Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015
|
|
- Maximilian Leonard
- 8 years ago
- Views:
Transcription
1 Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015 UPDATE HISTORY: 10/21/ /30/ /5/2015
2 Questions submitted by Proposers All proposers should reference the following list of questions that arose during the Draft SOW Review process. This list will be updated with new questions and answers as needed, sorted by date with the most recent appearing first. Added 11/5/2015: 1. Q: Does the city subscribe to certain information security frameworks for informing security policy and controls implementation and management? If so, please identify such frameworks. Please also identify federal, state, or other policies and controls and any related regulations. Are they readily available for review as part of the assessment? If the maturity assessment is the evaluation of IT security policies, controls, regulations, and their measure of effectiveness as compared to specifications of certain federal, state, or other policies, procedures, regulations and/or industry frameworks (such as NIST CSF), then please indicate the quantity of and breadth of those policies, controls, regulations, and industry frameworks. A: We are relying on the security assessment consultant to identify federal and state regulations and/or industry frameworks applicable to the City, and to assess our compliance with them. 2. Q: Will the outsourced IT Provider s staff be part of the assessment and available for interviews? A: Yes, they will be available during the assessment. 3. Q: Is there an internal information security team? If so, how many members? A: The City outsources IT security to our partner SIGMAnet who provides all computer and network system support. There is no City-only (what we would consider internal ) security team. 4. Are there any third parties vendors that need to be included as part of the assessment. If so, please describe. 5. Is there risk management committee or group (formal or informal)? Please briefly describe.
3 6. Is there a structured risk management program that includes a method for assessing risk? Please briefly describe. Added 10/30/2015: 1. Q: We need some more clarification regarding the Hardware Resilience Testing. Is this a firewall review? Or is it a pen test that includes routers, switches, firewalls, and servers? Please provide more context around desired testing and types of devices in scope. Do you want exploitation? A: The latter a safe penetration test. We don t want our systems brought down, but do want the configurations reviewed and tested. No exploitation. 2. Q: How many IP addresses are in scope for the internal network pen test? A: 1/24 3. Q: How many IP addresses are in scope for the external network pen test? A: 9/24 4. Q: Is social engineering strictly electronic? If so, how many users are in scope for testing? If in-person social engineering is desired, how many locations are in scope? A: We are open to suggestions for social engineering testing from the proposers, based on their experience. 5. Q: Please provide us with a total number of employees and total number of locations, and we can provide a suggestion off of that. A: The City employs 64 full-time staff, an equal number of part-time staff, and a variable number on-site contractors. Approximately staff access the City s computers each day. There are also two supervised computer training rooms open to the public. The City has three staffed locations. [Answered in the RFP] Added 10/21/2015: 1. Q: In Appendix D Section C Project Proposal Evaluation Criteria states: Proposals will be evaluated using three (3) sets or criteria but only lists two (2). Please confirm the third criteria. A: This statement in the RFP refers to Appendix D, C.2: Qualitiative Evaluation, which looks at the following 3 criteria: a. Expertise and Experience
4 b. Scope of Work c. Allocation of Resources Added 10/20/2015: 1. Q: Are there any databases in scope and if so what types? A: Yes. The City has three Windows database servers and a total of six SQL databases. 2. Q: Are there internally developed applications in scope? 3. Q: Are there specific types of regulations that have to be met such as California SAM, HIPAA, ISO/IEC 27001, or NIST , Revision 4? A. The City manages limited PII for employees, and none for residents and other constituents. Proposers should reference any relevant regulations. 4. Q: How many externally-facing systems are in scope of the vulnerability assessment scanning and penetration testing activities? A. Yes, one externally facing /24 IP range to be scanned. 5. Q: Is social engineering in scope and if so, what forms of social engineering are requested - spear phishing? Phone-based attacks? Impersonation? USB stick drops? What is the sample size for each technique? A: Yes social engineering is in scope. The proposers should suggest one or more methods and sample size. 6. Q: Is there a minimum/maximum amount of references city wants proposer to list? A: There is no upper or lower limit. The RFP asks for all references of similar work performed within the last five years. 7. Q: The first bullet of the Summary of Scope of Work, mentions social engineering test. What type of social engineering test is the City expecting spear phishing? Phone-based attacks? Impersonation? USB stick drops? Sample size for each technique and is it limited to City Hall staff only or will staff from the other locations be included? A: Social Engineering is in scope including staff from all facilities. We request the proposer s recommendation based on experience with similar organizations. We have previously conducted an spear phishing test.
