STATEMENT OF WORK (SOW) for CYBER VULNERABILITY ASSESSMENT
|
|
- John Bennett
- 8 years ago
- Views:
Transcription
1 1.0 Introduction UTILITIES desires to contract with a CONTRACTOR to conduct an in-depth cyber vulnerability assessment and physical penetration vulnerability assessment of our IT Infrastructure as outlined in the SOW. This document provides additional information that will allow a CONTRACTOR to understand the scope of this effort and develop a proposal in the format desired by UTILITIES. 2.0 Background Colorado Springs Utilities (UTILITIES) is a four-service municipal utility serving the City of Colorado Springs and various customers in El Paso County, Colorado. UTILITIES is interested in conducting a security assessment that will allow it to: Gain better understanding of potential corporate network vulnerabilities that may be visible internally and /or externally to the organization. Determine if the current wireless infrastructure is securely configured and deployed. Evaluate the security associated with public facing web applications used by both internal and external users. Evaluate the security associated with financial and asset management systems. Determine if the current physical security is effective by conducting physical access assessments. Determine if the current cyber security is effective by conducting cyber access assessments. Determine if the current organization security awareness is effective by conducting social engineering on users internal to the organization. These activities are part of UTILITIES ongoing desire to improve security and are focused on identifying the risk level UTILITIES is currently exposed to so an appropriate response to those threats can be developed. SOW # PR Page 1 of 9 Revision 10/2007
2 3.0 Scope The scope of this engagement is for a CONTRACTOR to perform a cyber and physical vulnerability assessment of UTILITIES assets. The assessment must determine vulnerabilities from both internal and external attack vectors. Those items deemed within the scope of this effort are the following: Web Application Penetration Testing to include any customer-facing, internet applications on the UTILITIES websites Wireless Network Assessment and Penetration Testing to include 30 UTILITIES Wireless Access Points Security Assessment and Penetration Testing to include UTILITIES outside-facing firewalls and network entry points Voice over IP Assessments and Penetration Testing to include WarDriving on a random number (not to exceed 100) of UTILITIES phone numbers Social Engineering Assessments to include information gathering on a random number (not to exceed 100) UTILITIES employees Physical Security Assessments and Penetration Testing to include physical access to three (3) UTILITIES facilities at the East Service Center, Utilities Customer Service Center, and the first five (5) floors of the Plaza building occupied by UTILITIES Financial and Asset Management Application Vulnerability Assessment and Penetration Testing on 55 Unix and Intel Systems Overall Information Security Risk Assessment to include an overall Security Gap Assessment at UTILITIES following industry best practices The assessment report for each of the above requests shall identify the vulnerability assessment process, document the assessment results, and recommend actions on how to remediate or mitigate vulnerabilities. These reports should be similar to each other and where overlap occurs they may be combined. The key goal of the CONTRACTOR in reporting the assessment results is to provide actionable information. The final assessment report shall identify the vulnerability assessment process, document the assessment results, and the recommended actions on how to remediate or mitigate vulnerabilities. The assessment report needs to show how that vulnerability can or cannot be exploited by a credible adversary. SOW # PR Page 2 of 9 Revision 10/2007
