Introduction and Background



Similar documents
Leader Dogs for the Blind 1039 South Rochester Road Rochester Hills, MI 48307

UNIVERSITY OF CENTRAL ARKANSAS PURCHASING OFFICE 2125 COLLEGE AVENUE SUITE 2 CONWAY, AR 72034

REQUEST FOR PROPOSAL windows,sliding glass door repair and replacement contractors

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

Request for Proposal: Catholic Charities of the Archdiocese of Miami, Inc. is accepting proposals until May 20th, 2016 for IT managed services.

Secure Electronic Voting RFP Kit

Request for Proposals: Online Course Development

Penetration Testing. Request for Proposal

DISTRICT OF COLUMBIA SUPERIOR COURT OFFICE OF CONTRACTS AND PROCUREMENT REQUEST FOR PROPOSALS (RFP) FROM GSA FEDERAL SUPPLY SCHEDULE CONTRACTORS FOR

Request for Quote HIPAA Security Risk Analysis

Specifications for VOIP Telephone System, Data Distribution and Protection and Associated Wireless Infrastructure

State of Texas. TEX-AN Next Generation. NNI Plan

Request for Proposal HIPAA Security Risk and Vulnerability Assessment

REQUEST FOR PROPOSAL: A NEW AUDITING SOLUTION FOR WINDOWS FILE AND DATABASE SERVERS

Request for Proposal Managed IT Services 7 December 2009

MODEL REQUEST FOR PROPOSALS (RFP) TEMPLATE Generalized for professional services.

Request for Proposal 911- SUPPLEMENTAL ALI DATABASE MANAGEMENT SERVICES AND SUPPORT

Request for Proposal RFP No. IT Phone System Replacement

Request for Proposal NORTEL TELEPHONE SYSTEM MAINTENANCE SERVICES. Luzerne County Information Technology Department LUZERNE COUNTY PENNSYLVANIA

REQUEST FOR PROPOSAL

ADDENDUM #1 REQUEST FOR PROPOSALS

TLN VoIP Q&A Document

2015 Piqua City Schools RFP for Network Equipment under E-Rate Category 2

Request for Resume (RFR) CATS II Master Contract. Section 1 General Information R00B

REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES. Bid Packets are Due:

INTERNET SERVICE FOR OAKLAND UNIFIED SCHOOL DISTRICT REQUEST FOR PROPOSALS (RFP) FOR E-RATE 17 ( )

MOUNTAIN EMPIRE UNIFIED SCHOOL DISTRICT REQUEST FOR PROPOSAL

TOWN OF SILVERTHORNE, COLORADO RFP for Independent Professional Auditing Services

1 OPPORTUNITY SUMMARY

CITY OF BONITA SPRINGS, FLORIDA RFP #

Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015

CORPORATION FOR PUBLIC BROADCASTING Request for Proposals Moderated Online Focus Groups and Data Analysis

Information Concerning Specifications: Contact: Torri Martin (770)

SERVICE PROVIDER CRITERIA AND CONTRACT REQUIREMENTS

CITY OF BLAINE REQUEST FOR PROPOSAL IP TELEPHONY SYSTEMS CONSULTANT

KIPP MEMPHIS COLLEGIATE SCHOOLS

PRE-PROPOSAL MEETING: October 5, 2011 AT 10:00 AM at the address below or by

WATERFRONT COMMISSION OF NEW YORK HARBOR An Instrumentality of the States of New York and New Jersey. Request for Proposal

REQUEST FOR PROPOSAL 2015 SIP TRUNK SERVICES PPSD BID #216. E Rate 470 #

REQUEST FOR PROPOSAL WAN AND INTERNET AND HOSTED VOIP

Infrastructure Technical Support Services. Request for Proposal

LANE COUNTY, OREGON SOLICITATION: REQUEST FOR PROPOSALS. Transcription Services. Community Health Centers of Lane County/Lane County Behavioral Health

Lake County, Oregon Request for Proposal VoIP Telephone Communications System

REQUEST FOR PROPOSALS FOR INTERNAL CONNECTIONS. INCLUDING EQUIPMENT and. VoIP TELEPHONE SYSTEM FOR THE ALTERNATE HIGH SCHOOL BUILDING

SERVICE PROVIDER CRITERIA AND CONTRACT REQUIREMENTS

EAST PALO ALTO SANITARY DISTRICT

CLARK-PLEASANT COMMUNITY SCHOOLS

Request for Proposals on Security Audit Services

City of Woodinville, Washington

Request for Proposal MAINTENANCE SERVICES FOR NEC TELEPHONE SYSTEMS. Luzerne County Information Technology Department LUZERNE COUNTY PENNSYLVANIA

III. Services Required The following details the services to be provided to the Town of North Haven in the area of information services:

Customer Managed Connectivity - Milan

REQUEST FOR PROPOSAL INFORMATION SECURITY PROGRAM PROVIDER

OVERVIEW. We seek consultative services that would deal with the following objectives:

REQUEST FOR PROPOSAL FOR INSURANCE AGENT/BROKER AGENT OF RECORD

REQUEST FOR PROPOSAL #R13004 INFORMATION SECURITY PENETRATION ASSESSMENT

No.Ed.CIL/IS Unit/It Security/2014/1..April, Quotation for Security Audit for EdCIL house IT infrastructure.