5 8. Q: How many network devices are in scope for the infrastructure testing? A: Please refer to the revised table in the RFP Section 5: Scope of Work 9. Q: Does the City want us to test for susceptibility to Denial of Service attacks? The City web site is hosted by Civic Plus and testing the City web site is out of scope. 10. Q: Is wireless penetration testing in scope? If yes, how many networks are in scope? A: Yes, each facility has WiFi and there are a total of six SSIDs. 11. Q: How many servers in total does the City have? (Please breakdown physical vs virtual.) What Operating Systems are in use? A: Please refer to the revised table in the RFP Section 5: Scope of Work 12. Q: How many IT staff are there and what are their positions? A: There is one full-time position: IT Manager. The City outsources its IT functions. Please see the RFP Section 5: Scope of Work for details. 13. Q: How many end users are there? A: There are about 120 system users. See the RFP Section 5: Scope of Work for additional detail. 14. Q: What is the City s expected start date? A: The City expects to have the Agreement executed no later than March 7, 2016 and wishes to start as soon as possible after that date. 15. Q: When does the City require the final report to be delivered? A: The City requires the Assessment final report to be delivered within 90 days of executing the Agreement. 16. Q: Should the vendor budget for presentation meetings to City Council? If yes, how many meetings? A: There are no plans for presentation to City Council, only to to City management staff.
6 17. Q: Is the focus of the Hardware Resiliency Testing deliverable to validate compliance of configurations with current policy, or to identify vulnerabilities in, and attempt penetration of, weaknesses in device configurations? A: To identify vulnerabilities in, and attempt penetration of, weaknesses in device configurations 18. Q: Is the focus of the Identity Management Assessment deliverable to locate sensitive data in systems or to assess the adequacy of current identity management practices? A: To assess the adequacy of current identity management practices. 19. Q: Is the focus of the Password Testing deliverable to determine compliance with current password policies or to attempt to crack as many weak passwords as possible? A: Both 20. Q: Is the Security Policy Testing and IT Security Governance deliverable limited to City Hall policies only? A: City Hall policies apply to all three City sites. Other sites only need to be tested to the extent applicable. 21. Q: Does the City expect the executive summary/outbriefing to be conducted in person or will a remote web conference be acceptable? A: The City requests the final report to be conducted in person to facilitate discussion, with any follow-up discussions to be conducted by phone or internet conference. If proposers desire an exception it can be discussed during the interview. 22. Q: What is the City s budget for this project? A: The City s budget for this project is $30,000.