3 The CONTRACTOR shall: Attend a kickoff meeting Provide a draft and final project plan (in MSWord and MSProject format) for UTILITIES review and approval, Provide a draft and final test plan (in MSWord and MSVisio format) Provide a Vulnerability Assessment Provide a draft and final assessment report (in MSWord format), with a prioritized list of findings and recommendations Provide an executive briefing or summary. (in MS Power Point) to key UTILITIES staff, with prioritized findings and recommendations at a site selected by UTILITIES Allow contractor staff performing the assessment to be available to the UTILITIES staff with interpretation and clarification of assessment report findings not to exceed 10 hours effort over a 6-month period following the delivery of the final report UTILITIES will provide CONTRACTOR with a list of assets defined prior to the start of this engagement. IT Computer Access Request Cyber security DVD Course Facility Access Request Signed Acknowledgement of Special Procedures for Security Related Projects from Team Members A portion of the assessment testing shall need to be performed at UTILITIES facilities located in Colorado Springs in El Paso County, Colorado. 4.0 Tasks, Deliverables & Schedule Start Date: November 19, 2010 Project Completion Date: December 13, 2010 PROJECT PLAN and DELIVERABLE MILESTONES CONTRACTOR shall provide a detailed project plan in electronic format including task-level content incorporating Deliverable Milestones for each task listed below: Task No. Tasks/Activity/Service Start Date Completion Date Deliver a draft project plan as part of Contractor s proposal. Finalize the project plan no later than 10 business SOW # PR Page 3 of 9 Revision 10/2007
4 days after contract award. The project plan shall contain at a minimum: Revision/change record A detailed project approach A communications plan A detailed team roster with resumes of team members, skills detail of job classification, and a copy of background check verification for each team member Weekly status reports to include work planned, work completed, and any issues meeting project schedule or deliverables A risk identification plan identifying each potential project risk as well as actions for mitigating each risk. Any mitigation plans should take into account that system recovery back to baseline/healthy status is required, and should also ensure that only a minimum number of critical user functions are impacted Plans for the Contractor staff performing the assessment to be available to the UTILITIES staff with interpretation and clarification of assessment report findings not to exceed 10 hours effort over a 6-months period following the delivery of the final report Deliver a draft project schedule with the RFP. Finalize the project schedule no later than 10 business days after Combine with for scheduling SOW # PR Page 4 of 9 Revision 10/2007
5 contract award. The project schedule shall contain at a minimum: Revision/change record. A task driven schedule with deliverable milestones identified. Resources (team members) identified for each task Specific milestone tasks for: IT Computer Access Request Cyber security DVD Course Facility Access Request Signed Acknowledgement of Special Procedures for Security Related Projects from Team Members Deliver a draft test plan as part of Contractor s proposal. Finalize the test plan no later than 10 business days after contract award. The test plan shall contain at a minimum: A complete list of testing tools employed and the versions of those tools as part of the test plan Identification of all test equipment Identify whether or not the Contractor shall need permission to make changes to UTILITIES file systems and/or system configurations to include specific responsibility for backing out these changes Perform a Vulnerability Assessment and Penetration Test. Contractor shall, at a minimum: Perform testing in a manner that maintains data integrity Permit a UTILITIES representative to watch or monitor all assessment testing purpose. SOW # PR Page 5 of 9 Revision 10/2007
6 as requested Perform External Network Vulnerability Assessment and Penetration Testing Perform Internal Network Vulnerability Assessment and Penetration Testing Perform Web Application Penetration Testing Perform Wireless Assessment and Penetration Testing Perform Voice over IP Assessments and Penetration Testing Perform Social Engineering Assessments Perform Physical Security Assessments and Penetration Testing Perform Financial and Asset Management Application Vulnerability Assessment and Penetration Testing Perform Information Security Risk Assessment Provide UTILITIES a copy of the raw testing tools output Deliver a draft assessment report no later than 10 business days after the assessment has been performed. The assessment report shall contain at a minimum, a prioritized list of findings and recommendations to remediate or mitigate any vulnerabilities. 5.0 Key Project Staffing CONTRACTOR S Key Personnel. CONTRACTORS personnel assigned to this project are considered essential to the work being performed under this SOW, therefore, prior to the substitution of any of Contractor s personnel assigned to this project, CONTRACTOR shall provide two (2) weeks notification to UTILITIES SOW # PR Page 6 of 9 Revision 10/2007
