PCMJcapstone

27
STATE GOVERNMENT DEPARTMENT OF FINANCE AND ADMINISTRATION DUE DATE: FEBRUARY 25, 2012

TAGS:

Transcript of PCMJcapstone

Page 1: PCMJcapstone

STATE GOVERNMENT

DEPARTMENT OF FINANCE AND ADMINISTRATION

DUE DATE: FEBRUARY 25, 2012

Page 2: PCMJcapstone

QUALIFICATIONS

Established in Indianapolis, Indiana - 2002

Provide database performance tuning and

security services for database applications.

In 2006, Project Manager was added

Current focus is to provide security services to

state and federal government agencies of which

are compliant through security regulations.

Page 3: PCMJcapstone

COMPARISON OF QUALIFICATIONS

AND RFP MINIMUM REQUIREMENTS

10 years

22 employees

8 employees - RFP NUMBER: 427.04-107-08

Complete security assessments, penetration tests,

policy creation, and regulatory compliance assistance

Gross sales annually are $1.6 million (U.S. Dollars)

Contract outsourced services for reviewing source

code and development security specialists

Page 4: PCMJcapstone

MAJOR CONTRACTS

Four major contracts

Previously selected for :

Vulnerability Assessments

Penetration Tests

Risk Assessment

Source Code Review

Business Continuity Plan

Disaster Recovery Plan

Page 5: PCMJcapstone

CURRENT PROJECTS

Strategic Compensation and Performance

Management Analysis

Auditing and Infrastructure Security

Soundness and Consulting

Network Security Upgrade and Equipment

Security Compliance Requirements

Page 6: PCMJcapstone

8 PROJECT DESIGNATE EMPLOYEES:

Pamela R. Gist, Project Manager

Chris Warren, IT Manager

Mychal Dudley, Client Representative Manager

John Buchheim, Security Manager

Amy Potential, Human Resources Manager

Joshua Great, Compliance Manager

Theodore Ralls, Legal Representative

Paul Johnston, Security Fulfillment Manager

Page 7: PCMJcapstone

PROBLEM STATEMENT

Protect data

Data management

Network assessment

Mitigation process

Alleviate concerns

Network tests

Source code reviews

Confidential security clearances

4750 Wesley Avenue, Norwood,Ohio 45212

NOTICE OF INTENT TO PROPOSE

December 19, 2011

Brian Henebry, Coordinator Department of Finance and Administration State Government Tower, 12th Floor 312 8th Avenue North Capitol City, NY 12345-1200 Dear Mr. Henebry: PCMJ Security Services is responding to RFP-427.04-107-08 for Information Security Assessment Services (ISAS) Consultants with interest of submitting a proposal to the State Government, Department of Finance and Administration. By submitting this notice of intent to propose, we agree to provide a Technical Proposal, Cost Proposal and ensure compliance with project specifications. We are sure that the State of Ohio is committed to contracting only the best organizations to strengthen the State’s security posture. PCMJ specializes in vulnerability assessments, penetration tests and source code reviews with an excellent record in security services. We heartily submit this notice of intent to propose in response to RFP-427.04-107-08 and ensure that this is an appropriate mission for PCJM Security Services. Should you have further questions, RFP amendments or other communications regarding RFP-427.04-107-08, please feel free to contact me or write responsively. Please contact Pamela R. Gist, Project Manager at the address below or by email at [email protected]. In addition, PCMJ Security Services would like to request a written copy of the State Information Resources Architecture (technical architecture). Please mail to the attention of Pamela R. Gist, Project Manager at the address above. Our firm is committed to providing “excellent security consultation”.

