Deloitte Service Code: D-G6-L4-543 December 2014



Similar documents
G Cloud III Framework Lot 4 (SCS) Project Management

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

How To Help Your Business Succeed

D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV

D-G5-L4-318 Data Integration Hub Deloitte LLP Service for G-Cloud V

D-G4-L4-025 Mobile Working Technology Feasibility Study for a Healthcare Body Deloitte LLP Service for G-Cloud IV

D-G4-L4-253 Data Loss Prevention Risk Assessment Deloitte LLP Service for G-Cloud IV

This image cannot currently be displayed. D-G4-L4-241 Predictive analytics (software as service) Deloitte LLP Service for G-Cloud IV

D-G4-L4-094 Asset Management Systems Strategy and Roadmap Deloitte LLP Service for G-Cloud IV

ISO27032 Guidelines for Cyber Security

Service Definition Document

Addressing Cyber Risk Building robust cyber governance

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

Digital Forensics G-Cloud Service Definition

Cybersecurity The role of Internal Audit

Lot 1 Service Specification MANAGED SECURITY SERVICES

Specialist Cloud Services. Acumin Cloud Security Resourcing

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services

G-Cloud Service Description. Atos: Cloud Professional Services: Requirements Specification

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

G-Cloud Service Definition. Atos SI Oracle CRM and CX Services

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)

CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

Ubertas Cloud Services: Service Definition

Open Source Sales Force Automation (SFA) in the Cloud SaaS

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

Service: Contract Management (Software as a Service)

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

Deloitte Shared Services, GBS & BPO Conference SMAC / Enabling Technologies and Shared Services in the Public Sector

PAAS Public Sector Managed Services

GPG13 Protective Monitoring. Service Definition

G-Cloud Service Description. Atos Microsoft Dynamics CRM on Demand

Documentum Document Management in the Cloud Service Definition

Applications and Solutions Architecture Cloud Services

Software as a Service (SaaS) Online HR

Discovery Phase Delivery Service Definition

The enemies ashore Vulnerabilities & hackers: A relationship that works

Social Media Monitoring, Planning and Delivery

Lot 4 Service Specification BUSINESS PROCESS MANAGEMENT (BPM) PROFESSIONAL SERVICES

PROTECTIVE MONITORING SERVICE G-CLOUD SERVICE DEFINITION

Agilisys G-Cloud Service V

IPL Service Definition - Master Data Management for Cloud Related Services

ISO Information Security Management Services (Lot 4)

G-Cloud 6 SERVICE DEFINITION

G-Cloud Service Definition. Atos Oracle Cloud ERP Implementation Services

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

Big Data Analytics Service Definition G-Cloud 7

Secure Remote Backup (IL3) G-Cloud Lot3 IaaS

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Information security controls. Briefing for clients on Experian information security controls

Execview Outsourced Services Management

IPL Service Definition - Data Recovery, Conversion and Migration

Cloud Brokerage. G-Cloud Service. Arcus Global

Service Management and ICT Monitoring and Reporting Advisory and Implementation Services

Growth Through Excellence

2. Consultancy and Support

Liaison Technologies BPM, Data and Integration Consulting Service Definition. The G-Cloud Lot 4 Services offered (functional, non-functional) are:

Application Management. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

PSN Protective Monitoring. Service Definition

SmartImpact MS Dynamics CRM. Support Service Definition

Service Description Archive Storage in the Cloud

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open

INFORMATION ASSURANCE

IPL Service Definition - Data Quality

Big Data Support Services. Service Definition

Tactical Cost Reduction

GCloud Application Development Service Definition. Application Development

Log and Refer Service Desk IL0. September 2013

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Service Definition Nine23 MDM

Marval Software Limited. G Cloud iii Framework Service Definition

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

Cyber intelligence exchange in business environment : a battle for trust and data

Cloud Infrastructure Security Management

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit

Platform as a Service

English UK VAT & Overseas Agents

PERFORMANCE MANAGEMENT

Bramble.cc Konetic - Applicant Tracking/eRecruitment

Involve Cloud Video Conferencing Service. VC:me (Video Conferencing: made easy) Service Definition

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Business Intelligence

Transcription:

Managed Cyber Security Cyber Intelligence Centre Deloitte LLP Service Deloitte Service Code: D-G6-L4-543 December 2014

Contents 1 Service Overview 1 2 Detailed Service Definition 2 3 Pricing 6 4 Ordering and Invoicing Process 7 5 Additional Information 8

