Part 2: Solution ProposalsYou now take the role of a cyber security firm who wants the business of the various organizations seeking help, and will respond to the RFPs from other groups with well-rese

Part 2: Solution ProposalsYou now take the role of a cyber security firm who wants the business of the various organizations seeking help, and will respond to the RFPs from other groups with well-rese
Education Sector RFP Overview : We are Hope University and we want to help provide the students with a way to have the best possible experience that they can while attending. This, however, is not possible with the many issues that we are experiencing with security at our University and we want to provide the best. The objectives of this request for proposal is to make sure that our University is the most secure for our students and make sure that none of their infor mation can get stolen and be used for malicious purposes. For this reason we want to work with people that will ensure the safety of our students as well as the professors. There have been some problems with servers crashing, errors with logging in to both administrator and student accounts with both parties claiming that they knew that their information was correct and that it might be the result of their account getting hacked and we would like to reduce the risk of that. This ends up becoming an issue fo r us since this could lead to any third parties changing data to make it favorable or unfavorable for other people. We want only a select few to be able to access that certain information since most of it is classified and make sure that our servers are st able and won’t be victim to any Denial of service attacks. Organization Overview : We are a university where students from different backgrounds and different nationalities study and research on different subjects. Most students in our university are trans fer students from different schools. Our university accepts students on the basis of their GPA and scholastic aptitude test. Our university was established in 1964 and every year our university security policies change. For example if we talk about 20 year s ago we could never imagine how cyber security policies are in today ’s day and age. We are the university where we communicate and do research in three different modes. Mostly we have in person sessions. But we also have asynchronous and synchronous sessi ons where people don ’t need to come to university. We have different cyber security policies for our university: 1. Network Security policy 2. Backup Policy 3. Remote access Policy 4. Physical security policy 5. Confidential Data policy 6. Guest Access Po licy 7. Virtual Private Network (VPN) 8. Email policy Technology Environment : Hope University currently uses around 100 Windows PC ’s and 100 MAC OS PC ’s, we also have tablets that the students can use as well as rentable laptops sitting at about 50 each. We also monitor our own internet and have to keep our servers running so we also have a room where we hold our routers to make sure there is a stable internet connection throughout the University. Cyber Security Assessment : The testing that would be allow ed is to check how vulnerable our databases are and see how easy it would be to get any information they want. Since we are also having trouble with our servers we want to test that as well and how easy it would be to send a denial of service our way and help prevent that. With the results of this testing it would be very beneficial to Hope University. Cost : To better provide for our students while they attend our University we have allocated approximately $1 million dollars to better our security and safe ty concerns. The $1 million dollars would be distributed to upgrading the University ’s servers, computer equipment like the PC ’s and rentable laptops to newer models and making sure there are enough for all of the students wheather or not they are asynchro nous or synchronous students. Upgrading and making sure the WiFi and Databases is secure and safe for our students and reaches all of the buildings and to prevent power outages. Upgrading all of the Firewall, software and system security so we won’t be at risk for hackers and other attacks so our employees and students’ important private information will remain secure. As a result of this budget an successful bidder will be engaging and managing their section of upgrading and ensuring our University is a sa fe and secure place for our employees and students. Evaluation : We will be paying close attention to the proposals and seeing what would benefit us in our security issues and make sure that they will be listening to all of our concerns and are as passion ate to help get rid of the aforementioned problems that are happening at our University.