7 in writing and shall submit written justification to permit evaluation of the impact on the project. No substitutions shall be made by CONTRACTOR without the written consent of UTILITIES. 6.0 Work Performance Location: All services shall be performed locally at Colorado Springs Utilities sites within El Paso County. Hours: All work shall be performed Monday through Friday during the hours of 8:00 AM and 5:00 PM (MDT) excluding CONTRACTOR s observed holidays. Any work outside normal business hours must be coordinated and approved by UTILITIES. No work for this SOW is scoped for weekend or holiday hours. 7.0 Security CONTRACTOR agrees that all resources assigned to this Project shall adhere to all UTILITIES security rules and regulations at all times and at all UTILITIES locations. CONTRACTOR shall have an administrative security program that clearly defines protection controls and implements security background checks for those contract agencies or services providers who shall need unescorted physical or electronic access. Additional requirements that the CONTRACTOR and UTILITIES Project Manager are responsible for include: IT Computer Access Request Cyber security DVD Course Facility Access Request Signed Acknowledgement of Special Procedures for Security Related Projects from Team Members 8.0 Changes In Scope Changes UTILITIES has expended great efforts in preparing this SOW and in attempting to describe as thoroughly the requirements therein; however, it is possible that some of the requirements might have been inadvertently omitted from the SOW. If any requirements have been overlooked that relate to, or are similar to, the requirements contained in the SOW, such requirements shall be deemed incorporated by this reference into the relevant SOW # PR Page 7 of 9 Revision 10/2007
8 portion of the SOW if those additional requirements do not impact time, schedules, resource allocation, or incur additional costs. Out of Scope Changes For all requests for services that are outside of the agreed upon scope and objectives contained in this SOW, the performance of such services shall require a mutually agreed upon Amendment to the SOW. UTILITIES shall not be liable for any out of scope work or services which are performed prior to the execution of the Amendment between the parties. 9.0 Acceptance Criteria and Testing Once the Acceptance Criteria and testing has been completed for each deliverable(s), or group of deliverables, CONTRACTOR will submit a completed Acceptance Form, Attachment A to this Statement of Work, to the UTILITIES Project Manager. Upon acceptance and execution of the Acceptance Form by the UTILITIES Project Manager, CONTRACTOR shall submit an invoice to UTILITIES for payment. INTENTIONALLY LEFT BLANK Acceptance Form on next page SOW # PR Page 8 of 9 Revision 10/2007
9 Date Issued: Contract number: Task Order Number: Location of Service Delivery: Colorado Springs, CO Deliverable/ Task No Description of Deliverable: Actual Start Date Date Complete Other Comments: SOW # PR Page 9 of 9 Revision 10/2007
STATEMENT OF WORK (SOW) Data Governance Tool
1.0 Introduction Colorado Springs Utilities (UTILITIES) is a municipality owned four-service utility company, an enterprise of the City of Colorado Springs, located in Colorado Springs, Colorado. UTILITIES
More informationSTATEMENT OF WORK (SOW) for Web Content Management System Professional Services
1.0 Introduction With electronic and social media becoming a more important part of our overall communications strategy, the Colorado Springs Utilities (UTILITIES) Internet site has become an even greater
More informationSTATEMENT OF WORK (SOW) for LSF 9.0 Implementation
1.0 Introduction Colorado Springs Utilities (UTILITIES) requires professional services to assist in the upgrade from Lawson Environment version 8.0.3 to Lawson System Foundation (LSF) 9.0. This Statement
More information- ATTACHMENT - PROGRAM MANAGER DUTIES & RESPONSIBILITIES MARYLAND STATE POLICE W00B0400021
- ATTACHMENT - PROGRAM MANAGER DUTIES & RESPONSIBILITIES MARYLAND STATE POLICE W00B0400021 About this document this is a detailed description of typical Project Manager (PM) duties, responsibilities, and