1 Service Overview 1.1 Managed Cyber Security Cyber Intelligence Centre The Cyber Intelligence Centre from Deloitte is a managed services solution for your cyber security needs, integrating leading technology with 24x7 support from our experienced team. Whether you choose one or all of the services, they are tailored for you and delivered in the context of your organisation s risk framework. Deloitte s Cyber Intelligence Centre offers the following fully-managed security services: CyberMonitor An advanced SIEM solution that consumes your logs and monitors them for the presence of cyber threats and compliance issues; issues identified are alerted to you with the threat analysis and business context to enable response CyberWatch A cyber threat monitoring service that uses threat intelligence and Internet-scanning technology to monitor online channels for active or growing threats targeting your organisation, or information leakage from your organisation that has not been prevented by your controls CyberProtect A data loss prevention service that monitors sensitive information as it flows across and out of your network, alerting you to cyber threats and compliance issues CyberCheck - A vulnerability identification and prioritization service that inventories and scans your assets and reports on the critical vulnerabilities within your environment CyberGovern A managed governance, risk, and compliance capability, which can capture, coordinate, and assess the security risk and compliance issues in your organisation 1.2 Features Implement threat monitoring and alerting with remediation advice Strategic and tactical threat intelligence alerting and reporting Phishing and cyber-squatting detection and takedown services Vulnerability assessment, reporting, and PCI-DSS ASV scanning Managed data leakage prevention, policy management, alerting and reporting 24x7 support available provided by our UK-based vetted security team Professionally qualified staff in cyber security, threat analysis, incident response Alerting, regular reporting, monthly service reviews, quarterly executive briefings Single, secure service management portal Free quotes available on request; service trials / proofs of concept offered 1.3 Benefits 24x7 security monitoring with no headcount increase and predictable costs Flexible pricing schemes; option to spread on-boarding costs over contract Business-facing alerting and reporting, not purely technical output Improve the business value of cyber security reporting Enable your security teams to focus on what matters Improved threat detection and visibility of current and evolving threats Make informed risk-based decisions based on contextualised service outputs Addresses the talent management challenges in security operations Reduce dependency on multiple consultants, contractors, and vendors Available in work packages The Cyber Intelligence Centre Services are available to Central Government, defence, security and justice, home affairs and police, health, transport, local and devolved government. Deloitte LLP G-Cloud Service 1

2 Detailed Service Definition 2.1 Our Approach Our Cyber Intelligence Centre (CIC) combines deep cyber intelligence with broad business intelligence to deliver relevant, tailored and actionable insights to inform business decision making. The CIC fuses a number of services together to provide our clients with a truly tailored service that enables them to fully understand their cyber risks and adopt proportionate responses in an increasingly digital, interconnected environment. We do this by providing our clients with improved visibility of threats and assets, based on highly relevant intelligence that reflects their specific business, market and industry context. We work with our clients during the setup of services to enhance our combined knowledge of the organisation being monitored. This is critical to the successful delivery of the service as we firmly believe that a security monitoring solution can only provide a return on investment when the monitored scope is prioritised according to business risk, and alerts are contextualised for the business, system, and applications or processes they impact. The CIC delivery team is composed of four key roles that operate under the overarching leadership of the CIC Service Director. By adopting the Cyber Intelligence Centre, clients benefit from the expertise and scalability of our delivery team. CIC Service Director Accountable for all services which make up the CIC, including the delivery of services to defined Service Level Agreements (SLAs) and for developing and implementing changes to capabilities and services Service Delivery Manager Responsible for the delivery of service to clients, including allocation of tasks to team members, maintaining the technical and process capabilities of the service, and service and output quality. The Service Delivery Manager will be your point of call for business process/management related queries Senior Analysts Senior analysts review all alerts produced by the threat analysts prior to distribution. They also produce reports and briefs to provide a description of the threat landscape and from this work with you to develop effective awareness campaigns Threat Analysts Responsible for receiving data from both the automated and manual tools and processes. The threat analysts review, prioritise, contextualise and report threats as required We recognise that the success of delivering managed services is built on a foundation of good people. We continue to invest heavily in the development of our employees to ensure that they remain top talent in the industry. Our professionals possess a wealth of qualifications (such as CISM, PMP, CRISC, CISA, CIA, CISSP, ISO 27001, CFE, GIAC, CREST etc.) and experience that positions them to serve unique clients with unique needs. 2.2 Inputs We have assumed that you will be in a position to provide certain inputs to the service, which we have listed here. If you are not in a position to provide all of these inputs then we can discuss options, as it is likely we can reach agreement to alter our approach to accommodate your situation. Organisation scoping data; for example IP address ranges, domains, keywords, and organisational structure Intelligence requirements for external threat intelligence: these set the direction of the threat research and data gathering, and are used by the CIC to tailor the output of the services Deloitte LLP G-Cloud Service 2

