STATEMENT OF WORK (SOW) for CYBER VULNERABILITY ASSESSMENT

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "STATEMENT OF WORK (SOW) for CYBER VULNERABILITY ASSESSMENT"

Transcription

1 1.0 Introduction UTILITIES desires to contract with a CONTRACTOR to conduct an in-depth cyber vulnerability assessment and physical penetration vulnerability assessment of our IT Infrastructure as outlined in the SOW. This document provides additional information that will allow a CONTRACTOR to understand the scope of this effort and develop a proposal in the format desired by UTILITIES. 2.0 Background Colorado Springs Utilities (UTILITIES) is a four-service municipal utility serving the City of Colorado Springs and various customers in El Paso County, Colorado. UTILITIES is interested in conducting a security assessment that will allow it to: Gain better understanding of potential corporate network vulnerabilities that may be visible internally and /or externally to the organization. Determine if the current wireless infrastructure is securely configured and deployed. Evaluate the security associated with public facing web applications used by both internal and external users. Evaluate the security associated with financial and asset management systems. Determine if the current physical security is effective by conducting physical access assessments. Determine if the current cyber security is effective by conducting cyber access assessments. Determine if the current organization security awareness is effective by conducting social engineering on users internal to the organization. These activities are part of UTILITIES ongoing desire to improve security and are focused on identifying the risk level UTILITIES is currently exposed to so an appropriate response to those threats can be developed. SOW # PR Page 1 of 9 Revision 10/2007

2 3.0 Scope The scope of this engagement is for a CONTRACTOR to perform a cyber and physical vulnerability assessment of UTILITIES assets. The assessment must determine vulnerabilities from both internal and external attack vectors. Those items deemed within the scope of this effort are the following: Web Application Penetration Testing to include any customer-facing, internet applications on the UTILITIES websites Wireless Network Assessment and Penetration Testing to include 30 UTILITIES Wireless Access Points Security Assessment and Penetration Testing to include UTILITIES outside-facing firewalls and network entry points Voice over IP Assessments and Penetration Testing to include WarDriving on a random number (not to exceed 100) of UTILITIES phone numbers Social Engineering Assessments to include information gathering on a random number (not to exceed 100) UTILITIES employees Physical Security Assessments and Penetration Testing to include physical access to three (3) UTILITIES facilities at the East Service Center, Utilities Customer Service Center, and the first five (5) floors of the Plaza building occupied by UTILITIES Financial and Asset Management Application Vulnerability Assessment and Penetration Testing on 55 Unix and Intel Systems Overall Information Security Risk Assessment to include an overall Security Gap Assessment at UTILITIES following industry best practices The assessment report for each of the above requests shall identify the vulnerability assessment process, document the assessment results, and recommend actions on how to remediate or mitigate vulnerabilities. These reports should be similar to each other and where overlap occurs they may be combined. The key goal of the CONTRACTOR in reporting the assessment results is to provide actionable information. The final assessment report shall identify the vulnerability assessment process, document the assessment results, and the recommended actions on how to remediate or mitigate vulnerabilities. The assessment report needs to show how that vulnerability can or cannot be exploited by a credible adversary. SOW # PR Page 2 of 9 Revision 10/2007

3 The CONTRACTOR shall: Attend a kickoff meeting Provide a draft and final project plan (in MSWord and MSProject format) for UTILITIES review and approval, Provide a draft and final test plan (in MSWord and MSVisio format) Provide a Vulnerability Assessment Provide a draft and final assessment report (in MSWord format), with a prioritized list of findings and recommendations Provide an executive briefing or summary. (in MS Power Point) to key UTILITIES staff, with prioritized findings and recommendations at a site selected by UTILITIES Allow contractor staff performing the assessment to be available to the UTILITIES staff with interpretation and clarification of assessment report findings not to exceed 10 hours effort over a 6-month period following the delivery of the final report UTILITIES will provide CONTRACTOR with a list of assets defined prior to the start of this engagement. IT Computer Access Request Cyber security DVD Course Facility Access Request Signed Acknowledgement of Special Procedures for Security Related Projects from Team Members A portion of the assessment testing shall need to be performed at UTILITIES facilities located in Colorado Springs in El Paso County, Colorado. 4.0 Tasks, Deliverables & Schedule Start Date: November 19, 2010 Project Completion Date: December 13, 2010 PROJECT PLAN and DELIVERABLE MILESTONES CONTRACTOR shall provide a detailed project plan in electronic format including task-level content incorporating Deliverable Milestones for each task listed below: Task No. Tasks/Activity/Service Start Date Completion Date Deliver a draft project plan as part of Contractor s proposal. Finalize the project plan no later than 10 business SOW # PR Page 3 of 9 Revision 10/2007