About This Document. Response to Questions. Security Sytems Assessment RFQ
Response to Questions Security Sytems Assessment RFQ Posted October 1, 2015 Q: Which specific security assessment processes are sought for this engagement? The RFQ mentions several kinds of analysis and
More informationRFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST
RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,
More informationPHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015
QUESTIONS ANSWERS Q1 What is the goal of testing? A1 We engage in this type of testing to promote our own best practices and ensure our security posture is as it should be. Q2 No of active IP s (internal):
More informationQUESTIONS & RESPONSES #2
QUESTIONS & RESPONSES #2 RFP / TITLE 070076 IT Cybersecurity Assessment and Plan CONTACT Michael Keim, CPPB, Sr. Contract Adminstrator EMAIL procurement@portoftacoma.com PHONE NUMBER 253-428-8608 SUBMITTAL
More informationAddendum #2 Date: March 10, 2014. City of Memphis Network Penetration Services. RFQ # SAIC CoM 2014 RG R85393. Issue Date: January 31, 2014
Addendum #2 Date: March 10, 2014 City of Memphis Network Penetration Services Issue Date: January 31, 2014 Original Response Date: February 21, 2014 New Response Date: March 21, 2014 This addendum has
More informationAfter reviewing all the questions, the most common and relevant questions were chosen and the answers are below:
2015 007 After reviewing all the questions, the most common and relevant questions were chosen and the answers are below: 1. Is there a proposed budget for this RFP? No 2. What is the expect duration for
More informationVendor Questions and Answers
OHIO DEFERRED COMPENSATION REQUEST FOR PROPOSALS (RFP) FOR COMPREHENSIVE SECURITY ASSESSMENT CONSULTANT Issue Date: December 7, 2016 Written Question Deadline: January 11, 2016 Proposal Deadline: RFP Contact:
More informationRequest for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP #12-680-004. Addendum 1.0
Request for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP #12-680-004 Addendum 1.0 ISSUE DATE: February 23, 2012 Receipt of this addendum should be acknowledged on the Proposal Form. Inquiries
More informationADDENDUM #1 REQUEST FOR PROPOSALS 2015-151
ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151 HIPAA/HITECH/OMNIBUS Act Compliance Consulting Services TO: FROM: CLOSING DATE: SUBJECT: All Potential Responders Angie Williams, RFP Coordinator September 24,
More informationUNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034
UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034 REQUEST FOR PROPOSAL Information Technology Security Audit RFP#UCA-15-072 PROPOSALS MUST BE RECEIVED BEFORE:
More informationEnterprise Information Technology Security Assessment RFP Answers to Questions
Enterprise Information Technology Security Assessment RFP Answers to Questions GENERAL QUESTIONS Q: How do the goals of the security assessment relate to improving the way VEIC does business? A: Security
More informationCITY OF CORONA RFP 15-005SB. ADDENDUM No. 2
CITY OF CORONA ADDENDUM No. 2 Purchasing Division (951) 736-2272 400 S. Vicentia Ave., Ste. 320 purchasing@discovercorona.com Corona, CA 92882 09/22/2014 Scott Briggs Addendum No. 2 for the Evaluation
More information1. Why is the customer having the penetration test performed against their environment?
General Questions 1. Why is the customer having the penetration test performed against their environment? Assess vulnerabilities in order to improve security and protect client information. 2. Is the penetration
More information1. How many user roles are to be tested in Web Application Penetration testing? 1. 2. Provide the approx. no. of input fields in the web application?
Below are all the questions that were submitted. This is the District s first security assessments and the District is looking to qualified firms to assess our systems. As it states in the RFQ, technical
More informationPenetration Testing. I.T. Security Specialists. Penetration Testing 1
Penetration I.T. Security Specialists ing 1 about us At Caretower, we help businesses to identify vulnerabilities within their security systems and provide an action plan to help prevent security breaches
More informationGUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT
GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology A comprehensive approach
More informationCNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:
1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus
More informationProfessional Services Overview
Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded
More informationDepartment of Management Services. Request for Information
Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley
More informationSAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT
SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Angeline C. Peralez Date Issued: July 24, 2014 BID NO.: 14-6077 FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR THE ONE TIME PURCHASE OF NETWORK
More informationInformation Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationRFQ No. 1-13-B134 Payment Card Industry (PCI) Scanning Services for the Metropolitan Washington Airports Authority
Questions and Answers RFQ No. 1-13-B134 Payment Card Industry (PCI) Scanning Services for the Metropolitan Washington Airports Authority Notice: Questions may have been edited for clarity and relevance.