Log sources, configured to send logs to our technology platform, including security appliances, network devices, device / server / desktop management systems, servers, end user computing devices, operating systems, databases and applications Monitoring requirements and policy setting for internal monitoring capabilities 2.3 Your Contribution Our services are designed to be delivered with you rather than to you. We have assumed that you will be able to make the following contribution to the work. If you are not in a position to take on these responsibilities then please get in touch to discuss options, as it is likely we can reach agreement to alter our approach to accommodate your situation. Timely decision-making during service on-boarding and ongoing service delivery Own the intelligence direction process for the organisation and work with us to set clear, discrete and specific requirements Provide access to stakeholders and information during service on-boarding, e.g. for consultation on the requirements Agree, supported by us, the operational processes for issuing alerts and disseminating other outputs from the services Provide log data in the formats required for the threat monitoring platforms Provide access to systems and environments (where required, e.g. to install our monitoring systems, or to capture data from your systems) Provide governance and resource to consume the services and act on recommendations, and to attend regular service performance reviews 2.4 Outputs What will you get in terms of deliverables, outputs and outcomes from this service? The CIC services produce regular reports on the events processed and analysed, using a standard set of templates. These reports are available for download from the client portal or can be delivered via email. Custom report templates can be requested, which will then be reviewed for impact/cost. In addition, our clients have access to both ad hoc and regular reports related to individual incidents as well as reports related to our service performance. We will work with you to agree the frequency of reporting and will tailor our standard reports to meet your specific requirements. Please see below examples of detailed reports we can provide. Single incident reports: describe what has happened, the possible impact, and suggested remediation steps; we will agree with you which severities and types of incidents you require these alerts for Regular incident reports: at a frequency agreed with you (e.g. weekly, monthly), regular reports on incidents during the reporting period, including those not alerted according to our agreed criteria Regular trend reports: at a frequency agreed with you (e.g. monthly, quarterly), regular trend reports on incidents during the reporting period, including broader perspectives from your sector, and from other industries Regular service performance reports: including our performance against the Service Level Agreements, and other metrics relating to the service We can also provide our Cyber Incident Response service (search for Advisory Cyber Services) for clients who receive our Cyber Intelligence Centre services. Through the Cyber Incident Response service we assist our clients to assess incidents and determine their cause, contain incidents and limit damage, and recover business operations. Our Cyber Incident Response practitioners can perform or assist in forensic investigations to determine how and why the incident happened, and provide recommendations and action to preventing it from happening again. Our clients are able to focus on risk-management and decision making as the Cyber Intelligence Centre handles the day-to-day information overload that their security technologies are generating. Our detailed business context Deloitte LLP G-Cloud Service 3

on-boarding and continuous service improvement processes enable us to assess the information in context to the organisation, resulting in actionable alerting and reporting on the threats and issues that matter. 2.5 Business Context What situations is this service designed to be used in? The Cyber Intelligence Centre services are designed for organisations who want to outsource some or all of their security management operations, or who are struggling with any of the following challenges: Cyber security talent shortages and staffing pressures Budgetary constraints Information overload in operational security and network teams Increasing complexity and breadth of cyber security threats Increasing complexity and scope of IT services (including cloud services and outsourced business processes) 2.6 Scale and Complexity The effort involved in delivering our service is driven partly by what we will do (which we have described in section 2.1 above) and what you will do before we arrive and alongside us whilst we work (which we have described in sections 2.2 and 2.3 above respectively). It is also driven by the scale and complexity of your business situation. This section describes the scale and complexity that we have designed this service to address. If your business situation is bigger or smaller than this then we can discuss options, as it is likely we can reach agreement to alter our approach to accommodate your situation. We have experience of providing our services to small organisations (e.g. 1-2 people in the information security team) to leading domestic and international companies, with facilities all over the world. The scope of our services will be determined through consultation with you and will depend on, among other factors: Size of organisation (number of office and data centre locations, number of people / customers) Number of brands / keywords used to direct threat intelligence research and automated monitoring Number and complexity of log sources Reporting thresholds and frequency Maturity of environment; e.g. how many alerts are produced, and of what severity Operational hours, for example, 24x7, business hours (0800-1800, Monday-Friday excluding Bank Holidays), extended hours (0700-1900, Monday-Friday, weekends and Bank Holidays) 2.7 Exclusions Our service description in Sections 2.1 to 2.6 above defines the scope of what we will deliver. For the avoidance of doubt, we have listed below any activities that (in our experience) are sometimes expected to be in our scope but which are not included within this service. We will not carry out a specific review of your systems and internal controls and accordingly it is not part of our responsibilities to provide comments on their effectiveness or the ability of the systems and internal controls to support the business and its expected growth in the future. You acknowledge that it is your responsibility to manage and maintain an effective internal controls system and that nothing in our work is designed to detect errors or irregularities in those controls, nor prevent errors or irregularities occurring. We do not guarantee to detect all threats or any specific threat, nor to detect to any specific timescale Alerts from the service may identify perceived threats that are neither authorised by nor relevant to you ( False Positives ) We do not guarantee or offer any privacy of an open source threat once it has been detected by us The provision of the services does not relieve you of the responsibility to implement additional security measures to protect your organisation Deloitte LLP G-Cloud Service 4