More informationATTACHMENT 3 SPS PROJECT SENIOR PROGRAM MANAGER (SPM) DUTIES & RESPONSIBILITIES
1. ROLE DEFINITIONS ATTACHMENT 3 SPS PROJECT SENIOR PROGRAM MANAGER (SPM) DUTIES & RESPONSIBILITIES The purpose of this section is to distinguish among the roles interacting with the SPM obtained through
More informationStatement of Work RFP-DF-96217 Virtual Desktop Infrastructure
Statement of Work RFP-DF-96217 Virtual Desktop Infrastructure 1.0 Introduction Colorado Springs Utilities (UTILITIES) desires to contract with a reputable firm for the purchase and implementation of a
More informationSenior Security Analyst
Senior Security Analyst REQUEST FOR QUOTATION Minority Business Enterprise (MBE) ONLY State Term Schedule Page 1 of 13 Table of Contents INTRODUCTION AND BACKGROUND...3 PURPOSE OF THE REQUEST FOR QUOTATION...3
More informationG-Cloud Definition of Services Security Penetration Testing
G-Cloud Definition of Services Security Penetration Testing Commercial in Confidence G-Cloud Services An Overview Inner Security is a leading CREST registered information security services provider. We
More informationQ&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015
Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015 UPDATE HISTORY: 10/21/2015 10/30/2015 11/5/2015 Questions submitted by Proposers All proposers should reference the following
More informationREQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER
REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER OCTOBER 18, 2013 1 Table of Contents I. EXECUTIVE OVERVIEW... 3 II. BACKGROUND... 3 A. Goals & Objective of Request... 3 B. Project Scope... 4
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationRequest for Proposal Enterprise Information Technology Security Assessment
Request for Proposal Enterprise Information Technology Security Assessment 1. Summary The Vermont Energy Investment Corporation (VEIC), a non-profit corporation, requests proposals for an Enterprise Information
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationESKISP6055.01 Manage security testing
Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting
More informationUNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034
UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034 REQUEST FOR PROPOSAL Information Technology Security Audit RFP#UCA-15-072 PROPOSALS MUST BE RECEIVED BEFORE:
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationRFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST
RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,
More informationNational Cybersecurity Assessment and Technical Services
National Cybersecurity Assessment and Technical Services Updated: September 9, 2015 NCATS Program Overview Offer Full-Scope Red Team/Penetration Testing Capabilities through two primary programs: Risk
More informationCyber attack on Twitter, 250,000 accounts hacked
HEADLINES Impact and Cost At least 19 states have introduced or are considering security breach legislation in 2014. Most of the bills would amend existing security breach laws. According to the Ponemon
More information211 LA County. Technology Infrastructure Assessment. Request for Proposals. August 2012 Request for Proposals- 211 LA County 1
211 LA County Technology Infrastructure Assessment Request for Proposals August 2012 Request for Proposals- 211 LA County 1 1. General conditions and proposers directions 1.1. Overview 1.1.1. 211 LA County
More informationInformation Security Organizations trends are becoming increasingly reliant upon information technology in
DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: sales@spentera.com Visit us: http://www.spentera.com Protect Your Business. Get Your Service Quotations Today! Copyright 2011. PT. Spentera. All Rights
More informationCWRU REC Answers to RFQ
CWRU REC Answers to RFQ 1) Should consultant resumes be included in the intent propose due on 9/24 or just include them in the actual proposal for 10/1? I have four resumes that I could present today based
More informationProject Update December 2, 2008 2008 Innovation Grant Program
Tri-University Vulnerability Scanning/Management Solution Project Update December 2, 2008 2008 Innovation Grant Program 1 Project Summary This grant application is part of a previous project report presented
More informationBest Practices for Threat & Vulnerability Management. Don t let vulnerabilities monopolize your organization.
