SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT
|
|
- Dominick Norman
- 8 years ago
- Views:
Transcription
1 SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Clifford Gorman Date Issued: July 6, 2015 BID NO.: FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR THE ONE TIME PURCHASE OF SCADA NETWORK SECURITY ASSESSMENT ADDENDUM NO. 2 Sealed bids, one (1) Original and seven (7) copies, addressed to the Purchasing Director, San Antonio Water System, 2800 US Hwy 281 North, Administration Bldg., 5 th Floor, San Antonio, TX will be received until 3:00 p.m., July 14, 2015 and then publicly opened and read aloud for furnishing materials or services as described herein below, The San Antonio Water System Purchasing Department is willing to assist any bidder(s) in the interpretation of bid provisions or explanation of how bid forms are to be completed. Assistance may be received by visiting the Purchasing Office in the SAWS Main Office, 2800 US Hwy 281 North, San Antonio, TX 78212, or by calling (210) This invitation includes the following: Invitation for Best Value Bids Terms and Conditions of Invitation for Bids Specifications and General Requirements Price Schedule The undersigned, by his/her signature, represents that he/she is authorized to bind the Bidder to fully comply with the Specifications and General Requirements for the amount(s) shown on the accompanying bid sheet(s). By signing below, Bidder has read the entire document and agreed to the terms therein. Signer s Name: Firm Name: (Please Print or Type) Address: Signature of Person Authorized to Sign Bid City, State, Zip Code: Address: Telephone No.: Fax No.: Please complete the following: Prompt Payment Discount: % days. (If no discount is offered, Net 30 will apply.) Please check the following blanks which apply to your company: Ownership of firm (51% or more): Non-minority Hispanic African-American Other Minority (specify) Female Owned Handicapped Owned Small Business (less than $1 million annual receipts or 100 employees) Indicate Status: Partnership Corporation Sole Proprietorship Other (specify) To report suspected ethics violations impacting the San Antonio Water System, please call Page 1 of 12
2 This addendum is being issued to provide answers to the questions that were submitted. All terms, conditions and specifications remain unchanged. This addendum does not need to be returned with the bid submittal. Question 1 Section 18 Performance Deposit Is a performance deposit required I did not see a specification within the documentation? If so, What is your criteria for the Performance Deposit? There will be no performance bond required for this contract. Question 2 On Outdoor Wireless Network Vulnerability and Penetration Testing Page 19 of the RFC states that we will be reviewing 20 programmable logic devices (PLCs). Can you please comment on the location on the network and the current function of those PLCs, regarding if they are in production, or in a laboratory environment? Security testing of live industrial control systems presents challenges above and beyond what is typical of Internet facing or internal corporate systems. We want to have more clarity into the impact that our testing could have on business processes dependent on the networks and controlled devices that these PLCs are connected to. The number on page 19 represents a broad sample of our overall environment and are the nodes we want you to evaluate. They are all within a 30 mile radius from SAWS headquarters. Labs are available for 3 of 4 SCADA control systems. No lab is available for the outdoor wireless system. We understand the challenges presented by security testing live industrial control systems and are interested in your methodology. Question 3 On Outdoor Wireless Network Vulnerability and Penetration Testing Page 19 of the RFC states that we will be testing Denial of Service attacks on microwave radios and communications. Can you please comment on the location on the network and current function of those radios, regarding if they are in production, or in a laboratory environment? Security testing of live industrial control systems presents challenges above and beyond what is typical of Internet facing or corporate systems. We want to have more clarity into the impact that our testing could have on business processes dependent on the communications these systems support. No lab is available for the outdoor wireless system. Thoughts are to find an access point with little or no traffic, remove the segment from active use and monitoring and make it available for testing with the understanding that re-attenuation or repair may be necessary after the testing is complete. Page 2 of 12