Sincerely,

Pamela R. Gist

Pamela R. Gist Project Manager

Page 8: PCMJcapstone

GAP ANALYSIS

Field office in Ohio

Review source code

Development security specialists

Hot site in addition to the office

space

Page 9: PCMJcapstone

Proof of insurance

Business and professional licenses

Complete online contractor registration

All work is subject to:

Inspection

Evaluation

Acceptance

Page 10: PCMJcapstone

Review current policies

Analyze current:

configuration, settings, codes

Test the setup

Review findings

Implement fixes

Page 11: PCMJcapstone

Workstation Domain

Network Domain

System/Application Domain

Page 12: PCMJcapstone

Review

Enhance

Develop

Page 13: PCMJcapstone

Physical security

Boundaries, doors, locks

Network controls

IDS/IPS, Firewall

Workstation

- Antivirus, updates, account controls

User controls

Acceptable Use Policy, Training

Page 14: PCMJcapstone

Target system owners/ key systems

6-8 hours/classroom instruction

Located at state headquarters

Include approved curriculum

Certificates for completed courses

Page 15: PCMJcapstone

Business Impact Analysis (BIA)

Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP)

Incident Response

Infrastructure Protection

Planning

Implementation

Page 16: PCMJcapstone

Critical business functions

Critical resources

Recovery time objective

Recovery point objective

Page 17: PCMJcapstone

Members of Incident Response

Team (IRT)

Roles

Responsibilities

Page 18: PCMJcapstone

Teams

Notification/activation

Recovery phase

Reconstitution phase

Maintenance

Page 19: PCMJcapstone

Disaster/emergency declaration

Communication and response

Critical business operations

Recovery procedures

Page 20: PCMJcapstone

TIMEFRAME

Phased Project Approach

RFP Scope of work

Testing

Implementation

Completion Date

Page 21: PCMJcapstone

WORK SCHEDULE

0%

20%

40%

60%

80%

100%

Hours Required

Page 22: PCMJcapstone

Server

• Protection

• $75.00

Interview

• User/Manager/Per staff member

• $65.00

Workstation

• Evaluation

• $50.00

UPS/Backup

• Evaluation

• $75.00 per hour

Page 23: PCMJcapstone

PROJECT COST

$0.00

$20,000.00

$40,000.00

$60,000.00

$80,000.00

$100,000.00

$120,000.00

Cost

Page 24: PCMJcapstone

PROJECT

SALARIES

15%

11%

14%

21%

6%

9%

11%

13%

Project Manager IT Manager

Client Representative Manager Security Manager

Human Resources Manager Compliance Manager

Legal Representative Security Fulfillment Manager

Page 25: PCMJcapstone

PROJECT COST

•Management Team $100.00 per hour

•Customer Support Team $50.00 per hour

•Restoration Team $50.00 per hour

•Incident Response Team $75.00 per hour

Page 26: PCMJcapstone

Com

pliance

• Gap Analysis & Removal

• Port Scan

• Audit

• Mitigation

• Violation Prevention

• Security Policy

• Acceptable Use Policy

• Remote Access Policy Te

ch

nic

al D

escrip

tio

n

• Critiqued

• Analyzed

• Reviewed

• Infrastructure Tests

• Data Disposal

• Training

• Confidentiality Agreement

• Progress Reports

Re

qu

ire

men

ts

• Insurance Coverage

• Review Source Code

• Review IT Architecture

• Document Projected Costs

• Hire 3 Contract Development Security Specialists

Benefits of our Recommendations

Page 27: PCMJcapstone

Global • Security

• Compliance

Very • Professional

Proven • Integrity


Aesops Fables

Aesops Fables

The Dutch Republic In International Trade

The Dutch Republic In International Trade

Algorithms

Algorithms

European Colinization of Latin America

European Colinization of Latin America

Do you admire Leonardo da Vinci?

Do you admire Leonardo da Vinci?

Disclaimer

Disclaimer

I Am a Holocaust Denier and I Am Unafraid

I Am a Holocaust Denier and I Am Unafraid

Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Bhagavad Gita

Bhagavad Gita

Life Is Just A Dream - Or Is It?

Life Is Just A Dream - Or Is It?

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Daniel Zanella and Alexander Weygers

Daniel Zanella and Alexander Weygers

One Flew Over the Cuckoo's Nest

One Flew Over the Cuckoo's Nest

Fortran

Fortran

Chapter 24

Chapter 24

Basic Buffer Overflows Explained

Basic Buffer Overflows Explained

Rubik's cube solution

Rubik's cube solution

Barclays1

Barclays1

Introduction to Six Sigma

Introduction to Six Sigma

Iron Mills Essay

Iron Mills Essay