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More information2 0 1 4 F G F O A A N N U A L C O N F E R E N C E
I T G OV E R NANCE 2 0 1 4 F G F O A A N N U A L C O N F E R E N C E RAJ PATEL Plante Moran 248.223.3428 raj.patel@plantemoran.com This presentation will discuss current threats faced by public institutions,
More informationLeader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307
Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307 REQUEST FOR PROPOSAL Information Security Assessment/External Penetration Testing PROPOSALS MUST BE RECEIVED VIA EMAIL BEFORE:
More informationPenetration Testing. Presented by
Penetration Testing Presented by Roadmap Introduction to Pen Testing Types of Pen Testing Approach and Methodology Side Effects Demonstration Questions Introduction and Fundamentals Penetration Testing
More informationPCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS
PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS CIVICA Conference 22 January 2015 WELCOME AND AGENDA Change is here! PCI-DSS 3.0 is mandatory starting January 1, 2015 Goals of the session
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationAddendum No. 2 RFP # 13-10340-3950 SAP ERP SYSTEM AND INFORMATION SECURITY PROGRAM ASSESSMENTS
Addendum 2 RFP # 13-10340-3950 SAP ERP SYSTEM AND INFORMATION SECURITY PROGRAM ASSESSMENTS Prospective Respondents: You are hereby notified of the following information in regard to the referenced RFP:
More informationNETWORK PENETRATION TESTING
Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationPCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com
PCI Compliance - A Realistic Approach Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com What What is PCI A global forum launched in September 2006 for ongoing enhancement
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationCybersecurity Strategy
SYSTEM SOFT TECHNOLOGIES Cybersecurity Strategy Overview With the exponential growth of cyberspace over the past two decades has come increasing risk of data security breaches involving sensitive and private
More informationNetwork Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients
Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients Network Test Labs Inc. Head Office 170 422 Richards Street, Vancouver BC, V6B 2Z4 E-mail: info@networktestlabs.com
More informationRFP # 15-74 Provide Information Security Assessment and Penetration Testing Due August 11, 2015 at 2:00PM (CST)
August 6, 2015 McHenry County Government Center Purchasing Department Donald Gray, CPPB, Director of Purchasing 2200 N Seminary Avenue Administration Building Room 200 Woodstock, IL 60098 Phone: 815-334-4818
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationREQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014
REQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014 Q1) Page 2, Section A and Page 5, Section H --- Does the County desire only an assessment of compliance
More informationHIPAA SECURITY RISK ANALYSIS FORMAL RFP
HIPAA SECURITY RISK ANALYSIS FORMAL RFP ADDENDUM NUMBER: (2) August 1, 2012 THIS ADDENDUM IS ISSUED PRIOR TO THE ACCEPTANCE OF THE FORMAL RFPS. THE FOLLOWING CLARIFICATIONS, AMENDMENTS, ADDITIONS, DELETIONS,
More informationNational Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference...
NEA OIG Report No. R-13-03 Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning to detect vulnerabilities... 2 Area
More informationExperiences from Educating Practitioners in Vulnerability Analysis
Experiences from Educating Practitioners in Vulnerability Analysis Abstract. This paper presents experiences from a vulnerability analysis course especially developed for practitioners. The described course
More informationOVERVIEW. We seek consultative services that would deal with the following objectives:
Massachusetts College of Art and Design - Framingham State University CISO and Managed Information Security Services RFP 13-07 Attachment #1 - Specifications and Descriptions of Services OVERVIEW In an
More informationHow To Ensure The C.E.A.S.A
APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT TUGeneral TUSecurity TURequirements TUDesign TUIntegration
More informationSTATE OF NEW JERSEY IT CIRCULAR
NJ Office of Information Technology P.O. Box 212 www.nj.gov/it/ps/ Chris Christie, Governor 300 River View E. Steven Emanuel, Chief Information Officer Trenton, NJ 08625-0212 STATE OF NEW JERSEY IT CIRCULAR
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop Small Agency Threat and Vulnerability Management Policy May 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationIntroduction and Background
Request for Bid Network Security Assessment March 28, 2016 Introduction and Background Purpose of the Request for Proposal The Library Network operates a wide area telecommunications network for 70 public
More informationSTATEMENT OF WORK (SOW) for CYBER VULNERABILITY ASSESSMENT
1.0 Introduction UTILITIES desires to contract with a CONTRACTOR to conduct an in-depth cyber vulnerability assessment and physical penetration vulnerability assessment of our IT Infrastructure as outlined
More informationAn Introduction to Network Vulnerability Testing
CONTENTS Introduction 3 Penetration Testing Overview 4 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and Delivering Results 6 VeriSign SecureTEST 7 Common Vulnerability
More information9 Simple steps to secure your Wi-Fi Network.