3 Question 4 On Outdoor Wireless Network Vulnerability and Penetration Testing Will SAWS provide us the basic communication parameters for each microwave communication to be evaluated (i.e. frequency/exact carrier, modulation, codification, baud rate, etc.) on the proposed frequencies (900MHz, 4.9GHz and 11GHz)? The amount of time assigned to each wireless testing activity is dependent on the answer to this question (If this information is not provided, more time will need to be allocated to discovery. If this information is provided, more time can be allocated to testing activities). SAWS is interested in discovering what potential vulnerabilities exist against outsider threats with no prior knowledge of our systems. Additionally, any vendor responding to this solicitation should have adequate tools to scan the RF environment and detect transmitting frequencies in use. After this black box testing, we can provide additional information to simulate threats from an informed source. Question 5 On all Network Vulnerability and Penetration Testing: Will SAWS provide the technical specifications (brand, model, operating system, etc.) and configurations for the list of devices that will be evaluated, as listed on the tables on Page 19 of the RFC (firewalls, routers, switches, radios, IDSs, UPSs, PLCs, etc.)? Yes to the selected vendor. Question 6 Section I.1.b and I.2.b, Please provide the number of documents requiring review. There are less than 100 pages for review in total. Question 7 Section 3.A Group 1, what is the distance between the five corporate locations identified in section Less than 30 miles. Question 8 A Group One? a. Can you please provide public available geo map for the locations requiring assessment? Yes, to the selected vendor Page 3 of 12
4 Question 9 Section 3.B.5, Will an authorization letter be provided that provides legal authority to conduct the social engineering actions requested? We will further discuss this requirement based on the methodology to be used by the selected vendor. Question 10 The solicitation states that 4 control systems using wired and wireless IP communications are to be assessed. Can you please clarify which specific systems/facilities are to be assessed as part of this solicitation so that an appropriate approach and cost can be developed? This information will be provided to the selected vendor, our belief is the selected vendor will have a methodology which can be applied to any control system. Please provide the control systems you have experience with. Question 11 Can you give an exact number of nodes that we are to evaluate/assess or are we to assume the number given on pg. 19 is precise? The number on page 19 represents a broad sample of our overall environment and are the nodes we want you to evaluate. Question 12 The RFP requestes a "Security Assessment" does this refer to a "Vulnerability Assessment" or a "Risk Assessment Vulnerability assessment and penetration testing should illustrate risks. Question 13 The RFP lists 5 facilites in scope for this assessment. What is the nature of the facilites? Do they include data centers as well as treatment plants? Yes Question 14 Are the 5 sites geographically collocated or remote? Remote Page 4 of 12
5 Question 15 What brands of IC environments that exist in your facility? Question 16 The RFP lists a table of equipement for ICS. Is this per facility or total? Broad sample Question 17 What types(s) brand and version of routers do you have? Question 18 How many routers are in scope for review (typically we would review edge routers)? See page 19 Question 19 How many Windows servers are in scope & what versions? See page 19 Question 20 How many Unix environments are in scope & what versions? None Question 21 What type(s) brand and version of security appliances (IDS, IPS, UTM, Firewall) do you have? Question 22 Number of firewall rule sets (IT and OT if applicable)? Question 23 How many firewalls are in scope for review? Page 5 of 12
6 See page 19 Question 24 Previously infected machine locations and roles, if known None Question 25 Critical assets to be evaluated for any possible compromise See page 19 Question 26 Critical (traffic) network nodes to be evaluated See page 19 Question 27 Vendor specific equipment installed by third party integration team(s) Question 28 Method and means of backup of files/system configurations including paths to primary and intermediate storage Question 29 Current network topology diagrams (logical and physical), which depict connectivity Question 30 Does SAWS have a zones conduits diagram available? Question 31 T1s, SATCOM, cellular, Dial-up, serial lines, etc. Page 6 of 12
7 Question 31 Does SAWS use enterprise architectures or are there EA products available? We have enterprise monitoring tools Question 32 HMI software suite - There are variety of HMI and PLC that may deployed in the ICS environment. Could you provide any details, brand, etc. Are they in scope? Yes, to be disclosed Question 33 Industrial protocols used and ports if known Question 34 Control systems installed, including manufactuer and model if known Question 35 End devices (Vendors and models of PLCs, RTUs, etc.) Question 36 Vendor specific equipment installed by third party integration team(s) Question 37 How does the organization distinguish between IT/ OT are both in scope? Both are in scope Question 38 Identification of direct connections through firewalls/filtering routers/etc. Question 39 Service Level Agreements for third party monitoring (Active or Passive) Page 7 of 12