Best Practices for Threat & Vulnerability Management Don t let vulnerabilities monopolize your organization. Table of Contents 1. Are You in the Lead? 2. A Winning Vulnerability Management Program 3. Vulnerability
More informationNOS for Network Support (903)
NOS for Network Support (903) November 2014 V1.1 NOS Reference ESKITP903301 ESKITP903401 ESKITP903501 ESKITP903601 NOS Title Assist with Installation, Implementation and Handover of Network Infrastructure
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationExhibit A to RFP-SG-107276 STATEMENT OF WORK (SOW) Banking Services
Exhibit A to RFP-SG-107276 STATEMENT OF WORK (SOW) Banking Services 1.0 Introduction 1.1 Purpose Colorado Springs Utilities (Utilities) is requesting proposals from interested banks for the provision of
More informationFLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY. Request for Quote for Performance of Security Risk Assessment
FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY 1. Overview Request for Quote for Performance of Security Risk Assessment The Florida Agricultural and Mechanical University ( FAMU ) is seeking a qualified
More informationRequest for Proposal (RFP) Black Forest Community Wildfire Protection Plan (CWPP) Update
Black Forest Together Inc. (BFT) 11590 Black Forest Road, Suite 30 Colorado Springs, CO 80908 719-495-2445 (office) Request for Proposal (RFP) Black Forest Community Wildfire Protection Plan (CWPP) Update
More informationIssue Date: March 4, 2014. Proposal Due Date: Tuesday, March 18, 2014 by 11:00 AM Mountain Time to:
REQUEST FOR PROPOSALS (RFP) 15378A FOR DENVER WATER S Information Technology Third Party Patch Management Software Issue Date: March 4, 2014 Proposal Due Date: Tuesday, March 18, 2014 by 11:00 AM Mountain
More informationIT Project: System Implementation Project Template Description
2929 Campus Drive Suite 250 IT Project: System Implementation Project Template Description Table of Contents Introduction... 2 Project Phases... 3 Initiation & Requirements Gathering Milestone... 3 Initiation
More informationInformal Written Quote (IWQ) 15-07. Business Continuity Planning Consultant Services
Informal Written Quote (IWQ) 15-07 Business Continuity Planning Consultant Services TABLE OF CONTENTS SECTION TITLE PAGE 1.0 INTRODUCTION 1 2.0 SCOPE OF WORK 1 3.0 SERVICES TO BE PROVIDED 2 4.0 STAFFING
More informationNational Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014
National Cybersecurity Assessment and Technical Services: Capability Brief Presented by: Sean McAfee Updated: May 5, 2014 Program Overview Offer Full-Scope Red Team/Penetration Testing Capabilities Services
More informationIT Optimization Consulting Services for Organizational Change Management (OCM)
IT Optimization Consulting Services for Organizational Change Management (OCM) April 5, 2013 REQUEST FOR QUOTATION MINORITY BUSINESS ENTERPRISE (MBE) PREFERRED State Term Schedule Table of Contents 1.
More informationNetwork Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients
Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients Network Test Labs Inc. Head Office 170 422 Richards Street, Vancouver BC, V6B 2Z4 E-mail: info@networktestlabs.com
More informationEnterprise Information Technology Security Assessment RFP Answers to Questions
Enterprise Information Technology Security Assessment RFP Answers to Questions GENERAL QUESTIONS Q: How do the goals of the security assessment relate to improving the way VEIC does business? A: Security
More informationSecurity Control Standard
Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,
More informationColorado Department of Health Care Policy and Financing
Colorado Department of Health Care Policy and Financing Solicitation #: HCPFRFPCW14BIDM Business Intelligence and Data Management Services (BIDM) Appendix B BIDM Project Phases Tables The guidelines for
More informationINFORMATION TECHNOLOGY ENGINEER V
1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County
More informationVulnerability management lifecycle: defining vulnerability management
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
More informationThreat Management: Incident Handling. Incident Response Plan
In order to meet the requirements of VCCS Security Standards 13.1 Reporting Information Security Events, and 13.2 Management of Information Security Incidents, SVCC drafted an (IRP). Incident handling
More informationAbout This Document. Response to Questions. Security Sytems Assessment RFQ
Response to Questions Security Sytems Assessment RFQ Posted October 1, 2015 Q: Which specific security assessment processes are sought for this engagement? The RFQ mentions several kinds of analysis and