Your organisation will not be immune, protected, or secured by the use of this Service We will attempt to take down sites that have been classified as either phishing or malicious but cannot guarantee that our attempts will be successful. Our requests to the Internet Service Provider ( ISP ) to shut down such sites are founded on the contravention by the site of the ISP s terms and conditions (which provider should also not knowingly host an illegal site). We will not notify you prior to issuing a take-down request to the ISP, but we will notify you of the outcome of any take-down attempt in the relevant alert delivered to you in accordance with our delivery of the services. 2.7.1 Service Constraints Where service constraints exist of a general nature, they would usually be addressed in the Service Definition document. These and any other constraints would need to be discussed with the client prior to placing the Order. This includes constraints that are specific to the client or the client s situation or that need to be addressed before delivery of the service. We will rely on the client to bring to our attention, before the order is agreed, any specific constraints that need to be addressed including those that could impact on quality, service levels, costs or duration of the engagement. We can advise on maintenance windows, level of customisation permitted, schedule for deprecation of functionality/features and other matters if relevant to the service. Deloitte LLP G-Cloud Service 5

3 Pricing 3.1 Pricing Document Please refer to the associated Pricing Document relevant for this Service. 3.2 Expenses This service will be delivered predominantly from Deloitte s premises (the Cyber Intelligence Centre). On-boarding work and service review meetings may take place in the customer's own premises. No expenses will be charged for travel to premises within the M25, but there may be additional charges for travel and accommodation expenses incurred for services delivered at premises outside the M25. These will be agreed in the Service Order. Deloitte LLP G-Cloud Service 6

4 Ordering and Invoicing Process Please contact us to discuss your requirements or send your requirement to g-cloud@deloitte.co.uk. Following discussions, Deloitte will send a fully priced proposal detailing the services to be provided. 4.1 Priced Offers There are two ordering routes available: 1. Contact the Cyber Intelligence Centre on +44 (0)118 322 2698 or your usual Deloitte contact. Alternatively: 2. Send an email to g-cloud@deloitte.co.uk with the following information: a. Your organisation s name b. The name of this service c. Your name and contact details d. A brief description of your business situation e. Your preferred timescales for starting the work. 4.2 Order Form The Order Form will need to be completed with details of the order and service to be provided. We can advise on completion once the service has been agreed. 4.3 Invoicing We will invoice regularly in advance based on the invoice schedule for the service and on-boarding defined in the Service Order agreed with the customer. Deloitte LLP G-Cloud Service 7

5 Additional Information The following information addresses the full list of requirements for the Service Definition for each service as specified in Schedule 1 of the G-Cloud 6 framework agreement (Clause S1-3.1). Some elements of these requirements have been described in greater detail in other parts of this Service Definition or in the separate Pricing Document. This Mandatory Information should also be read in conjunction with the Deloitte G-Cloud 6 Terms and Conditions as attached in a separate document. 5.1 Overview of the G-Cloud Service An overview of this Deloitte G-Cloud 6 service is provided earlier on in this Service Definition document. A short summary and details of features, benefits and software accreditations (if relevant) can be also be found at the beginning of this Service Definition document and also on the Digital Marketplace. 5.2 Information Assurance Deloitte LLP holds a suitably scoped ISO27001 certificate for this G-Cloud Service Deloitte has processes and facilities in place to manage documents and information provided in paper or electronic media under the new system of Government Security Classifications (GSC): OFFICIAL (including OFFICIAL SENSITIVE), SECRET and TOP SECRET. Deloitte has List X status, including accredited facilities, and the services of a Security Controller. 5.3 Data Back-up, Data Restoration and Disaster Recovery As a firm, Deloitte has plans, processes and systems in place that form our Business Continuity and Resilience programme. We have a policy for testing and exercising our business continuity and resilience arrangements, and regularly review, update and test at appropriate levels and frequencies. Any specific requirement for backup/restore and disaster recovery would be discussed and agreed with the customer prior to an order being placed. The requirement would be documented in the Order Form as agreed between Deloitte and the customer. 5.4 On-Boarding, Off-Boarding, Service Migration, Scope etc. Where appropriate to the service, we will discuss with customers any on-boarding, off-boarding, service migration or scope of exit requirements and reach agreement on the most suitable approach prior to an order being placed. The requirements should be documented in the Order Form by the customer, and Deloitte will include details in the Order Form as agreed between Deloitte and the customer. 5.5 Service Management As Platinum members of the Chartered Institute for IT, we follow a number of BS15000/ BS20000 related IT Service Management procedures and Software Testing standards (IEEE 829). We hold IT Infrastructure Library (ITIL) Foundation and Practitioner Certification in IT Service Management. Many of our staff have PRINCE 2 Methodology Foundation and Practitioner Accreditation. Where appropriate to the service, we will apply the service management procedures that are relevant. 5.6 Service Levels The Deloitte Business Management System, which encompasses our national and regionally-based Consulting Practice, satisfies the requirements of BS EN ISO 9001:2008, against which it is independently assessed by the Deloitte LLP G-Cloud Service 8