8 None Question 40 Have the systems been categorized as reference in NIST rev 4? If so is this all documented? No Question 41 Can SAWS personnel collect and send system configurations? If required to the selected vendor Question 42 Can Data be sent and stored on secure media outside of SAWS? If required to the selected vendor Question 43 Are Pictures permitted to be taken inside facilities? Yes Question 44 Can vendor machines attach to SAWS network? Only thru a secure connection Question 45 Can SAWS clarify if they want active penetration testing on control networks? Both active on specific segments and passive on sensitive segments Question 46 Will SAWS interviews with personnel be conducted via VTC/teleconference or in person? Can be via Webex Question 47 First assessment or others been done? Will vendor have access to those previous assessments? Page 8 of 12
9 First assessment of this kind Question 48 Have internal sites been decided or is that part of the scope to determine? See page 19 Question 49 Will vendor have access to 3rd parties including maintenance and integrators contractors? Yes, if necessary Question 50 Will vendor be required to perform Physical penetration testing for network or communications devices? To be discussed with the selected vendor, but generally a passive approach to physical penetration (a review) would be acceptable. Question 51 Group 2 assets (page 19). What are the two misc assets? Possible additions based on initial results of the selected vendor s review Question 52 "p. 3 - Section 2. Preparation of Bids, (a) ""The bidder shall print or type name and manually sign the schedule.""is DocuSign signature acceptable? No, original signatures are required Question 53 "P.24 - VIII. Important Mailing Instructions Do you require the opening date and time on the envelope label, or just the bid name and number? See page 4 Question 54 What is the Remarks field for?" Page 9 of 12
10 Question 55 "P Tab 3, Attachment B, Pricing Schedule - Do you want 1 original and 7 copies of the pricing in a separate envelope, or just 1 original?" Just 1 original of the pricing Question 56 "P Tabs all have ""Please check if pricing response is included on a separate enclosed envelope."" at the bottom. Confirming that should read ""Please check if response is included as a separate document."" like previous attachments, correct?" That is correct. Tabs 9 11 should read Please check if response is included as a separate document. Question 57 General Question Compliance Should the proposals be spiral bound or placed in a three (3) ring binder? Either option is fine Question 58 General Question Compliance Are there any requirements for font, margins and page limit? There are no requirements as to font, margins or page limit Question 59 Scope Does SAWS have the appropriate lab or test equipment that can be made available to the Vendor in order to reduce risk of impacting the production system during vulnerability assessment/penetration testing? We do have SCADA labs for 3 of the 4 control systems that can be made available. We do not have an outdoor wireless lab available. Question 60 Spcecifically, Vendor would like: PLCs with a similar make/model as those considered in scope Packed based radio devices with a similar make/model as those under test Test instance of critical application servers The SCADA labs for 3 of the 4 control systems have production PLCs available. There is no lab environment available for outdoor wireless. The critical applications servers are available in the lab for 3 of the 4 control systems. Page 10 of 12
11 Question 61 Scope of Services Section 3.A Requires that penetration testing be performed from different points in the network at five (5) different facilities. Are these facilities greater than one (1) hour travel time distance from the primary location No Question 62 Would these facilities be considered industrial work environments, normal office settings or a mixture of both? Mixed Question 63 Have these points been selected by SAWS? If so, please elaborate on the reason for selection. We have selected the points and they represent a broad sample of our overall environment. Question 64 Remote Facility Clarity Is the object of the penetration test to evaluate the security of the remote facility, or some other network that the remote facility communicates with (such as a control center) or both? Both. Question 65 Definition Penetration Test What is SAWS definition of a penetration test? Will SAWS consider a blended penetration and vulnerability assessment methodology? Yes Question 66 What is SAWS risk tolerance to penetration testing in general on production industrial systems? Low risk tolerance Question 67 What level of access should be assumed for the penetration test: Complete outsider from the internet? Insider from the office network? Insider from automation vendor? Insider on the control network? Page 11 of 12
12 All of the above. Question 68 Review Security Policies, Procedures and Practices: How many documents? What is the average number of pages per document? There are less than 100 pages for review in total. This addendum does not need to be returned with the bid submittal. Page 12 of 12
SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT
SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Angeline C. Peralez Date Issued: July 24, 2014 BID NO.: 14-6077 FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR THE ONE TIME PURCHASE OF NETWORK
More informationSAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR PRESCRIPTION SAFETY EYEWEAR PROGRAM ADDENDUM NO.
SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Joseph Ramon Date Issued: June 15, 2015 BID NO.: 15-0118 FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR PRESCRIPTION SAFETY EYEWEAR PROGRAM ADDENDUM
More informationInformation Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationPHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015
QUESTIONS ANSWERS Q1 What is the goal of testing? A1 We engage in this type of testing to promote our own best practices and ensure our security posture is as it should be. Q2 No of active IP s (internal):
More informationNetwork Segmentation
Network Segmentation The clues to switch a PCI DSS compliance s nightmare into an easy path Although best security practices should be implemented in all systems of an organization, whether critical or
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationCleveland County Emergency Medical Services. PO Box 1210. Shelby, NC 28151 704-484-4984. Request for Proposal. For. Debt Collection Agency Services
Cleveland County Emergency Medical Services PO Box 1210 Shelby, NC 28151 704-484-4984 Request for Proposal For Debt Collection Agency Services Proposals Must Be Submitted by July 16, 2013 Issue Date: June
More information4 Costs... 6 5 Questionnaire... 7 6 Vendor Identification... 9 6.1 Vendor Background... 10 6.2 Vendor References... 10
Table of Contents 1 Abstract / Background... 3 2 Services or Products Desired... 3 2.1 PRI Circuits... 3 2.1.1 Locations... 3 2.1.2 SIP and IP-based Alternatives... 3 2.2 Analog Circuits... 3 2.3 Direct-
More informationCity of Fulton, Missouri REQUEST FOR PROPOSAL
City of Fulton, Missouri REQUEST FOR PROPOSAL RETURN ALL RFPS TO: CITY OF FULTON C/O Carolyn Laswell City Clerk P.O. BOX 130 18 EAST 4 TH STREET FULTON, MO 65251-0130 RFP. NO. P-201231 DATE 05/22/12 REQ.
More informationResponse to Questions CML 15-018 Managed Information Security
Response to Questions CML 15-018 Managed Information Security 1. What are the most critical aspects that need to be provided for this RFP, in light of the comment that multiple awards might be provided?
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationRFP No. 15-037R PERSONAL COMPUTER, LAPTOP, TABLET, PHONES, AND PRINTER TECHNICAL SUPPORT. ADDENDUM NO. 2 October 21, 2015
County Executive Steven R. Schuh RFP No. 15-037R PERSONAL COMPUTER, LAPTOP, TABLET, PHONES, AND PRINTER TECHNICAL SUPPORT ADDENDUM NO. 2 October 21, 2015 TO ALL BIDDERS: PLEASE NOTE THE FOLLOWING CHANGES:
More informationApproved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
More informationRFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST
RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning
More informationREQUEST FOR PROPOSAL
REQUEST FOR PROPOSAL RFP ISSUE DATE: September 26 th, 2001 TITLE: RFP NUMBER: San José State University Website Redesign F-WR00001181-AL PURCHASING OFFICE CONTACT: DEPARTMENT OFFICIAL: Alex Lebedeff, Mary
More informationREQUEST FOR PROPOSAL: STRUCTURED CABLING, LAN SWITCHES, LONG DISTANCE SERVICE, ELECTRONIC FAXING, AND HOSTED VOIP SPECIFICATIONS
SECOND ADDENDUM TO RFP DOCUMENTS REQUEST FOR PROPOSAL: STRUCTURED CABLING, LAN SWITCHES, LONG DISTANCE SERVICE, ELECTRONIC FAXING, AND HOSTED VOIP SPECIFICATIONS 11/9/2015 To All Potential Bidders: This
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationREQUEST FOR PROPOSAL STORAGE AREA NETWORK SOLUTIONS FOR THE PARK CITY SCHOOL DISTRICT RFP # 032612
REQUEST FOR PROPOSAL STORAGE AREA NETWORK SOLUTIONS FOR THE PARK CITY SCHOOL DISTRICT RFP # 032612 The Park City School District is soliciting RFP s from qualified professional firms with the intention
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationFayetteville Public Schools Request for Proposals (RFP) Susan Norton Contract Authority susan.norton@fayar.net
Fayetteville Public Schools Request for Proposals (RFP) Title: Department: District Cellular Smartphone Technology Issue Date: January 21st, 2014 Due Date: 4:00 PM, February 19 th, 2014 Issuing Agency:
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationRFP 21/2013 Network Carrier and Infrastructure Services
RFP 21/2013 Network Carrier and Infrastructure Services Communication #4 Date of Issue: 24 January 2014 1. Answers to questions posed by Bidders. This communication is issued in terms of paragraph 9.3
More informationEmployee Performance Appraisal Software
REQUEST FOR PROPOSALS Employee Performance Appraisal Software 5400 Ox Road Fairfax Station, Virginia 22039 June 18 th, 2014 NOTICE REQUEST FOR PROPOSALS Employee Performance Appraisal Software June 18
