the most advantageous approach. 2. What are the decision criteria and weighting criteria being used for this RFP? Please see page 7 of the Managed Information Security Services RFP. Quality and comprehensiveness of the proposal. Quality of the proposed solution. Stability and viability of the product and Offeror. Offeror s experience on projects of similar scope. Input from reference contacts. 3. Do you want the partner to implement Office 365 as part of this contract? No. We are currently an o365 customer. 4. What are the total number of IT Staff who are managing the Network and Security operations of the Library currently? 2 5. How long does the library take to identify and valid a security incident from false positives? This varies based on incident. We believe an Infosec partner could help us in the areas of threat intelligence, incident management, and incident response. 6. How many people and man hours are typically spent in remediating a valid IT Security Incident ( infection of machine, etc )? This varies based on incident. We believe an Infosec partner could help us in the areas of threat intelligence, incident management, and incident response.
2 7. Please provide us data points / feedback on internal gaps analysis performed regarding the IT Security / Risk Management / Compliance posture of the library that will allow us to understand your current maturity model from a people / process / technology perspective. We will provide information related to prior assessments once a partner is selected. 8. Can we be provided a copy of the IT Strategic plan to help formulate response? No, this information will be provided once a partner is selected. 9. Does the library have a written IT Security policy in place? Please provide a copy for review if possible. Yes. The Library may seek input and guidance on policy, procedure, and practice creation to develop a more formalized security program. 10. Does the library currently use any threat intelligence data feeds as part of the security operations? What are the sources of the threat intelligence? ( name, vendor, etc ) The Library leverages threat intelligence today through various mediums. In the future the Library envisions having a partner as a primary go-to to fill this need. 11. How often does the library desire to have penetration testing performed? Annually 12. What cloud services are you using and what are planned cloud services over next 3-5 years? Example ( O365,Amazon,Box, Dropbox, etc ) The Library is currently using o365. The Library is evaluating IaaS options and our assessment of cloud based services and applications is ongoing. 13. What are the current IT Security technologies deployed and the applicable version running of the solution ( for desktop and laptop, servers, filtering and security, web application firewalls, firewalls, network IDS / IPS, advanced threat solutions, web filtering solutions? The Library has standard Information Security technology in place including firewall, antivirus, web filtering, malware protection, and log/event management. 14. Does the library want to deploy new solutions IT Security technologies that are for the differing platforms: Desktops, Servers, Mobile Devices We are open to further discussions and receiving proposals for replacement.
3 15. Does the library have a vulnerability scanning tool? What is the platform / vendor and current release of version running? No. Scans are performed on an as needed basis through a MSSP. 16. How often does the vulnerability scanning currently take place for the library? It is performed on an as needed basis through a MSSP. 17. How long does it take to remediate findings of vulnerabilities? This varies based on vulnerability. 18. What are is your length of storage requirements from a time aspect for log management and compliance purposes? (90 days for logs for example?) (1 year for PCI compliance data for example?) We will be looking for recommendations from our selected partner to ensure we are in compliance. 19. What is your current log management solution? The Library is using Solarwinds Log and Event Manager. The Library is seeking recommendations as part of this engagement. 20. Do you currently have a SEIM, Security Event Identification Management Solution, in production? What is platform and release information? The Library is using Solarwinds Log and Event Manager 21. How many total IP addresses ( physical and virtual IPs) does the library have for their network and systems? We have approximately 200 virtual servers. We have approximately 300 IP addresses allocated to network devices including WAPs. 22. What is expected growth rate for IP addresses for the library over next 3-5 years? ( Best estimate ) Approximately 10% per year.