Part 2: Solution ProposalsYou now take the role of a cyber security firm who wants the business of the various organizations seeking help, and will respond to the RFPs from other groups with well-rese
JJ Cloud Request for Proposal (RFP) For Cyber Security Services RFP Overview JJ Cloud has invested in this RFP (Request for Proposal) to seek out responses to our current cyber security issues. We are looking for professionals that have experience in the following fields and are offering these services: Service A: Cloud Server Security We are looking to increase our security measures for our cloud based server. We have certain basic securities in place, however w ith our growing employee and customer base, we are seeking to further the security in order to prevent any sensitive information getting out. After performing the enhancements we would also require an assessment of the work done to see how the new securit y details set in place reduce any risk we might have, as well as an audit to check for any other potential security threats. Service B: Web and Mobile Application Security We have also launched a web and mobile app that customers and employees can use to manage their information. For our employees they use the web app to log their hours worked, and to see their paycheck, shifts worked, benefits, etc. For our customers, they can use the mobile app to upgrade their storage and see what files are taking up how much space. We have had incidents where users have been able to access more storage than they had originally been charged for. We’ve also had incidents where users have had their information stolen or deleted without any backups. We are looking for imp roved security features on both of these apps and how they are set up to reach the server. Service C: Future Security In addition to the services outlined above we are also requesting a foundation for a cyber security plan and training protocol, whose ma in goal is to decrease the odds for employee mistakes and also further increase awareness about what security measures we have in place to protect us and our data. Organization Overview This organization is a company that works to help users find an easy and affordable way to store their data. We currently offer a mobile app for customers to manage their account and allow them to organize their data in any way they choose. We also offer customers a repair service where they can mail in their d evices and we can help them with some technical issues. We can also backup their harddrive to their cloud server or restore a backup if they have one already. This company is currently broken up into a bunch of mini departments. We currently have a team of certified computer techs to deal with issues with mailed customer computers and other devices. We also have a customer support team that works with customers to handle any problems or questions they might need help with. Another department we have is an e mployee support department, in which we deal with any issues that our employees might deal with at work, ranging from network issues to paychecks to vacation days. We have a web based app that we currently have in place that all employees are expected t o use. In this app employees can clock in to start their shift, clock out for break, and clock out for the day. Managers can also send messages to other managers or employees and when the employee logs in for the day, the message will appear next to their punch in. This ensures that information is being sent and received efficiently. Technology Environment This section documents the existing technology environment. Vendors reported that they were having some issues with security and getting wrong storage. The current security policies are listed below, and are further expanded in the table following: 1. Secure cloud accounts. 2. Check for free security upgrades. 3. Restrict infrastructure access through firewalls. 4. Tether the cloud. 5. Replace passwords with keys. 6. Turn on auditing and system monitoring. The tables below identify the JJ Cloud’s current technology standards. Technology Current Standard Cisco Meraki Network Infrastructure Meraki’s cloud based management VMware Virtual Environment vSphere Database(s) Amazon Web Services, SAP, Enterprise DB, Garantia Data, Cloud SQL by Google, Azure by Microsoft, Rackspace Aerohive Wi -Fi 802.11ax Palo Alto Firewall Alkira Cloud Firewall Server OS Windows and Linux Desktop OS Google Chrome OS and Microsoft Windows Azure Server Hardware Pro Cloud Server and WebEA Desktop Hardware Windows 10/11, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2 Laptop Hardware HP Cloud Laptop Mobile Hardware Distant Immobile Cloud, Proximate immobile computing entities, Proximate mobile computing entities, and Hybrid (a combination of 1 -3) Browsers Mozilla Firefox, Microsoft Edge, Safari, and Google Chrome Email Server/Client Tutanota, Gmail, Zoho, iCloud email, and Mail.com Virtual Environment VMware Cloud and Cloud computing Storage Area Network Cloud computing and Hybrid approach Active Directory Azure Active Directory VPN HA VPN and Classic VPN Scanners Aqua Security, Wiz, Amazon Inspe ctor, Oracle OCI, Orca Security, Prisma Cloud, Google Cloud Embedded Scanner, Intruder’s CloudBot, Tanable.io Container Security, and Qualys CSPM Printers Google Cloud Print Internet ● Bandwidth ● Redundancy ● 3Mbps or more ● Geographical Redundancy Cybersecurity Assessment JJ cloud highly focuses on maintaining security for our client’s data. Therefore, the goal of cybersecurity assessment is to identify and remove weaknesses, strengthen the security of the data. Vulnerability and penetration testing are limited to the areas that we believe it is safe to perform. What we are looking for the vulnerability and penetration testing services: – Identify and prevent potential risks (threats) that could affect our sy stem and network. – Identify weaknesses in our security and strengthen those weaknesses. – Identify a better option (if any) to secure our system and network. – Identify potential risks for mobile devices and mobile applications. – Strengthen physical security. – Id entify potential risks for our workplace (risks that could be in employees’ computers or laptops). – Most importantly, strengthen security for our data server (database). All services that are performed should be presented and explained clearly to our organ ization representative. Cost Cost will be discussed before the contract. Proposers may negotiate. The cost may vary depending on how clear the efforts have been done. The contract will not be fulfilled unless both, organization and proposer, agree upon th e final cost. Evaluation Every company has different standards, and their own way of evaluating things. Our company will be critiquing the proposals submitted to see if they meet our needs. Some reference points can be found listed below: ● Quality of the solutions to our needs: there can be many different solutions to a problem but we need to see if the solution works for all our platforms. ● If it’s clear and organized: basically if we can understand what you put in the proposal and it’s well organized ● If the solution could actually fix our problems: sometimes the solution could not fix a problem or make the problem worse ● What references you used: sometimes the reference used can be either good or bad ● Proven technical ability: evidence that yo u have the skills we need. ● Ability to work cooperatively and collaboratively with others: there are times where you cannot do something alone and need help. ● If a solution can offer stability (financial or otherwise): it’s always best to have stability whet her it is financial, mental. etc.
