Specialist Cloud Services. Acumin Cloud Security Resourcing



Similar documents
Cyber Security and Data Privacy Acumin Specialist Cloud Services

ICT and Information Security Resources

UK Permanent Salary Index

Growth Through Excellence

GPG13 Protective Monitoring. Service Definition

PSN Protective Monitoring. Service Definition

Applications and Solutions Architecture Cloud Services

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

Tactical Cost Reduction

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

SERVICE DEFINITION CYBER SECURITY SERVICES CONTENTS

Service Definition Document

Cloud Brokerage. G-Cloud Service. Arcus Global

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

ediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: G-Cloud@esynergy-solutions.co.

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS

Service Management and ICT Monitoring and Reporting Advisory and Implementation Services

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

Our consultancy team will provide guidance throughout the process helping you to produce the necessary documentation and raise staff awareness.

Salesforce ExactTarget Marketing Cloud Consultancy and Implementation Services

Cloud Platform Development Services

Security Consultants / Security Managed Services

G-Cloud Service Definition. Atos Data Quality Audit SCS

G-Cloud Service Definition. Atos Security Professional Services SCS

Response to the Crown Commercial Service from HP Enterprise Services UK Ltd

Overview. Service Description: BCP & DR Strategy (L6)

Big Data Analytics Service Definition G-Cloud 7

BYOD / Mobile Strategy Alchemmy Service for G-Cloud 7

Box.com Enterprise Content Management Services

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

Digital Forensics G-Cloud Service Definition

Supplier / Vendor Management Alchemmy Service for G-Cloud 7

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Integrated windows authentication for customers based on Probation GSI network

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

G-Cloud Service Definition. Atos SI Oracle CRM and CX Services

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)

DATA ANALYTICS SERVICES. G-CLOUD SERVICE DEFINITION.

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

SmartImpact MS Dynamics CRM. Support Service Definition

How To Help Your Business Succeed

1. Perimeter Security Dealing with firewall, gateways and VPNs and technical entry points. Physical Access to your premises can also be reviewed.

GSA Techsource. Big Data Cloud Support and Analytics

PTS Service Definition Document. G-Cloud 7. IT Service Continuity Management

Lot 4 Specialist Cloud Service Questmark Ltd. Video Conferencing Small Meeting Room Service

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services

Big Data Cloud Services

G Cloud III Framework Lot 4 (SCS) Project Management

CenturyLink Disaster Recovery Service. G-Cloud V Lot 4 (Specialist Cloud Services)

ediscovery Services from Quadrant - to enable more or better use of Cloud Services (Service Definition, G-Cloud CloudStore Services)

G-Cloud Definition of Services Security Penetration Testing

Infrastructure Services

Informed Solutions InformedINSIGHT Big Data G-Cloud5 Service Definition

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

G-Cloud Framework. Page 1. Document for Service Definition Audit management System. In response to G Cloud 6 Requirements

AWS IaaS Services. Methods Digital GCloud Service Definition

Lot 1 Service Specification MANAGED SECURITY SERVICES

CESG Certification of Cyber Security Training Courses

Committees Date: Subject: Public Report of: For Information Summary

Neocol E-Discovery Consulting Services

Career Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88

<COMPANY> P01 - Information Security Policy

IPL Service Definition - Data Recovery, Conversion and Migration

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

G-CLOUD SPECIALIST CLOUD SERVICES

Software as a Service (SaaS) Online HR

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business

Business Analysis from Quadrant - to enable more or better use of Cloud Services (Service Definition, G-Cloud CloudStore Services)

Service: Contract Management (Software as a Service)

GCloud Application Development Service Definition. Application Development

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open

Cyber Security Solutions

Impact Level HootSuite does not yet have an Impact Level accreditation, however if we were to apply we believe we would be at the IL3 level.

Lot 4 Service Specification BUSINESS PROCESS MANAGEMENT (BPM) PROFESSIONAL SERVICES

Application Management. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

G-Cloud Service Definition. Atos Oracle Cloud ERP Implementation Services

Overview... Backup & Disaster Recovery... Quality Management...

THOMSON REUTERS C-TRACK E-FILING SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6

Master Data Management

The IaaS Server On Boarding Process

On-Boarding and Off-Boarding Services

STL Microsoft Dynamics CRM Consulting and Support Services

G-Cloud Service Description. Atos: Cloud Professional Services: Requirements Specification

Bespoke Cloud Software and Web Application Development

Discovery Phase Delivery Service Definition

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

CESG Certified Professional

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open

STL Microsoft SharePoint Consulting and Support Services

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

Service Definition (Q-D1) Vulnerability Scan (LITE Test) Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition

Working Group on. First Working Group Meeting

Service Description, G-Cloud Services Social Media Monitoring and Engagement

Graphical Applications in the Cloud. Lot 2 - Platform as a Service. Version: 4.0, Issue Date: 05/02/2014. Classification: Open

G-Cloud Service Definition. Atos SharePoint Development Service

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

G-Cloud III Services Service Definition Accenture Cloud Security Services

Transcription:

Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting Ltd. Tel: 020 7987 3838 P a g e 1

Copyright 2013 Acumin Consulting Ltd All Rights Reserved Neither this document, nor any part of the contents of this document may be reproduced or distributed in any form or by any means without the prior written permission of Acumin Consulting Ltd. The Information contained in this document is intended for the sole use of the personnel of Acumin Consulting Ltd, such other persons named as recipients, or persons named on a circulation list. Acumin Consulting Ltd drawings, pictures or documents remain the property of Acumin Consulting Ltd at all times, and may contain information of a privileged and confidential nature. Should any person receive this document in error, please notify Acumin Consulting Ltd immediately. Contact: Acumin Consulting Ltd Suite 22 Beaufort Court, Admirals Way, London. E14 9XL 020 7987 3838 info@acumin.co.uk Acumin Consulting Ltd. Tel: 020 7987 3838 P a g e 2

Contents 1. Service Overview... 4 Fig. 1 Cloud Security Job Roles... 4 2. Why Choose Acumin?... 6 Scalability and Flexibility... 6 Quality and Alignment... 6 Industry Commitment... 6 3. Pricing... 7 Fig 2. Specific Cloud Security Services Day Rate Card... 7 Standards for Consultancy Day Rate cards... 7 4. Additional Items... 8 Information Assurance... 8 On-boarding and Off-boarding processes/scope... 8 Service Management... 8 Service Constraints... 8 Service Levels (e.g. performance, availability, support hours, severity definitions etc.)... 8 Financial recompense model for not meeting service levels... 8 Training... 8 Ordering and invoicing process... 8 Termination terms... 8 Data restoration / service migration... 8 Consumer responsibilities... 8 Technical requirements... 8 Acumin Consulting Ltd. Tel: 020 7987 3838 P a g e 3

1. Service Overview Information Assurance Data Risk and Compliance Cloud Security Architecture Business Continuity Acumin provide a cost effective, scalable and measureable resource pool of the very best Information Security and Cyber Security consultants in the UK who can provide high-level advisory, through to technical implementations services to safeguard the data you store, use and manage with Cloud based Solutions. Security and Compliance are the top concern when using Cloud solutions and we specifically focus on resourcing these skills and have done so for 15 years. With G-Cloud, we can now bring our skills and expertise directly to the UK Public Sector, offering you substantial cost savings and a professional approach. Through the G-Cloud framework, we provide skills that align to the Cloud Security Alliance s (CSA) own key principles to help ensure Data Compliance, Availability, Secure Access to Data and to mitigate risks of Data Leaks when operating in a Cloud environment. See below for specific description of Profession and Job role resourced for under these services. Fig. 1 Cloud Security Job Roles CSA Key Principal Professional description Specific Job Roles Cloud Computing Architectural Framework Compliance and Audits Ensuring the fundamental Architectural Security controls are in place, matched against potentially different risks than traditional IT solutions Achieving, maintaining and proving compliance when using Cloud Solutions. How to comply with both internal and external policies and regulations. How to successfully prove compliance when audited. Enterprise Security Architect ISO27002 Lead Auditor CLAS Consultant IS Accreditor Data Privacy Officer PCI Consultant (QSA) Incident Response and Remediation Legal and e-discovery Application Security Identity & Access Management (IDM) Identifying and assessing the technical threats associated with Cloud Computing. Ensuring that the Cloud Provider monitors and highlights possible incidents, responds accordingly and makes continual improvements. Ensuring the Organisation and its Cloud Provider adheres to legal requirements such as Data Privacy and Information and Computer Systems requirements. E-discovery - capability to investigate any possible breach and gather evidence accordingly. Ensure the Cloud solutions applications are secure and scalable. Also ensuring the in house applications are robust and securely integrated into the Cloud Solution when required Ensuring the identities of users and the access to data they are trusted with is allocated accordingly in the Cloud. Can the provider effectively map and synchronise with an organisations existing IDM solution Threat and Incident Response Analyst Network Forensics Analyst e-discovery Analyst Data Protection Advisor Security Architect - Web Application Penetration Tester - Web Application Access Control / Security Operations Analyst IDM Consultant Acumin Consulting Ltd. Tel: 020 7987 3838 P a g e 4

Fig 1. Cloud Security Job Roles continued CSA Key Principal Professional description Specific Job Roles Encryption & Key Management Assessment of the need to encrypt specific data and the control of that data with the Cloud Solution provider. PKI Consultant Traditional Security Governance and Enterprise Risk Management Business Continuity and Disaster Recovery Addressing overall security policy and operational security process associated with the changing landscape of using Cloud Solutions. High-level risk management and review of Enterprise Risk Frameworks and Architectures How an organisation assesses and governs risk when using Cloud Solutions on an Enterprise level. Implementing possible changes to an organisations Enterprise Governance frameworks to mitigate the organisations possible exposure to legal and regulatory risks associated with Cloud Computing Ensuring the Organisation has robust Business Continuity and contingency plans in place and that the availability of critical information and systems is maintained. Ensure that the Cloud Providers Data Centres resilience plans are tested regularly and align with SLA s etc. Security Architect IT Security Manager Information Governance Manager Data Classification Officer Information Risk Manager Security Programme Manager Business Continuity Analyst Business Continuity Consultant Acumin Consulting Ltd. Tel: 020 7987 3838 P a g e 5