4 23. Per each library location please provide the number s for total servers and desktops / laptops? Each location has 1 branch server which supports public computing technologies. Approximately 90 end user devices per locations. 24. How many total desktops & laptops & tablet computers are under library management? What are the current Security solutions deployed to these devices. What is the current version of the Security solution in production Approximately 1,800. antivirus, web filtering, malware protection 25. Is a Security tool platform change in scope for this RFP? We are open to further discussions and receiving proposals for replacement. 26. How man total server operating systems are deployed at the library and what are their operating systems and release level? What are the current Security solutions deployed to these server assets? What is the current version of the Security solution deployed to server assets? The Library runs a mix of Windows and Linux. Additional details will be provided once a partner is selected. 27. How many servers are virtualized versus physical servers? What are the virtualization technologies deployed for servers and desktops? What vendor version and software release are running for the virtualization platform(s)? What is the management platform in use? The Library is 95% virtualized. The Library uses VMware ESX for server virtualization. 28. Please describe your network topology and a provide a network diagram and denote ingress and egress points of internet traffic. How many total number of egress points? How many total number of ingress points? Please see page 3 of the RFP. Additional details will be provided once a partner is selected. 29. What aspects of your network design represent the biggest concern or risk to the library?
5 30. Who are your internet and telecom vendors? OPLIN, TWC, XO 31. What are the total number of routers deployed? What are the vendor model number and software release running? Please denote each distinct active/ active and active / passive pair clusters deployed. How many active / active pairs? How many active / passive pairs? What is the management platform in use? Approximately What are the total number of switches you have deployed? What are the vendor model number and software release running? Please denote each distinct active/ active and active / passive pair clusters deployed. How many active / active pairs? How many active / passive pairs? What is the management platform in use? Approximately What are total number(s) of firewalls and / or UTM devices deployed? What are the vendor model numbers and software release running on your firewalls and / or UTM device? Please denote each distinct active/ active and active / passive pair clusters deployed. How many active / active pairs? How many active / passive pairs? What is the management platform in use? 34. What are the total number of network based IDS and IPS systems deployed? 35. What are deployed behavioral analysis tools deployed within network? Please provide vendor platform information and software release deployed in production? Please denote each VPN device active / active and active / passive pair clusters deployed. What is the management platform in use? 36. What type of VPN solution do you have deployed an in production? Please denote platform / vendor and software release running in production? What is the management platform in use?
6 37. What is your web filtering platform? What are the vendor model numbers and software release running? Please denote each active / active and active / passive pair clusters deployed. How many active / active pairs? How many active / passive pairs? What is the management platform in use? OpenDNS. 38. Do you deploy a web proxy / gateway solution? 39. Do you have a web application firewall solution deployed? 40. Do you have deployed a host based intrusion detection / intrusion prevention solution deployed to endpoint servers, desktops, laptops? 41. What is you endpoint security platform deployed on servers. desktops, laptops, and mobile devices? 42. What are your mission critical applications and the server operating systems running on? Please list and describe. i. Financial application ii. Web server environment iii. Staff Intranet iv. Public computing / print management v. ADFS/DirSync 43. What are your mission critical services and their operating underlying operating systems? AD, file, print, DCHP, DNS 2008, Please list all server operating systems deployed? The Library runs a mix of Windows and Linux. Additional details will be provided once a partner is selected.
7 45. Please list all desktop / laptops / tablet operating systems deployed? What is the total count of these systems? Windows 7 (1500), 8 (300) 46. What database platforms and releases you have deployed? SQL Server, MySQL 47. Do you have in production any advanced anti-malware such as Fireeye, PaloAlto, or Symantec ATP platforms? 48. Please provide information if load balancers are deployed and the platform and software release running? 49. Are you using netflow collectors? 50. Please provide any key contextual details and additional information that will help us understand your key objectives for your Managed Security Services. Please see page 3 5 of the RFP. 51. We need the number of external IP s currently being utilized at Columbus Metropolitan Library. Thank you in advance for your timely response. Approximately First, can you clarify the goal of the security consulting work? The goal of the security consulting work is to work with a chosen partner who will support the Library to enhance its IT security posture as well as reduce Information Security risk. We see this happening through general advising, policy and procedure development, threat intelligence, and incident management and response. Is it meant specifically to identify gaps in the program that will impede the managed services transition?
