2. QUALIFICATIONS
Established in Indianapolis, Indiana - 2002
Provide database performance tuning and
security services for database applications.
In 2006, Project Manager was added
Current focus is to provide security services to
state and federal government agencies of which
are compliant through security regulations.
3. COMPARISON OF QUALIFICATIONS
AND
RFP MINIMUM REQUIREMENTS
10 years
22 employees
8 employees - RFP NUMBER: 427.04-107-08
Complete security assessments, penetration tests,
policy creation, and regulatory compliance assistance
Gross sales annually are $1.6 million (U.S. Dollars)
Contract outsourced services for reviewing source
code and development security specialists
4. MAJOR CONTRACTS
Four major contracts
Previously selected for :
Vulnerability Assessments
Penetration Tests
Risk Assessment
Source Code Review
Business Continuity Plan
Disaster Recovery Plan
5. CURRENT PROJECTS
Strategic Compensation and Performance
Management Analysis
Auditing and Infrastructure Security
Soundness and Consulting
Network Security Upgrade and Equipment
Security Compliance Requirements
7. PROBLEM STATEMENT
Protect data
Data management
Network assessment
Mitigation process
Alleviate concerns
Network tests
Source code reviews
Confidential security clearances
4750 Wesley Avenue, Norwood,Ohio 45212
NOTICE OF INTENT TO PROPOSE
December 19, 2011
Brian Henebry, Coordinator
Department of Finance and Administration
State Government Tower, 12th
Floor
312 8th
Avenue North
Capitol City, NY 12345-1200
Dear Mr. Henebry:
PCMJ Security Services is responding to RFP-427.04-107-08 for Information Security
Assessment Services (ISAS) Consultants with interest of submitting a proposal to the State
Government, Department of Finance and Administration. By submitting this notice of intent to
propose, we agree to provide a Technical Proposal, Cost Proposal and ensure compliance with
project specifications. We are sure that the State of Ohio is committed to contracting only the
best organizations to strengthen the State’s security posture.
PCMJ specializes in vulnerability assessments, penetration tests and source code
reviews with an excellent record in security services. We heartily submit this notice of intent to
propose in response to RFP-427.04-107-08 and ensure that this is an appropriate mission for
PCJM Security Services. Should you have further questions, RFP amendments or other
communications regarding RFP-427.04-107-08, please feel free to contact me or write
responsively. Please contact Pamela R. Gist, Project Manager at the address below or by email
at pgist@email.itt-tech.edu.
In addition, PCMJ Security Services would like to request a written copy of the State
Information Resources Architecture (technical architecture). Please mail to the attention of
Pamela R. Gist, Project Manager at the address above. Our firm is committed to providing
“excellent security consultation”.
Sincerely,
Pamela R. Gist
Pamela R. Gist
Project Manager
8. GAP ANALYSIS
Field office in Ohio
Review source code
Development security specialists
Hot site in addition to the office
space
9. Proof of insurance
Business and professional licenses
Complete online contractor registration
All work is subject to:
Inspection
Evaluation
Acceptance
13. Physical security
Boundaries, doors, locks
Network controls
IDS/IPS, Firewall
Workstation
- Antivirus, updates, account controls
User controls
Acceptable Use Policy, Training
14. Target system owners/ key systems
6-8 hours/classroom instruction
Located at state headquarters
Include approved curriculum
Certificates for completed courses
15. Business Impact Analysis (BIA)
Business Continuity Plan (BCP)
Disaster Recovery Plan (DRP)
Incident Response
Infrastructure Protection
Planning
Implementation
16. Critical business functions
Critical resources
Recovery time objective
Recovery point objective
17. Members of Incident Response
Team (IRT)
Roles
Responsibilities
25. PROJECT COST
•Management Team $100.00 per hour
•Customer Support Team $50.00 per hour
•Restoration Team $50.00 per hour
•Incident Response Team $75.00 per hour
26. Compliance
• Gap Analysis
& Removal
• Port Scan
• Audit
• Mitigation
• Violation
Prevention
• Security Policy
• Acceptable
Use Policy
• Remote
Access Policy
TechnicalDescription
• Critiqued
• Analyzed
• Reviewed
• Infrastructure
Tests
• Data Disposal
• Training
• Confidentiality
Agreement
• Progress
Reports
Requirements
• Insurance
Coverage
• Review
Source Code
• Review IT
Architecture
• Document
Projected
Costs
• Hire 3
Contract
Development
Security
Specialists
Benefits of our Recommendations