2. Why Choose Acumin? Scalability and Flexibility Acumin has been providing specifically, and only, Information Security and Cyber Security staff for over 15 years. Acumin holds a database over 25,000 UK Information Security professionals, of which over 3,500 are contractors. Those resourced for this framework are experienced Data Compliance, Security Management and Technical Security Associates who are selected to help you make the right decisions when selecting, implementing and using Cloud based solutions. Quality and Alignment All of the Associates we resource under this service are all familiar with the UK Security Policy Framework (SPF) and many of them are Acumin Approved Associates, meaning they have either worked on assignments for us, previously or been through a quality validation process. Over 80% of the Associates we resource are reused by Acumin after their initial contracts and invariably, a large amount are SC and/or DV cleared for Central Government assignments. Many of our Associates have designed the security architectures that lie at the heart of many Government developed and commercial Cloud based solutions and have inputted directly into the development of the Cloud Security Alliance UK Chapter s best practice guide. Industry Commitment As a company, Acumin partners with ISC2, CREST and the IISP to ensure our involvement directly in the development of the skills required by the UK Governments IA and Cyber Security requirements and regularly host Industry events such as our very own RANT (Risk and Network Threat Forum http://rantconference.com). Acumin Consulting Ltd. Tel: 020 7987 3838 P a g e 6

3. Pricing Fig 2. Specific Cloud Security Services Day Rate Card CSA Key Principal Cloud Computing Architectural Framework Compliance and Audits Incident Response and remediation Legal and e-discovery Application Security Identity & Access Management (IDM) Specific Job Roles per Associate/Day Enterprise Security Architect 950 ISO27002 Lead Auditor 600 CLAS Consultant 720 IS Accreditor 575 Data Privacy Officer 650 PCI Consultant (QSA) 690 Threat and Incident Response Analyst 720 Network Forensics Analyst 720 e-discovery Analyst 650 Data Protection Advisor 650 Security Architect - Web Application 890 Penetration Tester - Web Application 750 Access Control/Security Operations Analyst 450 IDM Consultant 750 Encryption & Key Management PKI Consultant 750 Security Architect 850 Traditional Security IT Security Manager 800 Governance and enterprise risk management Business Continuity and Disaster Recovery Information Governance Manager 750 Data Classification Officer 650 Information Risk Manager 820 Security Programme Manager 950 Business Continuity Analyst 450 Business Continuity Consultant 690 Standards for Consultancy Day Rate cards Consultant s Working Day 8 hours exclusive of travel and lunch. Working Week Monday to Friday excluding national holidays Office Hours - 09:00 17:00 Monday to Friday Travel and Subsistence Included in day rate within M25. Payable at department s standard T&S rates outside M25. Mileage As above Professional Indemnity Insurance included in day rate. The above pricing can also be accessed via the SFIA matrix provided with the tender documents. Acumin Consulting Ltd. Tel: 020 7987 3838 P a g e 7

4. Additional Items Information Assurance Acumin s Cloud Security Resource Services are not covered by Business Impact Level (BIL) accreditation. However, our Associates are all familiar with BIL and the overall UK Security Policy Framework (SPF) should guidance be required. On-boarding and Off-boarding processes/scope N/A for Acumin s Specialist Cloud Services Service Management N/A for Acumin s Specialist Cloud Services. Service Constraints Acumins Specialist Cloud Services for Cloud Security have no service constraints. Our terms offer substitute Associates and between 7-30 day termination of specific assignments depending on the scope of work. Service Levels (e.g. performance, availability, support hours, severity definitions etc.) N/A for Acumin s Specialist Cloud Services Financial recompense model for not meeting service levels N/A for Acumin s Specialist Cloud Services, although only work verified against any SLA s defined in the Statement of Work (SoW) for each assignment is billable. Training Acumin does not offer training in the services we provide. However, we can provide Associates to train on such items as Security Awareness and ISO27002 best practice. Ordering and invoicing process Ordering is by agreement of scope of work, duration, day rate and start date. Invoicing is based on the consumption of associate days per month, on an accrual basis we do not ask for upfront commitment fee. Invoices are sent monthly, per assignment, payable 30 days from invoice. Termination terms Termination is covered on an assignment basis and is outlined in each Statement of Work standard is 14 days, but flexible depending on duration of work required. Data restoration / service migration N/A for Acumin s Specialist Cloud Services Consumer responsibilities These are outlined in the terms and conditions and include the provision of a suitable and safe environment to conduct the assignment. They may also include, from time-to-time, the need for a secure facility for data handling depending on the assignment. Technical requirements N/A for Acumin s Specialist Cloud Services Contact: Chris Batten or Scott West on 020 7987 3838 or email gcloud@acumin.co.uk for a free consultation Acumin Consulting Ltd. Tel: 020 7987 3838 P a g e 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information