More informationState of Texas. TEX-AN Next Generation. NNI Plan
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
More informationINVITATION TO BID Quail Dunes Golf Course Golf Cars
INVITATION TO BID The is accepting sealed bids to Lease or Lease Purchase 45 until 2:45 p.m. (our clock) on December 7, 2015 at City Hall located at 110 Main Street, Fort Morgan, Colorado 80701 at which
More informationSAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT
SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Clifford Gorman Date Issued: June 26, 2014 BID NO.: 14-1014 FORMAL INVITATION FOR BIDS BIENNIAL CONTRACT FOR HVAC SYSTEM MAINTENANCE AND RELATED
More informationREQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES. Bid Packets are Due:
REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES Issue Date: Friday, March 15 th, 2013 Closing Date: Monday, April 15 th, 2013 University City District is requesting proposals from qualified,
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system
More informationNew Era in Cyber Security. Technology Development
New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security
More informationMaintenance Management Software
REQUEST FOR PROPOSALS Maintenance Management Software 5400 Ox Road Fairfax Station, Virginia 22039 www.novaparks.com June 18, 2015 NOTICE REQUEST FOR PROPOSALS Maintenance Management Software June 18,
More informationQUESTIONS & RESPONSES #2
QUESTIONS & RESPONSES #2 RFP / TITLE 070076 IT Cybersecurity Assessment and Plan CONTACT Michael Keim, CPPB, Sr. Contract Adminstrator EMAIL procurement@portoftacoma.com PHONE NUMBER 253-428-8608 SUBMITTAL
More informationBOTTLED WATER/COFFEE SERVICE. Invitation to Bid No. 400360 Issued: June 3, 2013. PURCHASING BUREAU CONTACT: Tammy M. Macon, Purchaser (585)428-7389
Department of Finance City Hall Room 105A, 30 Church Street Rochester, New York 14614-1281 www.cityofrochester.gov Printed Name of Bidder BOTTLED WATER/COFFEE SERVICE Invitation to Bid No. 400360 Issued:
More informationSolicitation Q38834. External Vulnerability Scan & Web Application Vulnerability Scanning Services. Weber State University
Solicitation Q38834 External Vulnerability Scan & Web Application Vulnerability Scanning Services Weber State University Mar 22, 2011 8:35:12 AM MDT p. 1 External Vulnerability Scan & Web Application Vulnerability
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationMunicipal Mesh Network Design
White Paper Municipal Mesh Network Design Author: Maen Artimy 1 Summary This document provides a wireless mesh network design for the downtown area of the Town of Wolfville, Nova Scotia. This design serves
More informationSpokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A
Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Request for Proposals (RFP) for PCI DSS COMPLIANCE SERVICES Project # 15-49-9999-016 Addendum #1 - Q&A May 29,
More informationREQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SUPPORT SERVICES
REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SUPPORT SERVICES The City of Palmer, AK (hereinafter City) is issuing a Request for Proposal (hereinafter RFP) to obtain the services of a qualified firm to
More informationSession 14: Functional Security in a Process Environment
Abstract Session 14: Functional Security in a Process Environment Kurt Forster Industrial IT Solutions Specialist, Autopro Automation Consultants In an ideal industrial production security scenario, the
More informationInstructions for Completing the Information Technology Examination Officer s Questionnaire
Instructions for Completing the Information Technology Examination Officer s Questionnaire Please answer the following information security program questions as of the examination date pre-determined by
More informationPrepared by: OIC OF SOUTH FLORIDA. May 2013
OIC OF SOUTH FLORIDA REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SUPPORT SERVICES Proposals will be received by OIC of South Florida for Information Technology Support Services. Interested vendors should
More informationCoosa County School System Request for Proposal Hosted VOIP Solution
Coosa County School System Request for Proposal Hosted VOIP Solution You are invited to submit a proposal to provide hosted priority one interconnected Voice Over Internet Protocol (VOIP) service to supplement
More informationUsing Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4
WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationWherever there is a conflict, the Addenda to the RFP document and the RFP document (in that order) override the explanations that are provided here.