4 days after contract award. The project plan shall contain at a minimum: Revision/change record A detailed project approach A communications plan A detailed team roster with resumes of team members, skills detail of job classification, and a copy of background check verification for each team member Weekly status reports to include work planned, work completed, and any issues meeting project schedule or deliverables A risk identification plan identifying each potential project risk as well as actions for mitigating each risk. Any mitigation plans should take into account that system recovery back to baseline/healthy status is required, and should also ensure that only a minimum number of critical user functions are impacted Plans for the Contractor staff performing the assessment to be available to the UTILITIES staff with interpretation and clarification of assessment report findings not to exceed 10 hours effort over a 6-months period following the delivery of the final report Deliver a draft project schedule with the RFP. Finalize the project schedule no later than 10 business days after Combine with for scheduling SOW # PR Page 4 of 9 Revision 10/2007

5 contract award. The project schedule shall contain at a minimum: Revision/change record. A task driven schedule with deliverable milestones identified. Resources (team members) identified for each task Specific milestone tasks for: IT Computer Access Request Cyber security DVD Course Facility Access Request Signed Acknowledgement of Special Procedures for Security Related Projects from Team Members Deliver a draft test plan as part of Contractor s proposal. Finalize the test plan no later than 10 business days after contract award. The test plan shall contain at a minimum: A complete list of testing tools employed and the versions of those tools as part of the test plan Identification of all test equipment Identify whether or not the Contractor shall need permission to make changes to UTILITIES file systems and/or system configurations to include specific responsibility for backing out these changes Perform a Vulnerability Assessment and Penetration Test. Contractor shall, at a minimum: Perform testing in a manner that maintains data integrity Permit a UTILITIES representative to watch or monitor all assessment testing purpose. SOW # PR Page 5 of 9 Revision 10/2007

6 as requested Perform External Network Vulnerability Assessment and Penetration Testing Perform Internal Network Vulnerability Assessment and Penetration Testing Perform Web Application Penetration Testing Perform Wireless Assessment and Penetration Testing Perform Voice over IP Assessments and Penetration Testing Perform Social Engineering Assessments Perform Physical Security Assessments and Penetration Testing Perform Financial and Asset Management Application Vulnerability Assessment and Penetration Testing Perform Information Security Risk Assessment Provide UTILITIES a copy of the raw testing tools output Deliver a draft assessment report no later than 10 business days after the assessment has been performed. The assessment report shall contain at a minimum, a prioritized list of findings and recommendations to remediate or mitigate any vulnerabilities. 5.0 Key Project Staffing CONTRACTOR S Key Personnel. CONTRACTORS personnel assigned to this project are considered essential to the work being performed under this SOW, therefore, prior to the substitution of any of Contractor s personnel assigned to this project, CONTRACTOR shall provide two (2) weeks notification to UTILITIES SOW # PR Page 6 of 9 Revision 10/2007

7 in writing and shall submit written justification to permit evaluation of the impact on the project. No substitutions shall be made by CONTRACTOR without the written consent of UTILITIES. 6.0 Work Performance Location: All services shall be performed locally at Colorado Springs Utilities sites within El Paso County. Hours: All work shall be performed Monday through Friday during the hours of 8:00 AM and 5:00 PM (MDT) excluding CONTRACTOR s observed holidays. Any work outside normal business hours must be coordinated and approved by UTILITIES. No work for this SOW is scoped for weekend or holiday hours. 7.0 Security CONTRACTOR agrees that all resources assigned to this Project shall adhere to all UTILITIES security rules and regulations at all times and at all UTILITIES locations. CONTRACTOR shall have an administrative security program that clearly defines protection controls and implements security background checks for those contract agencies or services providers who shall need unescorted physical or electronic access. Additional requirements that the CONTRACTOR and UTILITIES Project Manager are responsible for include: IT Computer Access Request Cyber security DVD Course Facility Access Request Signed Acknowledgement of Special Procedures for Security Related Projects from Team Members 8.0 Changes In Scope Changes UTILITIES has expended great efforts in preparing this SOW and in attempting to describe as thoroughly the requirements therein; however, it is possible that some of the requirements might have been inadvertently omitted from the SOW. If any requirements have been overlooked that relate to, or are similar to, the requirements contained in the SOW, such requirements shall be deemed incorporated by this reference into the relevant SOW # PR Page 7 of 9 Revision 10/2007