Part 2: Solution ProposalsYou now take the role of a cyber security firm who wants the business of the various organizations seeking help, and will respond to the RFPs from other groups with well-rese
Summary NIST is pleased to propose to bid for th is project . NIST offers a robust cybersecurity solution and project management to help the organization maintain existing technology and pr otect against the newest vulnerabilities. Our solution highlights five objectives which are to monitor, prevent, investigate, and respond to cyber security threats within the industry. Additionally, NIST offers a robust cyber security framework, aka NIST F ramework, which details the requirements to deploy and maintain crucial technologies necessary for your operation. All solutions implemented will have accessible backup and logging solutions for administration to interact and use in the event of catastroph e. About Us We are a non -regulatory agency of a physical sciences laboratory. Our mission is to promote American innovation and industrial competitiveness. We develop cybersecurity standards, guidelines, best practices, and other resources to meet the need s of U.S. industry, federal agencies and the broader public. We contribute and focus on areas such as cryptography, education and workforce, emerging technologies, risk management, identity and access management, measurements, privacy, trustworthy networks and trustworthy platforms. Standards We’ve provided our own standards that will enhance but won’t replace cybersecurity standards and industry guidelines that the organization is embracing. This will provide a voluntary, risk -based approach for managing cybersecurity activities and reducing cyber risk . Worst ca se scenario, you can always report any threats and incidents to the FBI. Our team focuses on 3 key components: Profile, Core, Tiers Core is broken down into five categories: Identify, Protect, Detect, Respond, Recover. Identify: Develop an organizational u nderstanding to manage cybersecurity risk to: systems, assets, data, and capabilities. Protect: Develop and implement the appropriate safeguards to ensure delivery of services. Detect: Develop and implement the appropriate activities to identify the occurr ence of a cybersecurity event. Respond: Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. Recover: Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber -security event. Technology Recommendation Regulators recommend running the latest firmware and version of any technology, NIST is breaking down most commonly used technology used as well as the ver sion it’s using: Cybersecurity Assessment The following assessments will be performed to discover vulnerability within the organization ● Hardware Assessment ● Network Security Assessment ● Ransomware Vulnerability Assessment ● Cloud Security Assessment ● Third Party Application Assessment ● Incident Response Readiness ● Access Control Assessment ● Penetration Testing Cost Pricing is based on the expected hours of work performed by our own engineers, additional training towards your employee is included in the fee.