8 No, this should be performed as a discovery function as part of a managed services proposal. Or is it meant to help shore up additional security program elements that will remain a responsibility of Library staff? Yes. The consulting partnership will help to enhance security program elements that will remain a responsibility of the Library. 53. Are you looking to add outside resources to assist in developing and operating the security program? Not outside of the selected partner(s) recommendations or resources. 54. Can you also give us a better understanding of the current program and its major components? You list it as security practices in the Appendix A can you list those out for us to better understand your intent? This includes governance, incident response, policies, procedures, and standards. The Library has standard Information Security technology in place including firewall, antivirus, web filtering, malware protection, and log/event management. 55. What drives the program today? What compliance initiatives are you concerned about? Compliance and organizational risk drives the program today. 56. If already developed, what security framework are you following (ISO, NIST, etc)? The Library is seeking recommendations as part of this engagement. 57. How many full time IT security resources are there and their responsibilities? IT security is a duty that all technical staff are responsible for. We do not have an FTE 100% focused on Information Security. 58. Can you give us a list of policies, procedures, standards that already are in existence? No. This will be shared once a partner is selected.
9 59. Do you leverage threat intelligence already today? In what forms do you take in threat intelligence? If so, in what capacity/tools? How are you envisioning it in the future? The Library leverages threat intelligence today through various mediums. In the future the Library envisions having a partner as a primary go-to to fill this need. 60. Generally speaking, what type of incidents do you experience? Are these generic issues such as malware infection and cleanup? Or are they insider or outsider threat type of issues? Recent events include malware, virus, and phishing attempts. 61. Appendix A Section 1 seems to imply that you are looking for someone to assess the library and its overall practice, provide guidance to the program through a set of projects and reassess as deemed appropriate. Much of this falls into the category of security management. Who would the outsourcer be advising through this series of practice improvements? Advising would be delivered to various stakeholders including, but not limited to, the project team, the Library s Strategic Planning Team, and/or the Library s Board of Trustees. 62. Is this feeding your own risk management practices? Do you follow a specific risk management framework and if so, which one? Yes. More details about the Library s risk management will be shared once a partner is selected. 63. What is your expectation for the scanning activities? Can you give an estimate to the frequency and scope of the following types of scans: External vulnerability scan - Annually Internal network vulnerability scan - Quarterly Network penetration testing - Annually Web application assessment - Annually
10 64. What type of output are you expecting? Something on line? Automated and formatted data from the scan? Or are you looking for analysis from security consultants and a tailored/custom report for each? Not all reports would need to be tailored / customized. As long as the output can be downloaded / exported we are open to various mediums. 65. Can you please elaborate on the technical specifications around the IaaS scenario that you are trying to describe (ie. what type of network resources and operations would you foresee moving to an IaaS environment?). The Library is currently investigating IaaS solutions. In the future, the Library may move its virtual server infrastructure to an IaaS provider. 66. Are you looking for a single provider to cover all aspects? The Library is seeking proposals from firms which can provide security consulting / practice development and/or managed security services. Multiple awards could be provided if the Library feels this is the best most advantageous approach. 67. What is the initial term for this contract if selected? The contract term will be discussed once a partner is selected. Appendix B of the RFP states pricing for a 12 month period should be provided. 68. Are you expecting to award this contract in phases for ex. the security consulting/development phase would be selected first and then based on how the findings from that project turn out then the managed services part of the project would be phase 2, etc., can you provide more guidance here? The Library will move forward with an approach that is deemed most advantageous based on the responses received. 69. Are all Services Centralized for the 25 locations? Yes. 70. Can you provide an overview of your current IT architecture firewall, network devices, IPS/IDS, wireless, etc.? What requirement will the old architecture place on this bid and the associated services to be delivered? Please see page 3 of the RFP. Additional details will be provided once a partner is selected.
