PCMJcapstone
-
Upload
pamela-r-gist -
Category
Documents
-
view
10 -
download
0
Transcript of PCMJcapstone
![Page 1: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/1.jpg)
STATE GOVERNMENT
DEPARTMENT OF FINANCE AND ADMINISTRATION
DUE DATE: FEBRUARY 25, 2012
![Page 2: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/2.jpg)
QUALIFICATIONS
Established in Indianapolis, Indiana - 2002
Provide database performance tuning and
security services for database applications.
In 2006, Project Manager was added
Current focus is to provide security services to
state and federal government agencies of which
are compliant through security regulations.
![Page 3: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/3.jpg)
COMPARISON OF QUALIFICATIONS
AND RFP MINIMUM REQUIREMENTS
10 years
22 employees
8 employees - RFP NUMBER: 427.04-107-08
Complete security assessments, penetration tests,
policy creation, and regulatory compliance assistance
Gross sales annually are $1.6 million (U.S. Dollars)
Contract outsourced services for reviewing source
code and development security specialists
![Page 4: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/4.jpg)
MAJOR CONTRACTS
Four major contracts
Previously selected for :
Vulnerability Assessments
Penetration Tests
Risk Assessment
Source Code Review
Business Continuity Plan
Disaster Recovery Plan
![Page 5: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/5.jpg)
CURRENT PROJECTS
Strategic Compensation and Performance
Management Analysis
Auditing and Infrastructure Security
Soundness and Consulting
Network Security Upgrade and Equipment
Security Compliance Requirements
![Page 6: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/6.jpg)
8 PROJECT DESIGNATE EMPLOYEES:
Pamela R. Gist, Project Manager
Chris Warren, IT Manager
Mychal Dudley, Client Representative Manager
John Buchheim, Security Manager
Amy Potential, Human Resources Manager
Joshua Great, Compliance Manager
Theodore Ralls, Legal Representative
Paul Johnston, Security Fulfillment Manager
![Page 7: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/7.jpg)
PROBLEM STATEMENT
Protect data
Data management
Network assessment
Mitigation process
Alleviate concerns
Network tests
Source code reviews
Confidential security clearances
4750 Wesley Avenue, Norwood,Ohio 45212
NOTICE OF INTENT TO PROPOSE
December 19, 2011
Brian Henebry, Coordinator Department of Finance and Administration State Government Tower, 12th Floor 312 8th Avenue North Capitol City, NY 12345-1200 Dear Mr. Henebry: PCMJ Security Services is responding to RFP-427.04-107-08 for Information Security Assessment Services (ISAS) Consultants with interest of submitting a proposal to the State Government, Department of Finance and Administration. By submitting this notice of intent to propose, we agree to provide a Technical Proposal, Cost Proposal and ensure compliance with project specifications. We are sure that the State of Ohio is committed to contracting only the best organizations to strengthen the State’s security posture. PCMJ specializes in vulnerability assessments, penetration tests and source code reviews with an excellent record in security services. We heartily submit this notice of intent to propose in response to RFP-427.04-107-08 and ensure that this is an appropriate mission for PCJM Security Services. Should you have further questions, RFP amendments or other communications regarding RFP-427.04-107-08, please feel free to contact me or write responsively. Please contact Pamela R. Gist, Project Manager at the address below or by email at [email protected]. In addition, PCMJ Security Services would like to request a written copy of the State Information Resources Architecture (technical architecture). Please mail to the attention of Pamela R. Gist, Project Manager at the address above. Our firm is committed to providing “excellent security consultation”.
Sincerely,
Pamela R. Gist
Pamela R. Gist Project Manager
![Page 8: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/8.jpg)
GAP ANALYSIS
Field office in Ohio
Review source code
Development security specialists
Hot site in addition to the office
space
![Page 9: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/9.jpg)
Proof of insurance
Business and professional licenses
Complete online contractor registration
All work is subject to:
Inspection
Evaluation
Acceptance
![Page 10: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/10.jpg)
Review current policies
Analyze current:
configuration, settings, codes
Test the setup
Review findings
Implement fixes
![Page 11: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/11.jpg)
Workstation Domain
Network Domain
System/Application Domain
![Page 12: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/12.jpg)
Review
Enhance
Develop
![Page 13: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/13.jpg)
Physical security
Boundaries, doors, locks
Network controls
IDS/IPS, Firewall
Workstation
- Antivirus, updates, account controls
User controls
Acceptable Use Policy, Training
![Page 14: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/14.jpg)
Target system owners/ key systems
6-8 hours/classroom instruction
Located at state headquarters
Include approved curriculum
Certificates for completed courses
![Page 15: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/15.jpg)
Business Impact Analysis (BIA)
Business Continuity Plan (BCP)
Disaster Recovery Plan (DRP)
Incident Response
Infrastructure Protection
Planning
Implementation
![Page 16: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/16.jpg)
Critical business functions
Critical resources
Recovery time objective
Recovery point objective
![Page 17: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/17.jpg)
Members of Incident Response
Team (IRT)
Roles
Responsibilities
![Page 18: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/18.jpg)
Teams
Notification/activation
Recovery phase
Reconstitution phase
Maintenance
![Page 19: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/19.jpg)
Disaster/emergency declaration
Communication and response
Critical business operations
Recovery procedures
![Page 20: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/20.jpg)
TIMEFRAME
Phased Project Approach
RFP Scope of work
Testing
Implementation
Completion Date
![Page 21: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/21.jpg)
WORK SCHEDULE
0%
20%
40%
60%
80%
100%
Hours Required
![Page 22: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/22.jpg)
Server
• Protection
• $75.00
Interview
• User/Manager/Per staff member
• $65.00
Workstation
• Evaluation
• $50.00
UPS/Backup
• Evaluation
• $75.00 per hour
![Page 23: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/23.jpg)
PROJECT COST
$0.00
$20,000.00
$40,000.00
$60,000.00
$80,000.00
$100,000.00
$120,000.00
Cost
![Page 24: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/24.jpg)
PROJECT
SALARIES
15%
11%
14%
21%
6%
9%
11%
13%
Project Manager IT Manager
Client Representative Manager Security Manager
Human Resources Manager Compliance Manager
Legal Representative Security Fulfillment Manager
![Page 25: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/25.jpg)
PROJECT COST
•Management Team $100.00 per hour
•Customer Support Team $50.00 per hour
•Restoration Team $50.00 per hour
•Incident Response Team $75.00 per hour
![Page 26: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/26.jpg)
Com
pliance
• Gap Analysis & Removal
• Port Scan
• Audit
• Mitigation
• Violation Prevention
• Security Policy
• Acceptable Use Policy
• Remote Access Policy Te
ch
nic
al D
escrip
tio
n
• Critiqued
• Analyzed
• Reviewed
• Infrastructure Tests
• Data Disposal
• Training
• Confidentiality Agreement
• Progress Reports
Re
qu
ire
men
ts
• Insurance Coverage
• Review Source Code
• Review IT Architecture
• Document Projected Costs
• Hire 3 Contract Development Security Specialists
Benefits of our Recommendations
![Page 27: PCMJcapstone](https://reader033.fdocuments.us/reader033/viewer/2022052701/55d142a3bb61ebd55b8b456e/html5/thumbnails/27.jpg)
Global • Security
• Compliance
Very • Professional
Proven • Integrity