9 Simple steps to secure your Wi-Fi Network. Step 1: Change the Default Password of Modem / Router After opening modem page click on management - access control password. Select username, confirm old password
More informationPenetration Testing. Request for Proposal
Penetration Testing Request for Proposal Head Office: 24 - The Mall, Peshawar Cantt, 25000 Khyber Pakhtunkhwa, Islamic Republic of Pakistan UAN: +92-91-111-265-265, Fax: +92-91-5278146 Website: www.bok.com.pk
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More information11th AMC Conference on Securely Connecting Communities for Improved Health
11th AMC Conference on Securely Connecting Communities for Improved Health Information Security Testing How Do AMCs Ensure Your Networks are Secure June 22, 2015 Ray Hillen, Dennis Schmidt, Adam Bennett
More informationPayment Card Industry Self-Assessment Questionnaire
How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.
More informationResponse to Questions CML 15-018 Managed Information Security
Response to Questions CML 15-018 Managed Information Security 1. What are the most critical aspects that need to be provided for this RFP, in light of the comment that multiple awards might be provided?
More informationSENIOR SYSTEMS ANALYST
CITY OF MONTEBELLO 109 DEFINITION Under general administrative direction of the City Administrator, provides advanced professional support to departments with very complex computer systems, programs and
More informationRequest for Proposals on Security Audit Services
Request for Proposals on Security Audit Services Version 1.0 Date: 16 December 2011 Hong Kong Internet Registration Corporation Limited Unit 2002-2005, 20/F ING Tower, 308 Des Voeux Road Central, Sheung
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationSpokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A
Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Request for Proposals (RFP) for PCI DSS COMPLIANCE SERVICES Project # 15-49-9999-016 Addendum #1 - Q&A May 29,
More informationNETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER
A C a s e s t u d y o n h o w Z e n Q h a s h e l p e d a L e a d i n g K - 1 2 E d u c a t i o n & L e a r n i n g S o l u t i o n s P r o v i d e r i n U S g a u g e c a p a c i t y o f t h e i r f l
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationApproved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
More informationPayment Card Industry (PCI) Penetration Testing Standard
Payment Card Industry (PCI) Penetration Testing Standard Issued Date: 14 May 2015 Effective Date: 14 May 2015 Purpose This standard outlines penetration-testing requirements for the university's Payment
More informationCITY AND COUNTY OF DENVER AUDITOR S OFFICE REQUEST FOR PROPOSAL FOR PROFESSIONAL AUDITING SERVICES. Additional Information.
CITY AND COUNTY OF DENVER AUDITOR S OFFICE FOR PROFESSIONAL AUDITING SERVICES Additional Information March 10, 2016 The following questions were asked and answered at the February 26, 2016 Pre-Proposal
More informationIT Heath Check Scoping guidance ALPHA DRAFT
IT Heath Check Scoping guidance ALPHA DRAFT Version 0.1 November 2014 Document Information Project Name: ITHC Guidance Prepared By: Mark Brett CLAS Consultant Document Version No: 0.1 Title: ITHC Guidance
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning
More informationDemystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur
Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationRequest for Proposal HIPAA Security Risk and Vulnerability Assessment
Request for Proposal HIPAA Security Risk and Vulnerability Assessment May 1, 2016 First Choice Community Healthcare Timeline The following Timeline has been defined to efficiently solicit multiple competitive
More informationAPPENDIX 3 TO SCHEDULE 3.3 SECURITY SERVICES SOW
EHIBIT H to Amendment No. 60 APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT SECURITY SERVICES SOW EHIBIT H to Amendment No. 60 Table of Contents 1.0 Security Services Overview
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationIT Security in Higher Education Survey Questionnaire
IT Security in Higher Education Survey Questionnaire Thank you for your participation in the EDUCAUSE Center for Applied Research (ECAR) study on IT Security in Higher Education. The study will cover the
More informationIndependent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN
Independent Security Operations Oversight and Assessment Captain Timothy Holland PM NGEN 23 June 2010 Independent Security Operations Oversight and Assessment Will Jordan NGEN Cyber Security 23 June 2010
More informationHow To Protect Yourself From A Hacker Attack
Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims
More informationWhen a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More information8 Steps for Network Security Protection
8 Steps for Network Security Protection cognoscape.com 8 Steps for Network Security Protection Many small and medium sized businesses make the mistake of thinking they won t be the target of hackers because
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationICT budget and staffing trends in the UK
ICT budget and staffing trends in the UK Enterprise ICT investment plans to 2013 January 2013 TABLE OF CONTENTS 1 Trends in ICT budgets... 1 1.1 Introduction... 1 1.2 Survey demographics... 1 1.3 IT budget
More information900 Walt Whitman Road, Suite 304 Melville, NY 11747 Office: 631-230-5100
W E P R O V I D E Cyber Safe Solutions was designed and built from the ground up to help organizations across multiple verticals to defend against modern day attacks. Unlike other security vendors that
More informationSecurity Assessment Report
Security Assessment Report Prepared for California State Lottery By: Gaming Laboratories International, LLC. 600 Airport Road, Lakewood, NJ 08701 Phone: (732) 942-3999 Fax: (732) 942-0043 www.gaminglabs.com
More informationSAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT
SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Clifford Gorman Date Issued: July 6, 2015 BID NO.: 15-15060 FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR THE ONE TIME PURCHASE OF SCADA NETWORK
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More information8 Steps For Network Security Protection
8 Steps For Network Security Protection 8 Steps For Network Security Protection Many small and medium sized businesses make the mistake of thinking they won t be the target of hackers because of their
More informationManaging Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services
Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult
More informationWhat is Penetration Testing?
White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking
More informationTHE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER
THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER How to ensure a cloud-based phone system is secure. BEFORE SELECTING A CLOUD PHONE SYSTEM, YOU SHOULD CONSIDER: DATA PROTECTION.
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationINFORMATION TECHNOLOGY ENGINEER V
1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationHealthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security
Healthcare Security Vulnerabilities Adam Goslin Chief Operations Officer High Bit Security Webinar Overview IT Security and Data Loss Breach Sources / Additional Information Recent Medical Breach / Loss
More informationBlack Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!
Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:
More informationCommissioners Irving A. Williamson, Chairman Daniel R. Pearson Shara L. Aranoff Dean A. Pinkert David S. Johanson Meredith M.
The U.S. International Trade Commission is an independent, nonpartisan, quasi-judicial federal agency that provides trade expertise to both the legislative and executive branches of government, determines
More informationCautela Labs Cloud Agile. Secured.
Cautela Labs Cloud Agile. Secured. Vulnerability Management Scanning and Assessment Service Vulnerability Management Services New network, application and database vulnerabilities emerge every day. Because
More informationDepartment of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review DCF Answers to Vendor Questions
Department of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review s to Vendor Questions Questions as Submitted by Vendors (Duplicates omitted) 1. Have controls
More informationCustomer PCI 3.0 Changes = New Opportunity For You. Giles Witherspoon-Boyd SecurityMetrics
Customer PCI 3.0 Changes = New Opportunity For You Giles Witherspoon-Boyd SecurityMetrics Who is this guy? Giles Witherspoon-Boyd, PCIP 15 years in technology, 4 years at SecurityMetrics SecurityMetrics
More informationSecurity Policy for External Customers
1 Purpose Security Policy for This security policy outlines the requirements for external agencies to gain access to the City of Fort Worth radio system. It also specifies the equipment, configuration
More informationThe number LEON COUNTY NG9-1-1, RFP # BC-01-11-12-25 Addendum #3
Date: December 30, 2011 The number LEON COUNTY NG9-1-1, RFP # BC-01-11-12-25 Addendum #3 The following is an addendum to the Leon County NG9-1-1 System Request for Proposal (#BC-01-11-12-25). This and
More information