11 71. What services are you referencing here? - This partner would provide implementation resources that would work closely with the Library infrastructure resources. Are the Services to be part of the contract? The Library is stating that if there will be implementation work as part of the proposed solution, the Library would expect partner resources to work with Library resources to implement the solution. Services should be detailed in the proposal. 72. If there are 25 locations as stated on Page 3, lower on the Page it says there are 22 Branch locations. If the operations Center is the 23rd, what are the other two? The other locations support administrative functions. The Library currently has 22 branch locations. 73. Is the Cisco Wireless Meraki? No. 74. How old is the Cisco Network Infrastructure Equipment? If the plan was first put together in 2003, this would (most likely) infer that the infrastructure needs to be updated. Is the design and architecture to be handled outside the RFP Information Security Consulting? The Cisco Infrastructure equipment is 4-6 years old. None of the Library s network infrastructure is EOL. 75. Do you currently have policies and procedures that the winning bid will maintain, update and create and new policies? Yes. The Library may seek input and guidance on policy, procedure, and practice creation and updates. 76. Do you currently have an incident management and response plan? Will the winning bidder be responsible for maintaining and updating, keeping current? Yes. The Library may seek input and guidance on maintaining and updating its incident management and response plan. 77. Are you using any log management application currently? Solarwinds Log and Event Manager. 78. What products are being used under Desktop and Server Protection? Antivirus, malware protection, and Web filtering.
12 79. Page 5, the contractor shall complete a discovery phase to capture the current state of their infrastructure is this billable? Service rates and charges shall be all inclusive. 80. What does MBE/DBE/WBE stand for (page 5) I assume Minority/Disabilities/Women? Minority Business Enterprise Disadvantaged Business Enterprise Women Business Enterprise 81. On-going/regular vulnerability scanning, what is the goal for performing this service? To mitigate risk and meet compliance standards. 82. Database security, what does that mean? Ensuring security controls to protect databases are in place. 83. What is your current definition of penetration scanning for ex. authenticate versus nonauthenticate scanning? The Library would be seeking recommendations from the selected partner as to which level of penetration scan should be performed. 84. Page 10, what is your definition of persistent default (can you provide some examples)? Contractor repeatedly misses deadlines. Contractor fails repeatedly to meet requirements of the contract. Repeated breaches by contractor to agree-to terms and conditions. 85. If select, when do you want to start this effort? ASAP once a partner is selected and a contract is in place. 86. There was no specific discussion on SLA s anywhere; do you have any specifics in mind here? Please provide your capabilities in your response.
13 Goal of the Engagement: 87. Clarify: what do ""Security Services"" and ""Highly Secure"" mean to CML (Setting our Expectations) Security Services are to include points 1-6 on page 4. Highly secure means working with a partner to help ensure CML is meeting compliance standards and cost effectively developing and delivering an Information Security program to meet the needs of the organization while mitigating risk. 88. We expect that there are publicly usable Internet workstations, but are there other services and applications in scope (i.e. Online catalog, e-library, fee collection that may fall under PCI-DSS requirements, etc.) Yes. 89. Is there currently, an existing security program and staff or are security responsibilities loosely defined and security operations best effort?"" The Library may seek input and guidance on policy, procedure, and practice creation to develop a more formalized security program. IT security is a duty that all technical staff are responsible for. We do not have an FTE 100% focused on Information Security. 90. Is there a manager, who has or will assume responsibility, for information security oversight? Yes 91. Have there been any prior assessments within the past 3-5 years and will those reports be provided?" Yes. Those reports can be provided once a partner is selected. 92. Could we obtain a Network Diagram? No. Please see page 3 of the RFP. Security Consulting/ Practice Development 93. Is there an existing security program and/or existing policies or procedures that provide some guidance? Yes, there are. The Library may seek input and guidance on policy, procedure, and practice creation to develop a more formalized security program.