Procurement of Services to Design, Develop, Implement and Maintain Centralized e-governance Application for Urban Local Bodies in Tamil Nadu Explanatory Notes 2 / Dated 17-December--2013 Explanatory Notes
More informationRequest for Information RFI #15/16-300 for Enterprise Password Management Software
Company Name: This RFI response has been submitted by: Address: (Street, Su. # City, State, Zip) Request for Information RFI #15/16-300 for Enterprise Password Management Software Contact Name: Telephone
More informationResponse to Queries Received for RFP of Security Integrator - Tender No. 63
Sr.N RFP Clause Original Query Reply/Remark o. 1. Perform Incident Management with respect to the following: For Forensic Analysis of logs Please clarify the systems/devices Contain attacks through for
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationQ&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015
Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015 UPDATE HISTORY: 10/21/2015 10/30/2015 11/5/2015 Questions submitted by Proposers All proposers should reference the following
More informationCity Of Hammond Purchasing Department REQUEST FOR PROPOSALS RFP 15-07. Servers, Shared Storage & Backup Software
1 City Of Hammond Purchasing Department REQUEST FOR PROPOSALS Servers, Shared Storage & Backup Software Bids Shall Be Received by the Purchasing Department, 310 East Charles Street P.O. Box 2788 Hammond,
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationCity of Belton 506 Main Street Belton, MO 64012 ATTENTION: Patti Ledford
REQUEST FOR PROPOSALS HOSTED INTERACTIVE VOICE RESPONSE SYSTEM NOTICE OF REQUEST FOR PROPOSALS NOTICE IS HEREBY GIVEN that the City of Belton, Missouri, (hereinafter referred to as City ) is requesting
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationDr. György Kálmán gyorgy@mnemonic.no
COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationInvitation to Bid FIRE ALARM & DETECTION SYSTEM
Invitation to Bid FIRE ALARM & DETECTION SYSTEM Responses to an Invitation to Bid will be received by the Purchasing Supervisor, Sumner County Board of Education, 1500 Airport Road, Gallatin, TN 37066
More informationREQUEST FOR PROPOSAL NO. RFP09503 MIDDLE SCHOOL AND HIGH SCHOOL YEARBOOKS. Submittal Deadline: October 29, 2015. Time: 10:00 a.m.
Seattle Public Schools Contracting Services 2445 Third Avenue South Seattle, WA 98134 Telephone: (206) 252-0566 Fax: (206) 743-3018 contractingservices@seattleschools.org REQUEST FOR PROPOSAL NO. RFP09503
More informationREQUEST FOR PROPOSAL-INFORMATION TECHNOLOGY SUPPORT SERVICES
Isothermal Planning & Development Commission (IPDC) REQUEST FOR PROPOSAL-INFORMATION TECHNOLOGY SUPPORT SERVICES Proposals will be received by the IPDC for Information Technology Support Services. Interested
More informationADDENDUM #1 REQUEST FOR PROPOSALS 2015-151
ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151 HIPAA/HITECH/OMNIBUS Act Compliance Consulting Services TO: FROM: CLOSING DATE: SUBJECT: All Potential Responders Angie Williams, RFP Coordinator September 24,
More informationNETWORK PENETRATION TESTING
Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes
More informationHow to build a security assessment program. Dan Boucaut
How to build a security assessment program Dan Boucaut Agenda 1 Problem statement 2 Business case 3 How to avoid creating more problems Problem statement Security assessments are hard, costly and may take
More informationOn the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks
CIBSI 2013 Panama City, Panama, October 30 th, 2013 On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks Paulo Simões, Tiago Cruz, Jorge Gomes, Edmundo Monteiro psimoes@dei.uc.pt
More informationRe-Tender RFP for Providing Dedicated Web Hosting Services for IBA Pre-Bid Queries
Re-Tender RFP for Providing Dedicated Web Hosting Services for IBA Pre-Bid Queries The pre-bid meeting for clarifications on the Re-Tender RFP for Providing Dedicated Web Hosting Services for IBA was held
More informationREQUEST FOR PROPOSALS FOR. IP Phone System. Issue Date: April 1, 2015. Submittal Date: May 1, 2015 at 12:00 P.M. Contact: Tricia A.