8 portion of the SOW if those additional requirements do not impact time, schedules, resource allocation, or incur additional costs. Out of Scope Changes For all requests for services that are outside of the agreed upon scope and objectives contained in this SOW, the performance of such services shall require a mutually agreed upon Amendment to the SOW. UTILITIES shall not be liable for any out of scope work or services which are performed prior to the execution of the Amendment between the parties. 9.0 Acceptance Criteria and Testing Once the Acceptance Criteria and testing has been completed for each deliverable(s), or group of deliverables, CONTRACTOR will submit a completed Acceptance Form, Attachment A to this Statement of Work, to the UTILITIES Project Manager. Upon acceptance and execution of the Acceptance Form by the UTILITIES Project Manager, CONTRACTOR shall submit an invoice to UTILITIES for payment. INTENTIONALLY LEFT BLANK Acceptance Form on next page SOW # PR Page 8 of 9 Revision 10/2007

9 Date Issued: Contract number: Task Order Number: Location of Service Delivery: Colorado Springs, CO Deliverable/ Task No Description of Deliverable: Actual Start Date Date Complete Other Comments: SOW # PR Page 9 of 9 Revision 10/2007

STATEMENT OF WORK (SOW) Data Governance Tool

STATEMENT OF WORK (SOW) Data Governance Tool 1.0 Introduction Colorado Springs Utilities (UTILITIES) is a municipality owned four-service utility company, an enterprise of the City of Colorado Springs, located in Colorado Springs, Colorado. UTILITIES

More information

STATEMENT OF WORK (SOW) for Web Content Management System Professional Services

STATEMENT OF WORK (SOW) for Web Content Management System Professional Services 1.0 Introduction With electronic and social media becoming a more important part of our overall communications strategy, the Colorado Springs Utilities (UTILITIES) Internet site has become an even greater

More information

STATEMENT OF WORK (SOW) for LSF 9.0 Implementation

STATEMENT OF WORK (SOW) for LSF 9.0 Implementation 1.0 Introduction Colorado Springs Utilities (UTILITIES) requires professional services to assist in the upgrade from Lawson Environment version 8.0.3 to Lawson System Foundation (LSF) 9.0. This Statement

More information

- ATTACHMENT - PROGRAM MANAGER DUTIES & RESPONSIBILITIES MARYLAND STATE POLICE W00B0400021

- ATTACHMENT - PROGRAM MANAGER DUTIES & RESPONSIBILITIES MARYLAND STATE POLICE W00B0400021 - ATTACHMENT - PROGRAM MANAGER DUTIES & RESPONSIBILITIES MARYLAND STATE POLICE W00B0400021 About this document this is a detailed description of typical Project Manager (PM) duties, responsibilities, and

More information

ATTACHMENT 3 SPS PROJECT SENIOR PROGRAM MANAGER (SPM) DUTIES & RESPONSIBILITIES

ATTACHMENT 3 SPS PROJECT SENIOR PROGRAM MANAGER (SPM) DUTIES & RESPONSIBILITIES 1. ROLE DEFINITIONS ATTACHMENT 3 SPS PROJECT SENIOR PROGRAM MANAGER (SPM) DUTIES & RESPONSIBILITIES The purpose of this section is to distinguish among the roles interacting with the SPM obtained through

More information

Statement of Work RFP-DF-96217 Virtual Desktop Infrastructure

Statement of Work RFP-DF-96217 Virtual Desktop Infrastructure Statement of Work RFP-DF-96217 Virtual Desktop Infrastructure 1.0 Introduction Colorado Springs Utilities (UTILITIES) desires to contract with a reputable firm for the purchase and implementation of a

More information

Senior Security Analyst

Senior Security Analyst Senior Security Analyst REQUEST FOR QUOTATION Minority Business Enterprise (MBE) ONLY State Term Schedule Page 1 of 13 Table of Contents INTRODUCTION AND BACKGROUND...3 PURPOSE OF THE REQUEST FOR QUOTATION...3

More information

G-Cloud Definition of Services Security Penetration Testing

G-Cloud Definition of Services Security Penetration Testing G-Cloud Definition of Services Security Penetration Testing Commercial in Confidence G-Cloud Services An Overview Inner Security is a leading CREST registered information security services provider. We

More information

Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015

Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015 Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015 UPDATE HISTORY: 10/21/2015 10/30/2015 11/5/2015 Questions submitted by Proposers All proposers should reference the following

More information

REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER

REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER OCTOBER 18, 2013 1 Table of Contents I. EXECUTIVE OVERVIEW... 3 II. BACKGROUND... 3 A. Goals & Objective of Request... 3 B. Project Scope... 4

More information

SECURITY. Risk & Compliance Services

SECURITY. Risk & Compliance Services SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize

More information

Request for Proposal Enterprise Information Technology Security Assessment

Request for Proposal Enterprise Information Technology Security Assessment Request for Proposal Enterprise Information Technology Security Assessment 1. Summary The Vermont Energy Investment Corporation (VEIC), a non-profit corporation, requests proposals for an Enterprise Information

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

ESKISP6055.01 Manage security testing

ESKISP6055.01 Manage security testing Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting

More information

UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034

UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034 UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034 REQUEST FOR PROPOSAL Information Technology Security Audit RFP#UCA-15-072 PROPOSALS MUST BE RECEIVED BEFORE:

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST

RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,

More information

National Cybersecurity Assessment and Technical Services

National Cybersecurity Assessment and Technical Services National Cybersecurity Assessment and Technical Services Updated: September 9, 2015 NCATS Program Overview Offer Full-Scope Red Team/Penetration Testing Capabilities through two primary programs: Risk

More information

Cyber attack on Twitter, 250,000 accounts hacked

Cyber attack on Twitter, 250,000 accounts hacked HEADLINES Impact and Cost At least 19 states have introduced or are considering security breach legislation in 2014. Most of the bills would amend existing security breach laws. According to the Ponemon

More information

211 LA County. Technology Infrastructure Assessment. Request for Proposals. August 2012 Request for Proposals- 211 LA County 1

211 LA County. Technology Infrastructure Assessment. Request for Proposals. August 2012 Request for Proposals- 211 LA County 1 211 LA County Technology Infrastructure Assessment Request for Proposals August 2012 Request for Proposals- 211 LA County 1 1. General conditions and proposers directions 1.1. Overview 1.1.1. 211 LA County

More information

Information Security Organizations trends are becoming increasingly reliant upon information technology in

Information Security Organizations trends are becoming increasingly reliant upon information technology in DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: sales@spentera.com Visit us: http://www.spentera.com Protect Your Business. Get Your Service Quotations Today! Copyright 2011. PT. Spentera. All Rights

More information

CWRU REC Answers to RFQ

CWRU REC Answers to RFQ CWRU REC Answers to RFQ 1) Should consultant resumes be included in the intent propose due on 9/24 or just include them in the actual proposal for 10/1? I have four resumes that I could present today based

More information

Project Update December 2, 2008 2008 Innovation Grant Program

Project Update December 2, 2008 2008 Innovation Grant Program Tri-University Vulnerability Scanning/Management Solution Project Update December 2, 2008 2008 Innovation Grant Program 1 Project Summary This grant application is part of a previous project report presented

More information

Best Practices for Threat & Vulnerability Management. Don t let vulnerabilities monopolize your organization.

Best Practices for Threat & Vulnerability Management. Don t let vulnerabilities monopolize your organization. Best Practices for Threat & Vulnerability Management Don t let vulnerabilities monopolize your organization. Table of Contents 1. Are You in the Lead? 2. A Winning Vulnerability Management Program 3. Vulnerability

More information

NOS for Network Support (903)

NOS for Network Support (903) NOS for Network Support (903) November 2014 V1.1 NOS Reference ESKITP903301 ESKITP903401 ESKITP903501 ESKITP903601 NOS Title Assist with Installation, Implementation and Handover of Network Infrastructure

More information

Information Technology Security Review April 16, 2012

Information Technology Security Review April 16, 2012 Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing

More information

Exhibit A to RFP-SG-107276 STATEMENT OF WORK (SOW) Banking Services

Exhibit A to RFP-SG-107276 STATEMENT OF WORK (SOW) Banking Services Exhibit A to RFP-SG-107276 STATEMENT OF WORK (SOW) Banking Services 1.0 Introduction 1.1 Purpose Colorado Springs Utilities (Utilities) is requesting proposals from interested banks for the provision of

More information

FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY. Request for Quote for Performance of Security Risk Assessment

FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY. Request for Quote for Performance of Security Risk Assessment FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY 1. Overview Request for Quote for Performance of Security Risk Assessment The Florida Agricultural and Mechanical University ( FAMU ) is seeking a qualified

More information

Request for Proposal (RFP) Black Forest Community Wildfire Protection Plan (CWPP) Update

Request for Proposal (RFP) Black Forest Community Wildfire Protection Plan (CWPP) Update Black Forest Together Inc. (BFT) 11590 Black Forest Road, Suite 30 Colorado Springs, CO 80908 719-495-2445 (office) Request for Proposal (RFP) Black Forest Community Wildfire Protection Plan (CWPP) Update

More information

Issue Date: March 4, 2014. Proposal Due Date: Tuesday, March 18, 2014 by 11:00 AM Mountain Time to:

Issue Date: March 4, 2014. Proposal Due Date: Tuesday, March 18, 2014 by 11:00 AM Mountain Time to: REQUEST FOR PROPOSALS (RFP) 15378A FOR DENVER WATER S Information Technology Third Party Patch Management Software Issue Date: March 4, 2014 Proposal Due Date: Tuesday, March 18, 2014 by 11:00 AM Mountain

More information

IT Project: System Implementation Project Template Description

IT Project: System Implementation Project Template Description 2929 Campus Drive Suite 250 IT Project: System Implementation Project Template Description Table of Contents Introduction... 2 Project Phases... 3 Initiation & Requirements Gathering Milestone... 3 Initiation

More information

Informal Written Quote (IWQ) 15-07. Business Continuity Planning Consultant Services

Informal Written Quote (IWQ) 15-07. Business Continuity Planning Consultant Services Informal Written Quote (IWQ) 15-07 Business Continuity Planning Consultant Services TABLE OF CONTENTS SECTION TITLE PAGE 1.0 INTRODUCTION 1 2.0 SCOPE OF WORK 1 3.0 SERVICES TO BE PROVIDED 2 4.0 STAFFING

More information

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014 National Cybersecurity Assessment and Technical Services: Capability Brief Presented by: Sean McAfee Updated: May 5, 2014 Program Overview Offer Full-Scope Red Team/Penetration Testing Capabilities Services

More information

IT Optimization Consulting Services for Organizational Change Management (OCM)

IT Optimization Consulting Services for Organizational Change Management (OCM) IT Optimization Consulting Services for Organizational Change Management (OCM) April 5, 2013 REQUEST FOR QUOTATION MINORITY BUSINESS ENTERPRISE (MBE) PREFERRED State Term Schedule Table of Contents 1.

More information

Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients

Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients Network Test Labs Inc. Head Office 170 422 Richards Street, Vancouver BC, V6B 2Z4 E-mail: info@networktestlabs.com

More information

Enterprise Information Technology Security Assessment RFP Answers to Questions

Enterprise Information Technology Security Assessment RFP Answers to Questions Enterprise Information Technology Security Assessment RFP Answers to Questions GENERAL QUESTIONS Q: How do the goals of the security assessment relate to improving the way VEIC does business? A: Security

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,

More information

Colorado Department of Health Care Policy and Financing

Colorado Department of Health Care Policy and Financing Colorado Department of Health Care Policy and Financing Solicitation #: HCPFRFPCW14BIDM Business Intelligence and Data Management Services (BIDM) Appendix B BIDM Project Phases Tables The guidelines for

More information

INFORMATION TECHNOLOGY ENGINEER V

INFORMATION TECHNOLOGY ENGINEER V 1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County

More information

Vulnerability management lifecycle: defining vulnerability management

Vulnerability management lifecycle: defining vulnerability management Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By

More information

Threat Management: Incident Handling. Incident Response Plan

Threat Management: Incident Handling. Incident Response Plan In order to meet the requirements of VCCS Security Standards 13.1 Reporting Information Security Events, and 13.2 Management of Information Security Incidents, SVCC drafted an (IRP). Incident handling

More information

About This Document. Response to Questions. Security Sytems Assessment RFQ

About This Document. Response to Questions. Security Sytems Assessment RFQ Response to Questions Security Sytems Assessment RFQ Posted October 1, 2015 Q: Which specific security assessment processes are sought for this engagement? The RFQ mentions several kinds of analysis and

More information

Looking at the SANS 20 Critical Security Controls

Looking at the SANS 20 Critical Security Controls Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of

More information

Consulting and Technical Services (CATS) Task Order Request for Proposals (TORFP)

Consulting and Technical Services (CATS) Task Order Request for Proposals (TORFP) Consulting and Technical Services (CATS) Task Order Request for Proposals (TORFP) MARYLAND DEPARTMENT OF THE ENVIRONMENT OFFICE OF INFORMATION TECHNOLOGY WEB REVAMP PROJECT PROJECT MANAGEMENT SUPPORT SERVICES

More information

SERVICES WORK ORDER. Effective date of this Work Order: Work Order Number:

SERVICES WORK ORDER. Effective date of this Work Order: Work Order Number: SERVICES WORK ORDER This Services Work Order ( Work Order or SOW ) is subject to all terms and conditions of the Software Services Agreement between Infor (US), Inc. ( Infor ) and ( Licensee ) with an

More information

Maintenance Service 1.1 ANNUAL PREVENTIVE MAINTENANCE 1.2 ON-SITE REMEDIAL SERVICES