14 94. Is there a particular program/control framework they have familiarity with (ISO, NIST, etc)? The Library is seeking recommendations as part of this engagement. 95. How many and what type of "publicly-facing services are in scope? Primarily web and authentication services. 96. Are there any system interconnections to other libraries or external entities/partners that would need to be considered? Yes 97. Log Management under Security Monitoring is called out, but there is no reference to the Log Management system being used. Can we please be provided with additional information around the Log Management platform? (Model, Version, etc ) The Library is using Solarwinds Log and Event Manager. The Library is seeking recommendations as part of this engagement. 98. In the section for Desktop and Server Protection Data Base Security is referenced. Can we better understand the infrastructure housing the data base? Would this be already what the customer called out to us as a critical server? The Library primarily uses Microsoft SQL Server and MySQL. 99. For Vulnerability Scanning can you verify the number of internal and external ip addresses would you like to have vulnerability scanning done for? (Most enterprises will have critical servers and network infrastructure devices included in this scanning) External 40 Internal For Vulnerability Scanning if we place one scanner will we be able to scan all internal address space in scope for this RFP? Yes 101. For the internal scanner appliance, would you prefer a physical appliance or a virtual appliance? (The virtual appliance runs on VMWare, Oracle VirtualBox, Citrix XenServer, and Microsoft Hyper-V) Physical appliance if not cost prohibitive.
15 102. For pen testing, we often utilize a sampling methodology to help an organization complete a cost effective penetration test of their environment. For example, if 100 web servers are all running Windows 2008R2 with IIS 7.0, the same vulnerabilities will likely be detected on all servers running the same software. By utilizing sampling, we can assess a smaller number of hosts and reduce the time and cost to the organization. With this knowledge, consider approximately how many live, "unique" hosts would be in scope for the penetration test to answer the next two questions. Total number of unique internal servers / IP addresses in scope for penetration testing? i. 150 Total number of unique externally reachable servers / IP addresses in scope for penetration testing? i. 30
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
QUESTIONS ANSWERS Q1 What is the goal of testing? A1 We engage in this type of testing to promote our own best practices and ensure our security posture is as it should be. Q2 No of active IP s (internal):
RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
HIPAA SECURITY RISK ANALYSIS FORMAL RFP ADDENDUM NUMBER: (2) August 1, 2012 THIS ADDENDUM IS ISSUED PRIOR TO THE ACCEPTANCE OF THE FORMAL RFPS. THE FOLLOWING CLARIFICATIONS, AMENDMENTS, ADDITIONS, DELETIONS,
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director
2015 007 After reviewing all the questions, the most common and relevant questions were chosen and the answers are below: 1. Is there a proposed budget for this RFP? No 2. What is the expect duration for
Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
QUESTIONS & RESPONSES #2 RFP / TITLE 070076 IT Cybersecurity Assessment and Plan CONTACT Michael Keim, CPPB, Sr. Contract Adminstrator EMAIL email@example.com PHONE NUMBER 253-428-8608 SUBMITTAL
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
McAfee Global Threat Intelligence File Reputation Service Best Practices Guide for McAfee VirusScan Enterprise Software Table of Contents McAfee Global Threat Intelligence File Reputation Service McAfee
We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business
Request for Proposal MDM0031012338 Offeror s Questions for RFP for Virtual Private Network Solution (VPN) 1. How much throughput must the VPN support long-term? Answer: 10 GB firewall, 4 GB 3DES/AES VPN
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
Ideas on Using Asset Criticality Inference (ACI) Through Gathering and Processing of Asset Contextual Utilizing Analytical Models and Processing Rules D. Grzetich 6/26/2013 The Problem We Face Today Security
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
Continuous Monitoring for the New IT Landscape July 14, 2014 (Revision 1) Table of Contents Introduction... 3 The New IT Landscape... 3 Gaps in the New IT Landscape... 5 Tenable s Continuous Monitoring
SIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK www.alienvault.com A Rose By Any Other Name SLM/LMS, SIM, SEM, SEC, SIEM Although the industry has settled on
Addendum 2 RFP # 13-10340-3950 SAP ERP SYSTEM AND INFORMATION SECURITY PROGRAM ASSESSMENTS Prospective Respondents: You are hereby notified of the following information in regard to the referenced RFP:
Vendor 1 QUESTION 1 If we have already filled out the vendor profile application, business tax declaration and local business forms will we need to fill them out again? 2 Is CCSF open to rolling up all
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
PCI Compliance - A Realistic Approach Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM firstname.lastname@example.org What What is PCI A global forum launched in September 2006 for ongoing enhancement
Technology Help Desk 412 624-HELP  technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
PCI-DSS Penetration Testing Adam Goslin, Co-Founder High Bit Security May 10, 2011 About High Bit Security High Bit helps companies obtain or maintain their PCI compliance (Level 1 through Level 4 compliance)
CITY OF FARMINGTON 800 Municipal Drive Farmington, NM 87401-2663 (505) 599-1373 Fax (505) 599-1377 http://www.fmtn.org REQUEST FOR PROPOSALS FOR Security Information and Event Management (SIEM) Hardware
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
Reduzca costos y la complejidad de la seguridad en su negocio Juan Carlos Carrillo Security Sales Leader Viernes, 11 de Septiembre de 2009 agenda 1 2 3 X-Force 2008 Trend & Risk Report Highlights IBM Security
REQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014 Q1) Page 2, Section A and Page 5, Section H --- Does the County desire only an assessment of compliance
EXTENDING THREAT PROTECTION AND WHITEPAPER CLOUD-BASED SECURITY SERVICES PROTECT USERS IN ANY LOCATION ACROSS ANY NETWORK It s a phenomenon and a fact: employees are always on today. They connect to the
PROTECTING YOUR ORGANIZATION SECURITY 2.0 LUNCHEON AGAINST CYBER THREATS Tommy Montgomery, Principal Consultant Viral Dhimar, Consultant Adam Ferguson, VP October 22, 2014 #SWCEvents Security 2.0: Next
Endpoint Security: Become Aware of Virtual Desktop Infrastructures! An Ogren Group Special Report May 2011 Executive Summary Virtual desktops infrastructures, VDI, present IT with the unique opportunity
CounselorMax and ORS Managed Hosting RFP 15-NW-0016 Posting Date 4/22/2015 Proposal submission deadline 5/15/2015, 5:00 PM ET Purpose of the RFP NeighborWorks America has a requirement for managed hosting
Find the needle in the security haystack Gunnar Kristian Kopperud Principal Presales Consultant Security & Endpoint Management Technology Day Oslo 1 Find the needle in the security haystack Manually deep
Sr.N RFP Clause Original Query Reply/Remark o. 1. Perform Incident Management with respect to the following: For Forensic Analysis of logs Please clarify the systems/devices Contain attacks through for
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments OVERVIEW This document explains the functionality of Security for Virtual and Cloud Environments (SVCE) - what
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
Configuring Virtual Switches for Use with PVS February 7, 2014 (Revision 1) Table of Contents Introduction... 3 Basic PVS VM Configuration... 3 Platforms... 3 VMware ESXi 5.5... 3 Configure the ESX Management
ICT budget and staffing trends in the UK Enterprise ICT investment plans to 2013 January 2013 TABLE OF CONTENTS 1 Trends in ICT budgets... 1 1.1 Introduction... 1 1.2 Survey demographics... 1 1.3 IT budget
TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to the Centre
Continuous Network Monitoring for the New IT Landscape March 16, 2015 (Revision 4) Table of Contents Introduction... 3 The New IT Landscape... 3 Gaps in the Modern IT Landscape... 5 Tenable s Five Critical
CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems Presenter: Matt Harkrider Founder, Alert Logic Who We Are: Corporate Fact Sheet Founded: 2002 Sample Customers: HQ: Houston,
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
with Cloud-Based Security Services > White Paper It s a phenomenon and a fact: employees are always on today. They connect to the network whenever they want, from wherever they happen to be, with laptops,
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
Your information systems are at the heart of your businesses daily operation. System down time costs businesses a significant amount of money each year. Most problems that cause down time can be prevented
Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon
Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population
Cybersecurity: An Innovative Approach to Advanced Persistent Threats SESSION ID: AST1-R01 Brent Conran Chief Security Officer McAfee This is who I am 2 This is what I do 3 Student B The Hack Pack I used
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
Is your business prepared for Cyber Risks in 2016 The 2016 GSS Find out Security with the Assessment Excellus BCBS customers hurt by security breach Hackers Access 80 Mn Medical Records At Anthem Hackers
Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the