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationConsulting and Technical Services (CATS) Task Order Request for Proposals (TORFP)
Consulting and Technical Services (CATS) Task Order Request for Proposals (TORFP) MARYLAND DEPARTMENT OF THE ENVIRONMENT OFFICE OF INFORMATION TECHNOLOGY WEB REVAMP PROJECT PROJECT MANAGEMENT SUPPORT SERVICES
More informationSERVICES WORK ORDER. Effective date of this Work Order: Work Order Number:
SERVICES WORK ORDER This Services Work Order ( Work Order or SOW ) is subject to all terms and conditions of the Software Services Agreement between Infor (US), Inc. ( Infor ) and ( Licensee ) with an
More informationMaintenance Service 1.1 ANNUAL PREVENTIVE MAINTENANCE 1.2 ON-SITE REMEDIAL SERVICES
Maintenance Service Statement of Work 1.0 Executive Summary - 1 - UPS/PDU Advantage Ultra UPS/PDU Advantage Ultra Service Service Table of Contents 1.0 Executive Summary 2.0 Features & Benefits 3.0 Details
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT
ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationNYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011
NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011 Executive Summary BACKGROUND The NYS Local Government Vulnerability Scanning Project was funded by a U.S. Department of Homeland Security
More informationSAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT
SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Angeline C. Peralez Date Issued: July 24, 2014 BID NO.: 14-6077 FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR THE ONE TIME PURCHASE OF NETWORK
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationRequest for Quote HIPAA Security Risk Analysis
Request for Quote Security Risk Analysis 4/26/13 Florida Department of Children and Families Purpose The Florida Department of Children and Families (DCF or the Department) is looking for a qualified information
More informationNo.Ed.CIL/IS Unit/It Security/2014/1..April, 2014. Quotation for Security Audit for EdCIL house IT infrastructure.
TO No.Ed.CIL/IS Unit/It Security/2014/1..April, 2014 Subject: Quotation for Security Audit for EdCIL house IT infrastructure. Dear Sir, This Corporation is interested in security Audit of its IT infrastructure
More informationPre-proposal Conference
Pre-proposal Conference RFP 1-15-C017 Office Of Technology Information Systems And Infrastructure Penetration Test January 08, 2015 Disclaimer The information contained in this presentation is for informational
More informationIndependent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN
Independent Security Operations Oversight and Assessment Captain Timothy Holland PM NGEN 23 June 2010 Independent Security Operations Oversight and Assessment Will Jordan NGEN Cyber Security 23 June 2010
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationHow To Understand Cyber Security
Law Enforcement Perceptions of Cyber Security International Association of Chiefs of Police Canadian Association of Chiefs of Police May 2013 This study made possible through financial and program support
More informationCity of Hapeville, GA VC3Advantage Work Order
City of Hapeville, GA VC3Advantage Work Order ServiceAdvantage Work Order No. [ VC3INC-1097-62019 ] under the Master Services Agreement, dated. July 1, 2015 Atlanta Columbia Raleigh 1301 Gervais Street,
More informationVendor Questions and Answers
OHIO DEFERRED COMPENSATION REQUEST FOR PROPOSALS (RFP) FOR COMPREHENSIVE SECURITY ASSESSMENT CONSULTANT Issue Date: December 7, 2016 Written Question Deadline: January 11, 2016 Proposal Deadline: RFP Contact:
More informationPatch and Vulnerability Management Program
Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent
More informationState of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure. www.quotium.com 1/11
State of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure www.quotium.com 1/11 Table of Contents 1 INTRODUCTION... 3 2 DO APPLICATIONS IN YOUR ORGANIZATION
More informationLeader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307
Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307 REQUEST FOR PROPOSAL Information Security Assessment/External Penetration Testing PROPOSALS MUST BE RECEIVED VIA EMAIL BEFORE:
More informationBackup & Storage Service Terms & Conditions
Backup & Storage Service Terms & Conditions Issue Date: 19/10/12 Version: 1.4 Page 1 of 11 Schedule 2 Backup & Storage Service Terms & Conditions 1. Preamble 1.1. These Backup & Storage Service Terms &