Maintenance Service 1.1 ANNUAL PREVENTIVE MAINTENANCE 1.2 ON-SITE REMEDIAL SERVICES Maintenance Service Statement of Work 1.0 Executive Summary - 1 - UPS/PDU Advantage Ultra UPS/PDU Advantage Ultra Service Service Table of Contents 1.0 Executive Summary 2.0 Features & Benefits 3.0 Details

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011 NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011 Executive Summary BACKGROUND The NYS Local Government Vulnerability Scanning Project was funded by a U.S. Department of Homeland Security

More information

SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT

SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Angeline C. Peralez Date Issued: July 24, 2014 BID NO.: 14-6077 FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR THE ONE TIME PURCHASE OF NETWORK

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Request for Quote HIPAA Security Risk Analysis

Request for Quote HIPAA Security Risk Analysis Request for Quote Security Risk Analysis 4/26/13 Florida Department of Children and Families Purpose The Florida Department of Children and Families (DCF or the Department) is looking for a qualified information

More information

No.Ed.CIL/IS Unit/It Security/2014/1..April, 2014. Quotation for Security Audit for EdCIL house IT infrastructure.

No.Ed.CIL/IS Unit/It Security/2014/1..April, 2014. Quotation for Security Audit for EdCIL house IT infrastructure. TO No.Ed.CIL/IS Unit/It Security/2014/1..April, 2014 Subject: Quotation for Security Audit for EdCIL house IT infrastructure. Dear Sir, This Corporation is interested in security Audit of its IT infrastructure

More information

Pre-proposal Conference

Pre-proposal Conference Pre-proposal Conference RFP 1-15-C017 Office Of Technology Information Systems And Infrastructure Penetration Test January 08, 2015 Disclaimer The information contained in this presentation is for informational

More information

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN Independent Security Operations Oversight and Assessment Captain Timothy Holland PM NGEN 23 June 2010 Independent Security Operations Oversight and Assessment Will Jordan NGEN Cyber Security 23 June 2010

More information

Strategic Plan On-Demand Services April 2, 2015

Strategic Plan On-Demand Services April 2, 2015 Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on

More information

Law Enforcement Perceptions of Cyber Security

Law Enforcement Perceptions of Cyber Security Law Enforcement Perceptions of Cyber Security International Association of Chiefs of Police Canadian Association of Chiefs of Police May 2013 This study made possible through financial and program support

More information

City of Hapeville, GA VC3Advantage Work Order

City of Hapeville, GA VC3Advantage Work Order City of Hapeville, GA VC3Advantage Work Order ServiceAdvantage Work Order No. [ VC3INC-1097-62019 ] under the Master Services Agreement, dated. July 1, 2015 Atlanta Columbia Raleigh 1301 Gervais Street,

More information

Vendor Questions and Answers

Vendor Questions and Answers OHIO DEFERRED COMPENSATION REQUEST FOR PROPOSALS (RFP) FOR COMPREHENSIVE SECURITY ASSESSMENT CONSULTANT Issue Date: December 7, 2016 Written Question Deadline: January 11, 2016 Proposal Deadline: RFP Contact:

More information

Patch and Vulnerability Management Program

Patch and Vulnerability Management Program Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent

More information

State of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure. www.quotium.com 1/11

State of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure. www.quotium.com 1/11 State of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure www.quotium.com 1/11 Table of Contents 1 INTRODUCTION... 3 2 DO APPLICATIONS IN YOUR ORGANIZATION

More information

Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307

Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307 Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307 REQUEST FOR PROPOSAL Information Security Assessment/External Penetration Testing PROPOSALS MUST BE RECEIVED VIA EMAIL BEFORE:

More information

Backup & Storage Service Terms & Conditions

Backup & Storage Service Terms & Conditions Backup & Storage Service Terms & Conditions Issue Date: 19/10/12 Version: 1.4 Page 1 of 11 Schedule 2 Backup & Storage Service Terms & Conditions 1. Preamble 1.1. These Backup & Storage Service Terms &

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

Sample Statement of Work

Sample Statement of Work Sample Statement of Work Customer name Brad Miller brad@solidborder.com Fishnet Security Sample Statement of Work: Customer Name Scope of Work Engagement Objectives Customer, TX ( Customer or Client )

More information

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal

More information

REQUEST FOR PROPOSAL Licensed Childcare Provider Grantsville Elementary School Spring 2015

REQUEST FOR PROPOSAL Licensed Childcare Provider Grantsville Elementary School Spring 2015 REQUEST FOR PROPOSAL Licensed Childcare Provider Grantsville Elementary School Spring 2015 Deadline for Inquiries: Time and Date Set for Closing: February 23, 2015, 3:00 P.M. March 2, 2015, 3:00 P.M. Potential