REQUEST FOR PROPOSALS FOR IP Phone System Issue Date: April 1, 2015 Submittal Date: May 1, 2015 at 12:00 P.M. Contact: Tricia A. Pawlowski Superintendent Deckerville Community Schools tpawlowski@deckerville.k12.mi.us
More informationOSWEGO COUNTY PURCHASING DEPARTMENT
Bid #38-14 VOIP Municipal Lease OSWEGO COUNTY PURCHASING DEPARTMENT County Office Building 46 East Bridge Street Oswego, NY 13126 Phone (315) 349-8307 Fax (315) 349-8308 Email: dstevens@oswegocounty.com
More informationSPECIFICATIONS AND BID DOCUMENTS FOR VEHICLE TRACKING SYSTEM FOR THE PUBLIC WORKS DEPARTMENT. Contract 0607-06
SPECIFICATIONS AND BID DOCUMENTS FOR VEHICLE TRACKING SYSTEM FOR THE PUBLIC WORKS DEPARTMENT Contract 0607-06 DEPARTMENT OF PUBLIC WORKS 84 South Main Street Cheshire, Connecticut 06410 OCTOBER, 2006 TO
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationUNO CHARTER SCHOOL NETWORK ( UNO-CSN ) Invitation for Bids ( IFB ) for ELECTRICAL UPGRADES
UNO CHARTER SCHOOL NETWORK ( UNO-CSN ) Invitation for Bids ( IFB ) for ELECTRICAL UPGRADES All Bids must be sent electronically to: ucsnbidresponse@unocharterschools.org All communications should be addressed
More informationDGS-30-300 (VCCS Rev. 04/15) Page 1 of 7 REQUEST FOR PROPOSALS
(VCCS Rev. 04/15) Page 1 of 7 REQUEST FOR PROPOSALS Issue Date: July 10, 2015 RFP: LFCC-F-18161AE Title: Virginia Community College System Lord Fairfax Community College, Fauquier Campus Construct Academic
More informationCITY OF MARTINSVILLE REQUEST FOR PROPOSALS UTILITY BILL PRINTING & MAILING SERVICES SEPTEMBER 22, 2015
CITY OF MARTINSVILLE REQUEST FOR PROPOSALS UTILITY BILL PRINTING & MAILING SERVICES SEPTEMBER 22, 2015 The City of Martinsville is seeking proposals from qualified contractors to provide Bill Printing
More informationHigh rate and Switched WiFi. WiFi 802.11 QoS, Security 2G. WiFi 802.11a/b/g. PAN LAN Cellular MAN
Security Issues and Quality of Service in Real Time Wireless PLC/SCADA Process Control Systems Dr. Halit Eren & Dincer Hatipoglu Curtin University of Technology (Perth Australia) 2/27/2008 1 PRESENTATION
More informationNetwork Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients
Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients Network Test Labs Inc. Head Office 170 422 Richards Street, Vancouver BC, V6B 2Z4 E-mail: info@networktestlabs.com
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationRegion 7 Education Service Center Request for Proposal (RFP) For Generator Installation
Region 7 Education Service Center Request for Proposal (RFP) For Generator Installation Purpose The purpose of this Request for Proposal (RFP) is to invite prospective vendors to submit a proposal to supply
More informationRequest For Proposal AlienVault SIEM Solution CONTRACT # 1069 08/20/2015 LATE PROPOSALS WILL NOT BE ACCEPTED
Request For Proposal AlienVault SIEM Solution CONTRACT # 1069 08/20/2015 LATE PROPOSALS WILL NOT BE ACCEPTED Table of Contents Page No. 1. General Provisions a. Scope of Services... 1 b. Qualifications
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005
SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems
More informationATLANTA PUBLIC SCHOOLS
Procurement Services 130 Trinity Avenue, S.W. 5 th Floor Atlanta, Georgia 30303 Request for Qualifications For October 31, 2007 Solicitation Number: 112607-01 Due Date: November 26, 2007 ADVERTISEMENT
More informationATTACHMENT B PROPOSAL SUBMITTAL FORMS. For ZETRON MAX NG911 PHONE SYSTEM RFP #0912-074
ATTACHMENT B PROPOSAL SUBMITTAL FORMS For ZETRON MAX NG911 PHONE SYSTEM RFP #0912-074 FORM NAME Page General Company Information Form.. 2 Proposal Cost Summary Form.. 3 Signature Page Form... 4 Buy Local
More informationADDENDUM Fire Alarm System Inspection, Testing, & Service RFP# 1106-07
ADDENDUM Fire Alarm System Inspection, Testing, & Service TO: All Potential Bidders RFP# 1106-07 RE: Fire Alarm System Inspection, Testing, & Service Scope Changes, SB-9 Form Date: June 14, 2011 The additions
More informationPROPOSALS REQUESTED THE TOWN OF OLD ORCHARD BEACH POLICE DEPARTMENT FOR IP-BASED VOICE COMMUNICATION SYSTEM