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationSample Statement of Work
Sample Statement of Work Customer name Brad Miller brad@solidborder.com Fishnet Security Sample Statement of Work: Customer Name Scope of Work Engagement Objectives Customer, TX ( Customer or Client )
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal
More informationREQUEST FOR PROPOSAL Licensed Childcare Provider Grantsville Elementary School Spring 2015
REQUEST FOR PROPOSAL Licensed Childcare Provider Grantsville Elementary School Spring 2015 Deadline for Inquiries: Time and Date Set for Closing: February 23, 2015, 3:00 P.M. March 2, 2015, 3:00 P.M. Potential
More informationMinnesota Health Insurance Exchange Project (MNHIX) Deliverable Definition Document (DDD) For Project Management Plan Date: 07-31-2012
Minnesota Health Insurance Exchange Project (MNHI) Deliverable Definition Document (DDD) For Project Plan Date: 07-31-2012 11/9/2012 1:18 PM Page 1 of 8 1. High Level Deliverable Description The Project
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationSTATE OF NEW JERSEY IT CIRCULAR
NJ Office of Information Technology P.O. Box 212 www.nj.gov/it/ps/ Chris Christie, Governor 300 River View E. Steven Emanuel, Chief Information Officer Trenton, NJ 08625-0212 STATE OF NEW JERSEY IT CIRCULAR
More informationConsulting and Technical Services (CATS) Task Order Request for Proposals (TORFP)
Consulting and Technical Services (CATS) Task Order Request for Proposals (TORFP) DEPARTMENT OF INFORMATION TECHNLOGY CENTRAL COLLECTIONS UNIT S (CCU) COLUMBIA ULTIMATE BUSINESS SYSTEM (CUBS) MODERNIZATION
More informationREQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014
REQUEST FOR PROPOSAL (RFP) #021-14 HIPAA SECURITY ASSESSMENT VENDOR QUESTIONS & ANSWERS ~ MAY 29, 2014 Q1) Page 2, Section A and Page 5, Section H --- Does the County desire only an assessment of compliance
More informationFedRAMP Standard Contract Language
FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal
More informationBusiness Intelligence Data Analyst
Business Intelligence Data Analyst REQUEST FOR QUOTATION Minority Business Enterprise (MBE) ONLY State Term Schedule Page 1 of 12 Table of Contents INTRODUCTION AND BACKGROUND...3 PURPOSE OF THE REQUEST
More informationTechnical Support Services
Description of Services Technical Support Services V2.0 October, 2013 KBZ Communications, Inc. Service Summary This document describes the service offerings of the KBZ ZCare Technical Support Program.
More informationAppendix A1 AUTOMATED EMPLOYEE SCHEDULING SYSTEM (AESS) PHASE I PILOT INSTALLATION. Statement of Work
Appendix A1 AUTOMATED EMPLOYEE SCHEDULING SYSTEM (AESS) PHASE I PILOT INSTALLATION Statement of Work These requirements are intended to provide general information only and are subject to revision. The
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationMICHIGAN DEPARTMENT OF TECHNOLOGY, MANAGEMENT AND BUDGET UCC and CPC MDOS Letters to FileNet PROJECT MANAGER STATEMENT OF WORK (SOW)
MICHIGAN DEPARTMENT OF TECHNOLOGY, MANAGEMENT AND BUDGET UCC and CPC MDOS Letters to FileNet PROJECT MANAGER STATEMENT OF WORK (SOW) A Pre-Qualification Program was developed to provide a mechanism for
More informationRequest for Resume (RFR) for Project Manager (Senior) CATS+ Master Contract All Master Contract Provisions Apply. Section 1 General Information
Request for Resume (RFR) for Project (Senior) Section General Information RFR Number: (Reference BPO Number) Functional Area (Enter One Only) Q00R00 BPO # 060B900 in ADPICS Functional Area 0 IT Management
More informationMinnesota Health Insurance Exchange (MNHIX)
Minnesota Health Insurance Exchange (MNHIX) 1.2 Plan September 21st, 2012 Version: FINAL v.1.0 11/9/2012 2:58 PM Page 1 of 87 T A B L E O F C O N T E N T S 1 Introduction to the Plan... 12 2 Integration
More informationG- Cloud Specialist Cloud Services. Security and Penetration Testing. Overview
Description C Service Overview G- Cloud Specialist Cloud Services Security and Penetration Testing This document provides a description of TVS s Security and Penetration Testing Service offered under the
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationADDENDUM #1 REQUEST FOR PROPOSALS 2015-151
ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151 HIPAA/HITECH/OMNIBUS Act Compliance Consulting Services TO: FROM: CLOSING DATE: SUBJECT: All Potential Responders Angie Williams, RFP Coordinator September 24,
More informationREQUEST FOR PROPOSAL RFP #12-004. For the Provision of After Hours Answering Services. Proposal Due Date/Time: October 19, 2012 @ 4:00 p.m.