More information

Minnesota Health Insurance Exchange Project (MNHIX) Deliverable Definition Document (DDD) For Project Management Plan Date: 07-31-2012

Minnesota Health Insurance Exchange Project (MNHIX) Deliverable Definition Document (DDD) For Project Management Plan Date: 07-31-2012 Minnesota Health Insurance Exchange Project (MNHI) Deliverable Definition Document (DDD) For Project Plan Date: 07-31-2012 11/9/2012 1:18 PM Page 1 of 8 1. High Level Deliverable Description The Project

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

STATE OF NEW JERSEY IT CIRCULAR

STATE OF NEW JERSEY IT CIRCULAR NJ Office of Information Technology P.O. Box 212 www.nj.gov/it/ps/ Chris Christie, Governor 300 River View E. Steven Emanuel, Chief Information Officer Trenton, NJ 08625-0212 STATE OF NEW JERSEY IT CIRCULAR

More information

Consulting and Technical Services (CATS) Task Order Request for Proposals (TORFP)

Consulting and Technical Services (CATS) Task Order Request for Proposals (TORFP) Consulting and Technical Services (CATS) Task Order Request for Proposals (TORFP) DEPARTMENT OF INFORMATION TECHNLOGY CENTRAL COLLECTIONS UNIT S (CCU) COLUMBIA ULTIMATE BUSINESS SYSTEM (CUBS) MODERNIZATION

More information

REQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014

REQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014 REQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014 Q1) Page 2, Section A and Page 5, Section H --- Does the County desire only an assessment of compliance

More information

FedRAMP Standard Contract Language

FedRAMP Standard Contract Language FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal

More information

Business Intelligence Data Analyst

Business Intelligence Data Analyst Business Intelligence Data Analyst REQUEST FOR QUOTATION Minority Business Enterprise (MBE) ONLY State Term Schedule Page 1 of 12 Table of Contents INTRODUCTION AND BACKGROUND...3 PURPOSE OF THE REQUEST

More information

Technical Support Services

Technical Support Services Description of Services Technical Support Services V2.0 October, 2013 KBZ Communications, Inc. Service Summary This document describes the service offerings of the KBZ ZCare Technical Support Program.

More information

Appendix A1 AUTOMATED EMPLOYEE SCHEDULING SYSTEM (AESS) PHASE I PILOT INSTALLATION. Statement of Work

Appendix A1 AUTOMATED EMPLOYEE SCHEDULING SYSTEM (AESS) PHASE I PILOT INSTALLATION. Statement of Work Appendix A1 AUTOMATED EMPLOYEE SCHEDULING SYSTEM (AESS) PHASE I PILOT INSTALLATION Statement of Work These requirements are intended to provide general information only and are subject to revision. The

More information

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE

More information

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Best Practices in ICS Security for System Operators. A Wurldtech White Paper Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

MICHIGAN DEPARTMENT OF TECHNOLOGY, MANAGEMENT AND BUDGET UCC and CPC MDOS Letters to FileNet PROJECT MANAGER STATEMENT OF WORK (SOW)

MICHIGAN DEPARTMENT OF TECHNOLOGY, MANAGEMENT AND BUDGET UCC and CPC MDOS Letters to FileNet PROJECT MANAGER STATEMENT OF WORK (SOW) MICHIGAN DEPARTMENT OF TECHNOLOGY, MANAGEMENT AND BUDGET UCC and CPC MDOS Letters to FileNet PROJECT MANAGER STATEMENT OF WORK (SOW) A Pre-Qualification Program was developed to provide a mechanism for

More information

Request for Resume (RFR) for Project Manager (Senior) CATS+ Master Contract All Master Contract Provisions Apply. Section 1 General Information

Request for Resume (RFR) for Project Manager (Senior) CATS+ Master Contract All Master Contract Provisions Apply. Section 1 General Information Request for Resume (RFR) for Project (Senior) Section General Information RFR Number: (Reference BPO Number) Functional Area (Enter One Only) Q00R00 BPO # 060B900 in ADPICS Functional Area 0 IT Management

More information

Minnesota Health Insurance Exchange (MNHIX)

Minnesota Health Insurance Exchange (MNHIX) Minnesota Health Insurance Exchange (MNHIX) 1.2 Plan September 21st, 2012 Version: FINAL v.1.0 11/9/2012 2:58 PM Page 1 of 87 T A B L E O F C O N T E N T S 1 Introduction to the Plan... 12 2 Integration