PROPOSALS REQUESTED BY THE TOWN OF OLD ORCHARD BEACH POLICE DEPARTMENT FOR IP-BASED VOICE COMMUNICATION SYSTEM The Town of Old Orchard Beach will receive sealed bids for an IP based phone system. The project
More informationEnterprise Information Technology Security Assessment RFP Answers to Questions
Enterprise Information Technology Security Assessment RFP Answers to Questions GENERAL QUESTIONS Q: How do the goals of the security assessment relate to improving the way VEIC does business? A: Security
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationMaintenance Management Software
REQUEST FOR PROPOSALS Maintenance Management Software 5400 Ox Road Fairfax Station, Virginia 22039 www.novaparks.com December 22, 2015 NOTICE REQUEST FOR PROPOSALS Maintenance Management Software December
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More informationINVITATION TO BID. Web and Application Development Services. Monday, February 23, 2015 at 10:00 AM
200 GRAND RIVER, SUITE 203 Pg 1 of 11 BID: RFP-IT-0215-292 INVITATION TO BID ITEM: PreBid Conference: DEADLINE: BID OPENING: Web and Application Development Services Monday, February 9, 2015 at 11:00 AM
More information5 TIPS TO PAY LESS FOR PCI COMPLIANCE
Ebook 5 TIPS TO PAY LESS FOR PCI COMPLIANCE SIMPLE STEPS TO REDUCE YOUR PCI SCOPE 2015 SecurityMetrics 5 TIPS TO PAY LESS FOR PCI COMPLIANCE 1 5 TIPS TO PAY LESS FOR PCI COMPLIANCE SIMPLE STEPS TO REDUCE
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationHow To Build A Scada System
SECTION 17902 SCADA SYSTEMS PART 1 - GENERAL 1.01 SCOPE OF WORK A. The work of this section shall be performed by a qualified System Integrator and includes providing and installing SCADA computer system
More informationARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE
ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE AGENDA PCI DSS Basics Case Studies of PCI DSS Failure! Common Problems with PCI DSS Compliance
More informationTOWN OF GLASTONBURY PROFESSIONAL SERVICES PROCUREMENT NOTICE REQUEST FOR PROPOSAL MERCHANT PAYMENT PROCESSING SERVICES RPGL # 2010-36
TOWN OF GLASTONBURY PROFESSIONAL SERVICES PROCUREMENT NOTICE REQUEST FOR PROPOSAL MERCHANT PAYMENT PROCESSING SERVICES RPGL # 2010-36 The Town of Glastonbury will be accepting proposals from qualified
More informationCHECK POINT FIREWALL
CITY OF LITTLE ROCK, ARKANSAS INVITATION TO BID FOR CHECK POINT FIREWALL BID #15150 ITB Issue Date: 7/9/15 Responses Due By: 2:00 p.m. on July 23 rd, 2015 Pre-Bid Meeting: None BID NUMBER: 15150 COMMODITY
More informationWIRELESS INFRASTRUCTURE & MOBILE DEVICE MANAGEMENT REQUEST FOR INFORMATION (RFI)
Pflugerville Independent School District Department of Technology WIRELESS INFRASTRUCTURE & MOBILE DEVICE MANAGEMENT REQUEST FOR INFORMATION (RFI) Attention: Craig Pruett, Director of Purchasing 1401 W.
More informationRequest for Proposal. Broker and Claims Management Services For Redlands Christian Migrant Association, Inc. Workers Compensation Insurance Program
Request for Proposal Broker and Claims Management Services For Redlands Christian Migrant Association, Inc. Workers Compensation Insurance Program April 8, 2015 2 Page 1 Redlands Christian Migrant Association,
More informationRequest for Proposal. Internet Access. Satilla Regional Libraries. Erate Funding Year July 1, 2014 through June 30, 2015
Request for Proposal Internet Access Satilla Regional Libraries Erate Funding Year July 1, 2014 through June 30, 2015 January 2013 Page 1 REQUEST FOR PROPOSAL Internet Access Satilla Regional Library The
More informationVirtual LAN Configuration Guide Version 9
Virtual LAN Configuration Guide Version 9 Document version 96-1.0-12/05/2009 2 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing,
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationAgenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures
Firewall Agenda Unit 1 Understanding of Firewall s definition and Categorization Unit 2 Understanding of Firewall s Deployment Architectures Unit 3 Three Representative Firewall Deployment Examples in
More information