REQUEST FOR PROPOSAL RFP #12-004 For the Provision of After Hours Answering Services Proposal Due Date/Time: October 19, 2012 @ 4:00 p.m. Children s Aid Society of London and Middlesex 1680 Oxford Street
More informationREQUESTS FOR PROPOSAL (RFP) FOR UTILITY RATE CONSULTING SERVICES FOR THE CITY OF FORT MORGAN
REQUESTS FOR PROPOSAL (RFP) FOR UTILITY RATE CONSULTING SERVICES FOR THE CITY OF FORT MORGAN INTRODUCTION The intent of this Request for Proposal is to retain a qualified person, firm, or corporation,
More informationMinnesota Department of Employment and Economic Development (DEED) Project: Web Application Security Assessment. DEED Answers to Vendor s Questions
Minnesota Department of Employment and Economic Development (DEED) Project: Web Application Security Assessment DEED Answers to Vendor s Questions Friday, 10 September 2010 1. Has data classification been
More information4 Testing General and Automated Controls
4 Testing General and Automated Controls Learning Objectives To understand the reasons for testing; To have an idea about Audit Planning and Testing; To discuss testing critical control points; To learn
More informationRequest for Proposal IP Phone System Upgrade
SECTION A GENERAL INFORMATION Request for Proposal IP Phone System Upgrade 1. Purpose Mesa County Public Library District (MCPLD) is requesting bid proposals for an IP Phone System Upgrade. 2. List of
More informationSecurity. Security consulting and Integration: Definition and Deliverables. Introduction
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data
More informationInformation Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationCONTRA COSTA MOBILITY MANAGEMENT INVENTORY AND PLAN CENTRAL CONTRA COSTA TRANSIT AUTHORITY. REQUEST FOR PROPOSALS September 2011
CONTRA COSTA MOBILITY MANAGEMENT INVENTORY AND PLAN CENTRAL CONTRA COSTA TRANSIT AUTHORITY REQUEST FOR PROPOSALS September 2011 CCCTA 2477 Arnold Industrial Way Concord, CA 94520 SECTION I: Introduction
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationDepartment of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review DCF Answers to Vendor Questions
Department of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review s to Vendor Questions Questions as Submitted by Vendors (Duplicates omitted) 1. Have controls
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationRequest for Proposal Finance and Corporate Services Department
Request for Proposal Finance and Corporate Services Department Project Manager for Richmond Fire Rescue Scheduling Software 1. Introduction 1.1 The City of Richmond (the City ) proposes to engage the services
More informationMemorandum. 1. Introduction
Memorandum To: Mississippi Government IT Directors and Purchasing Agents From: Craig P. Orgeron, Ph.D. Date: April 22, 2015 (Revised June 29, 2015) Re: Security Assessment Services RFP No. 3735 Instructions
More informationSpecialist Cloud Services. Acumin Cloud Security Resourcing
Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting
More information