More information

G- Cloud Specialist Cloud Services. Security and Penetration Testing. Overview

G- Cloud Specialist Cloud Services. Security and Penetration Testing. Overview Description C Service Overview G- Cloud Specialist Cloud Services Security and Penetration Testing This document provides a description of TVS s Security and Penetration Testing Service offered under the

More information

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2 Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning

More information

ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151

ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151 ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151 HIPAA/HITECH/OMNIBUS Act Compliance Consulting Services TO: FROM: CLOSING DATE: SUBJECT: All Potential Responders Angie Williams, RFP Coordinator September 24,

More information

REQUEST FOR PROPOSAL RFP #12-004. For the Provision of After Hours Answering Services. Proposal Due Date/Time: October 19, 2012 @ 4:00 p.m.

REQUEST FOR PROPOSAL RFP #12-004. For the Provision of After Hours Answering Services. Proposal Due Date/Time: October 19, 2012 @ 4:00 p.m. REQUEST FOR PROPOSAL RFP #12-004 For the Provision of After Hours Answering Services Proposal Due Date/Time: October 19, 2012 @ 4:00 p.m. Children s Aid Society of London and Middlesex 1680 Oxford Street

More information

REQUESTS FOR PROPOSAL (RFP) FOR UTILITY RATE CONSULTING SERVICES FOR THE CITY OF FORT MORGAN

REQUESTS FOR PROPOSAL (RFP) FOR UTILITY RATE CONSULTING SERVICES FOR THE CITY OF FORT MORGAN REQUESTS FOR PROPOSAL (RFP) FOR UTILITY RATE CONSULTING SERVICES FOR THE CITY OF FORT MORGAN INTRODUCTION The intent of this Request for Proposal is to retain a qualified person, firm, or corporation,

More information

Minnesota Department of Employment and Economic Development (DEED) Project: Web Application Security Assessment. DEED Answers to Vendor s Questions

Minnesota Department of Employment and Economic Development (DEED) Project: Web Application Security Assessment. DEED Answers to Vendor s Questions Minnesota Department of Employment and Economic Development (DEED) Project: Web Application Security Assessment DEED Answers to Vendor s Questions Friday, 10 September 2010 1. Has data classification been

More information

4 Testing General and Automated Controls

4 Testing General and Automated Controls 4 Testing General and Automated Controls Learning Objectives To understand the reasons for testing; To have an idea about Audit Planning and Testing; To discuss testing critical control points; To learn

More information

Request for Proposal IP Phone System Upgrade

Request for Proposal IP Phone System Upgrade SECTION A GENERAL INFORMATION Request for Proposal IP Phone System Upgrade 1. Purpose Mesa County Public Library District (MCPLD) is requesting bid proposals for an IP Phone System Upgrade. 2. List of

More information

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Security. Security consulting and Integration: Definition and Deliverables. Introduction Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data

More information

Information Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014

Information Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014 QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

CONTRA COSTA MOBILITY MANAGEMENT INVENTORY AND PLAN CENTRAL CONTRA COSTA TRANSIT AUTHORITY. REQUEST FOR PROPOSALS September 2011

CONTRA COSTA MOBILITY MANAGEMENT INVENTORY AND PLAN CENTRAL CONTRA COSTA TRANSIT AUTHORITY. REQUEST FOR PROPOSALS September 2011 CONTRA COSTA MOBILITY MANAGEMENT INVENTORY AND PLAN CENTRAL CONTRA COSTA TRANSIT AUTHORITY REQUEST FOR PROPOSALS September 2011 CCCTA 2477 Arnold Industrial Way Concord, CA 94520 SECTION I: Introduction

More information

Goals. Understanding security testing

Goals. Understanding security testing Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3

More information

Department of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review DCF Answers to Vendor Questions

Department of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review DCF Answers to Vendor Questions Department of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review s to Vendor Questions Questions as Submitted by Vendors (Duplicates omitted) 1. Have controls

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

Request for Proposal Finance and Corporate Services Department

Request for Proposal Finance and Corporate Services Department Request for Proposal Finance and Corporate Services Department Project Manager for Richmond Fire Rescue Scheduling Software 1. Introduction 1.1 The City of Richmond (the City ) proposes to engage the services

More information

Memorandum. 1. Introduction

Memorandum. 1. Introduction Memorandum To: Mississippi Government IT Directors and Purchasing Agents From: Craig P. Orgeron, Ph.D. Date: April 22, 2015 (Revised June 29, 2015) Re: Security Assessment Services RFP No. 3735 Instructions

More information

Specialist Cloud Services. Acumin Cloud Security Resourcing

Specialist Cloud Services. Acumin Cloud Security Resourcing Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting

More information