British Standards Institution (BSi). Our Consulting Practice has been registered with BSi since 1986, when our software group was amongst the first organisations to obtain BS 5750 registration. The Consulting Practice of Deloitte in the UK is also registered with the TickIT scheme. TickIT provides for the certification of software developers against ISO 9001 by accredited assessors. We can provide a wide range of service levels and options to customers. We will work proactively with customers to discuss and agree appropriate service levels and reach agreement prior to an order being placed. This includes performance, availability, support hours and severity definitions if relevant to the service. The service levels should be documented in the Order Form as agreed between Deloitte and the customer. 5.7 Financial Recompense Model for not Meeting Service Levels As one of the leading providers of professional and consulting services in the UK it is our aim to perform in line with our customer s expectations. Our quality assurance and risk management procedures are designed to focus on the customer so that engagements have the appropriate quality checks and review points. 5.8 Training Generally speaking customers do not require training to use our services. Should there be a specific training requirement, we will discuss it with you prior to placing an order. Many of our services include capability transfer as routine. Should you need capability transfer, please discuss it with us prior to placing the order. 5.9 Termination Process For the termination process by consumers (i.e. consumption) and by Deloitte as the Supplier (removal of the G- Cloud Service), please see the G-Cloud 6 Framework Agreement (Clause FW-12 and CO-9) and the Deloitte Standard Terms and Conditions in the attachments area. 5.10 Customer Responsibilities Details of the customer s responsibilities are set-out in the applicable Deloitte Terms. Any additional customer responsibilities will be discussed with the customer prior to an order being placed. Additional customer responsibilities should be documented in the Order Form, as agreed between the customer and Deloitte. 5.11 Technical Requirements and Client-Side Requirements Technical requirements (service dependencies and detailed technical interfaces, client side requirements, bandwidth/latency requirements etc.) can be discussed prior to an order being placed. The requirements should be documented in the Order Form as agreed between the Customer and Deloitte. 5.12 Availability of Trial Service We would be pleased to discuss your requirement and the possibility of trial services in more detail. Deloitte LLP G-Cloud Service 9

Important notice This document is not an offer and cannot be accepted. Should you wish to obtain our services, please contact us using the Ordering Process described in Section 4 above to discuss your requirements and how we may meet them. Following these discussions and our internal acceptance procedures, we would then enter into a direct order with you in accordance with these Framework terms to confirm our appointment. The information contained in this document has been compiled by Deloitte LLP and includes material which may have been obtained from information provided by various sources and discussions with management but has not been verified or audited. This document also contains confidential material proprietary to Deloitte LLP. Except in the general context of evaluating our capabilities, no reliance may be placed for any purposes whatsoever on the contents of this document or on its completeness. No representation or warranty, express or implied, is given and no responsibility or liability is or will be accepted by or on behalf of Deloitte LLP or by any of its partners, members, employees, agents or any other person as to the accuracy, completeness or correctness of the information contained in this document or any other oral information made available and any such liability is expressly disclaimed. In this document references to Deloitte are references to Deloitte LLP. Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited ( DTTL ), a UK private company limited by guarantee, whose member firms are legally separate and independent entities. Please see www.deloitte.co.uk/about for a detailed description of the legal structure of DTTL and its member firms. 2014 Deloitte LLP. All rights reserved. Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 2 New Street Square, London EC4A 3BZ, United Kingdom.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information