RFP 1337 Board approved Posted, 14 October, 2009

Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN

REQUEST FOR PROPOSALS VOLUNTEER SECURITY VETTING SERVICES

Request for Proposal for Telephone System Hosted VoIP System On Premise VoIP System Hybrid IP System #RFP PHONE SYSTEM 1

Four Top Emagined Security Services

CITY OF MILTON REQUEST FOR PROPOSAL # ITS

Consulting Services for CORPORATE SPONSORSHIP ASSET INVENTORY & VALUATION

Department of Children and Families (DCF) Request for Information (RFQ) #01U013DS1 HIPAA Compliance Review DCF Answers to Vendor Questions

REQUEST FOR QUALIFICATIONS ST. LOUIS COUNTY OFFICE OF COMMUNITY DEVELOPMENT HOMEBUYER ASSISTANCE & COMMUNITY BUILDER INCENTIVE 2016

REQUEST FOR PROPOSAL FINANCIAL ADVISOR SERVICES FOR COMMUNITY CONSOLIDATED SCHOOL DISTRICT 62

Request for Proposal: Network Switches

How To Bid For A Major Network Connection At Midland City Elementary

REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SUPPORT SERVICES

REQUEST FOR PROPOSAL FOR DESKTOP MANAGEMENT SYSTEM FOR MIDVALE CITY OFFICES

BID SPECIFICATION PACKAGE

Request for Information Information Technology Audit of Voice over Internet Protocol (VOIP) System. City of Tulsa-Internal Auditing Department

Request for Proposal. Broker and Claims Management Services For Redlands Christian Migrant Association, Inc. Workers Compensation Insurance Program

Transcription:

Request for Bid Network Security Assessment March 28, 2016 Introduction and Background Purpose of the Request for Proposal The Library Network operates a wide area telecommunications network for 70 public library buildings within the Metro Detroit area. Data circuits with port speeds ranging from 10mb to 250mb using AT&T Switched Ethernet fiber are currently provided by AT&T. Merit Network is the ISP. Each library goes direct out to the internet rather come back to TLN for internet access. The current wide-area-network utilizes a fiber backbone for supporting TCP/IP based applications for shared library resources. The telecommunications equipment currently in the libraries includes TLN owned and managed Cisco routers model#isr4331-ax/k9 and Cisco router models 2821 and 2921. TLN houses several servers. The servers are Solaris and Windows-based. The virtual server software in use is Hyper-V for some of the servers. These services are maintained by TLN staff. TLN operates a library database system (SirsiDynix Symphony) that provides application software supporting library functions for 51 member libraries. This system houses bibliographic and (legally protected) patron data. Libraries access the SirsiDynix Enterprise online catalog through the cloud. TLN is interested in conducting a security assessment that will allow it to: Gain a better understanding of potential network vulnerabilities that may be visible from the Internet. Determine if the managed network equipment is secure. Evaluate the security associated with public self-service applications that are used by TLN s member libraries and their patrons. TLN is seeking to identify and select an outside independent organization to perform the activities listed above. The remainder of this document provides additional information that will allow a service provider to understand the scope of the effort and develop a proposal in the format desired by The Library Network.

Page 2 Administrative Any questions concerning this RFP, technical specifications or request for a site visit must be directed to: Angie Michelini, Technology Services Manager 248.536.3100 x144, amichelini@tln.lib.mi.us Due Dates Formalized bid due: April 27, 2016 by 4pm, electronic submission preferred. Late entries will not be accepted. Schedule of Events 1. RFP Distribution to Vendors 3/29/2016 2. Vendors Bid Meeting to address questions 4/6/2016 3. Responses to Vendors questions due 4/11/2016 4. Final Call for Questions Due 4/14/2016 5. Proposal Due Date 4/27/2016 6. Target Date for Final Vendor Selection 5/27/2016 7. Anticipated commencement date of work 7/11/2016 Proposal Submission Award of the contract resulting from this RFP will be based upon the most responsive Vendor whose offer will be the most advantageous to TLN in terms of cost, functionality and other factors as specified elsewhere in this RFP. TLN reserves the right to: Reject any or all offers and discontinue this RFP process without obligation or liability to any potential Vendor Accept other than the lowest priced offer Award a contract on the basis of initial offers received, without discussions or requests for best and final offers Award more than one contract Vendor s proposal shall be submitted in several parts as set forth below. The Vendor will confine its submission to those matters sufficient to definite its proposal and to provide an adequate basis for TLN s evaluation of the Vendor s proposal.