Part 2: Solution ProposalsYou now take the role of a cyber security firm who wants the business of the various organizations seeking help, and will respond to the RFPs from other groups with well-rese
CyberRely Consulting Firm Overview One of the most trusted cybersecurity firms in the industry, CyberRely Consulting is comprised of technology experts specializing in the fields of assets protection, penetration testing, network vulnerability testing, risk and control assessments, network security, and cyber threat detection and management. With a skilled workforce operating in technology centers located around the globe, CyberRely Consulting has offered technical services and solutions to hundreds of customers. Considering the rapidly growing expansion of the technology busin ess, CyberRely Consulting has become a fundamental leader in the development of effective safeguarding services and comprehensive cyber threat risk control and mitigation plans. Furthermore, CyberRely Consulting has been continuously recognized for maintai ning a loyal client base, who value the transparency and efficacious services offered by the firm. CyberRely Consulting’s proposal should be recommended for acceptance because of the firm’s expertise and reliability. Having certified technolog y professionals with 12+ years of expertise specifically in the fields of penetration testing, vulnerabilities assessment, and cyber threat detection and management operations, CyberRely Consulting is well qualified to address and resolve the cybersecurity issues facing the organization . Additionally, CyberRely Consulting is reliable and unique from other firms in that because the firm operates on a global scale, they have teams working across various geographical locations. Thus, the firm not only has a b roader knowledge of understanding about a diverse base of customer needs, but they are also available to provide 24/7 assistance to customers located anywhere in the world whether it be by speaking with a live representative by phone or virtually through v ideo meetings. Standards One of the most important laws to integrate into organizations is the Cyber Security Enhancement Act of 2014 which provides ongoing public -private partnerships aimed at improving cyber security. Technology Recommendations It is highly recommended for the company to upgrade to the la test operatin g sy stems which introduce advanced multi -layer security against threats with a f lexible application platform. Additionally, CyberRely Consulting would recommend an application -level gateway to filter packets into and out of the network reporting malicious activities. Cybersecurity Assessment A system for firewall configuration we w ill implement is Nessus. It is one of the best security scanning utilities. It inspects firewalls and detects vulnerabilities and malware in the system with real time information. Nessus will shield you from malicious software component s entering and also stopping them from exiting your application system. We recommend Nessus because it can do scheduled scans daily, weekly, or monthly. For network configuration, we recommend the ManageEngine Network Configuration Manager which provides a set of tools for service monitoring, configurations in routers, firewalls, switches and dashboard. They run constant sweeps to identify breaches of devices and networks and reports on all configurations. One tool that is very useful is if a device or netw ork is hacked or compromised, it will be suspended until we approach the problem. There is a free version but limited tools. The more tools needed and required, the higher level will be best recommended. Upon the release of NIST Cybersecurity Framework version 2.0, we advise you to update to the newest version so you can have the latest protection procedures for your company. To find internal and external vulnerabilities, we must allow penetration to have minimum to no risks of threats. W e recommend Intruders which are automated penetration testings that find weaknesses in your systems. They run online automatically which sometimes they are given the name of vulnerability scanners. They find vulnerabilities in your system soon after they are disclosed such as in firewalls or access lists. Other vulnerabilities include web -layered security problems, infrastructure weaknesses , and security misconfigurations. Intruders offers a year round protection that can conveniently run the scanners at any time. All around, Intruders is simple and easy to use for your penetration and vulnerability testing needs. Cost CyberRely Consulting is made up of an efficient team of IT experts with experience in asset protection, penetration testing, risk and contr ol analysis, network security, and cyber threat management. The team at CyberRely Consulting may need additional funding for the services we are willing to provide . Appending to the service, it is recommended to also add MDR (Managed Detection And Response Solutions) to assist in overcoming cybersecurity difficulties such a lack of resources, raising risk awareness, enhancing their capacity to find and respond to attacks, etc. An overall of our service is listed below: SecurityHQ $ 2,025,000 ● Detect and Response ❖ Managed Detection and Response (MDR) ❖ Managed Extended Detection & Response (XDR) ❖ Managed Endpoint Detection and Response (EDR) ❖ ManageEngine Network Configuration Manager ❖ Network Flow Analytics ❖ User Behaviour Analytics ● Ma nage Security ❖ Managed FireWall ➢ Nessus ❖ Managed Endpoint Protection (EPP) ❖ Managed Endpoint Security (Powered by SentinelOne) ❖ Threat & Risk Intelligence (TRI) ● Cyber Risk Management ❖ Penetration Testing Service ❖ Vulnerability Management as a Service (VMaaS) ➢ Intruders ❖ Cyber Security Controls Assessment ❖ Phishing Attack Simulation Full Time Employee: 25 Senior SOC analyst $1,750,000 10 Junior SOC analyst $1,200,000 Annual training $650,000 Operational Expense s: Product implementation & maintenance $350,000 TOTAL: 5,975,000 Our proposal in using SecurityHQ s an easy, all -in-one packet, ready to use, high quality service for resolving and protecting organization’s assets including intellec tual property, personnel data, business systems, and brand integrity. As part of SecurityHQ, our service will include maintenance in doing updates, upgrades, record keeping, storage capacity and many more.