Page 3 The submitted proposals are suggested to include each of the following sections: 1. Executive Summary 2. Approach and Methodology 3. Project Deliverables 4. Project Management Approach 5. Detailed and Itemized Pricing 6. Appendix A: References 7. Appendix B: Project Team Staffing 8. Appendix C: Company Overview The detailed requirements for each of the above-mentioned sections are outlined below. Detailed Response Requirements Executive Summary This section will present a high-level synopsis of the Vendor s responses to the RFP. The Executive Summary should be a brief overview of the engagement and should identify the main features and benefits of the proposed work. Scope, Approach and Technology Include detailed testing procedures and technical expertise by phase. This section should include a description of each major type of work being requested by the vendor. All information that is provided will be held in strict confidence. The proposal should reflect each of the sections listed below. Assessment Scope Phase I I. Internal Network Vulnerability Assessment a) Examination of the security on Windows servers, Solaris servers and databases of the internal network b) Examination of the security on network devices including the following in target space: Number of routers: 0 Number of managed switches: 13 (Cisco products) Number of firewalls: 2 (1 for redundancy, failover) Number of physical servers for technology services: 6 Number of physical servers for library services: 3 Number of virtual servers: 13 c) Examination of security for VLANs d) Examination of security for VoIP services e) Examination of unencrypted services f) Examination of patching services g) Examination of account controls h) Examination of 2 library routers i) Examination of 2 library firewalls

Page 4 II. External Network Vulnerability Assessment a) Examination of the internet-facing hosts and services Number of live hosts: 7 b) Examination of unencrypted services c) Examination of patching services d) Examination of account controls III. Wireless Network Vulnerability Assessment a) Examination of the security of wireless networks Cisco Meraki 1 Access Point b) Examination of network segmentation c) Examination of wireless encryption protocols IV. Web Application Vulnerability Assessment a) Examination of the security of web applications Assessment Scope Phase II Penetration Testing Penetration testing would commence after TLN staff have addressed the recommendations from the vulnerability testing. Approximately 30 days after the report is submitted to TLN. Scope of Work Deliverables At the conclusion of the assessment, TLN requires written documentation of the approach, findings and recommendations associated with this project. A formal presentation of the findings and recommendations to senior management may also be required. The documentation should consist of the following: Detailed Technical Report A document developed for the use of TLN s technical staff which discusses: the methodology employed, positive security aspects identified, detailed technical vulnerability findings, an assignment of a risk rating for each vulnerability, supporting detailed exhibits for vulnerabilities when appropriate and detailed technical remediation steps. Executive Summary Report A document developed to summarize the scope, approach, findings and recommendations in a manner suitable for senior management.

Page 5 Deliverables Includes descriptions of the types of reports used to summarize and provide detailed information on security risk, vulnerabilities, and the necessary countermeasures and recommended corrective actions. Include sample reports as attachments to the proposal to provide an example of the types of reports that will be provided for this engagement. A 30 day follow-up visit after Phase I and before Phase II by your company representative will be included as a deliverable of this audit to ensure that all recommended corrective action in the management document has been addressed. Project Management Approach Include the method and approach used to manage the overall project and client correspondence. Briefly describe how the engagement proceeds from beginning to end. Detailed and Itemized Pricing Include a fee breakdown by project phase and estimates of travel expenses. In addition, please include itemized pricing for each part of Phase I and Phase II. It s possible that due to budget constraints, TLN may only be able to do a partial assessment during this fiscal year and during the next fiscal year do another assessment for remaining items that were not approved in this fiscal year. Appendix: References Provide three current references, preferably from education, nonprofit or library sectors for which you have performed similar work. Appendix: Project Team Staffing Include biographies and relevant experience of key staff and management personnel. Describe the qualifications and relevant experience of the types of staff that would be assigned to this project by providing biographies for those staff members. Describe bonding process and coverage levels of employees. Affirm that no employees working on the engagement have ever been convicted of a felony. Appendix: Company Overview Provide the following for your Company: Official registered name (Corporate, D.B.A., Partnership, etc.), Dun & Bradstreet number, Primary and Secondary SIC numbers, address, main telephone number, toll-free number and fax number. Key contact name, title, address (if different from above address), direct telephone and fax numbers. Person authorized to contractually bind the organization for any proposal against this RFP. Brief history, including year established and number of years your company has been offering Information Security Testing.

Page 6 Evaluation Factors for Award Criteria Any award to be made pursuant to this RFP will be based upon the proposal with appropriate consideration given to operational, technical, cost and management requirements. Evaluation of offers will be based upon the Vendor s responsiveness to the RFP and the total price quoted for all items covered by the RFP. The following elements will be the primary considerations in evaluating all submitted proposals and in the selection of a Vendor: 1. Completion of all required responses in the correct format. 2. The extent to which the Vendor s proposed solution fulfills TLN s stated requirements as set out in this RFP. 3. An assessment of the Vendor s ability to deliver the indicated service in accordance with the specifications set out in this RFP. 4. The Vendor s stability, experiences, and record of past performance in delivering such services. 5. Availability of sufficient high quality Vendor personnel with the required skills and experience for the specific approach proposed. 6. Overall cost of Vendor s proposal. TLN may, at their discretion and without explanation to the prospective Vendors, at any time choose to discontinue this RFP without obligation to prospective Vendors. Benefit A benefit for the vendor winning the bid award is possible additional business with providing security assessments for the public libraries in the TLN five county region.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information