SlideShare une entreprise Scribd logo

PCMJcapstone

P
Pamela R. Gist
1  sur  27
Télécharger pour lire hors ligne
STATE GOVERNMENT DEPARTMENT OF FINANCE AND ADMINISTRATION DUE DATE: FEBRUARY 25, 2012
QUALIFICATIONS Established in Indianapolis, Indiana - 2002 Provide database performance tuning and security services for database applications. In 2006, Project Manager was added Current focus is to provide security services to state and federal government agencies of which are compliant through security regulations.
COMPARISON OF QUALIFICATIONS AND RFP MINIMUM REQUIREMENTS 10 years 22 employees 8 employees - RFP NUMBER: 427.04-107-08 Complete security assessments, penetration tests, policy creation, and regulatory compliance assistance Gross sales annually are $1.6 million (U.S. Dollars) Contract outsourced services for reviewing source code and development security specialists
MAJOR CONTRACTS Four major contracts Previously selected for : Vulnerability Assessments Penetration Tests Risk Assessment Source Code Review Business Continuity Plan Disaster Recovery Plan
CURRENT PROJECTS Strategic Compensation and Performance Management Analysis Auditing and Infrastructure Security Soundness and Consulting Network Security Upgrade and Equipment Security Compliance Requirements
8 PROJECT DESIGNATE EMPLOYEES: Pamela R. Gist, Project Manager Chris Warren, IT Manager Mychal Dudley, Client Representative Manager John Buchheim, Security Manager Amy Potential, Human Resources Manager Joshua Great, Compliance Manager Theodore Ralls, Legal Representative Paul Johnston, Security Fulfillment Manager
PROBLEM STATEMENT Protect data Data management Network assessment Mitigation process Alleviate concerns Network tests Source code reviews Confidential security clearances 4750 Wesley Avenue, Norwood,Ohio 45212 NOTICE OF INTENT TO PROPOSE December 19, 2011 Brian Henebry, Coordinator Department of Finance and Administration State Government Tower, 12th Floor 312 8th Avenue North Capitol City, NY 12345-1200 Dear Mr. Henebry: PCMJ Security Services is responding to RFP-427.04-107-08 for Information Security Assessment Services (ISAS) Consultants with interest of submitting a proposal to the State Government, Department of Finance and Administration. By submitting this notice of intent to propose, we agree to provide a Technical Proposal, Cost Proposal and ensure compliance with project specifications. We are sure that the State of Ohio is committed to contracting only the best organizations to strengthen the State’s security posture. PCMJ specializes in vulnerability assessments, penetration tests and source code reviews with an excellent record in security services. We heartily submit this notice of intent to propose in response to RFP-427.04-107-08 and ensure that this is an appropriate mission for PCJM Security Services. Should you have further questions, RFP amendments or other communications regarding RFP-427.04-107-08, please feel free to contact me or write responsively. Please contact Pamela R. Gist, Project Manager at the address below or by email at pgist@email.itt-tech.edu. In addition, PCMJ Security Services would like to request a written copy of the State Information Resources Architecture (technical architecture). Please mail to the attention of Pamela R. Gist, Project Manager at the address above. Our firm is committed to providing “excellent security consultation”. Sincerely, Pamela R. Gist Pamela R. Gist Project Manager
GAP ANALYSIS Field office in Ohio Review source code Development security specialists Hot site in addition to the office space
 Proof of insurance  Business and professional licenses  Complete online contractor registration  All work is subject to: Inspection Evaluation Acceptance
Review current policies Analyze current: configuration, settings, codes Test the setup Review findings Implement fixes
Workstation Domain Network Domain System/Application Domain
Review Enhance Develop
 Physical security Boundaries, doors, locks  Network controls IDS/IPS, Firewall  Workstation - Antivirus, updates, account controls  User controls Acceptable Use Policy, Training
 Target system owners/ key systems  6-8 hours/classroom instruction  Located at state headquarters  Include approved curriculum  Certificates for completed courses
 Business Impact Analysis (BIA)  Business Continuity Plan (BCP)  Disaster Recovery Plan (DRP)  Incident Response  Infrastructure Protection Planning Implementation
 Critical business functions  Critical resources  Recovery time objective  Recovery point objective
 Members of Incident Response Team (IRT)  Roles  Responsibilities
 Teams  Notification/activation  Recovery phase  Reconstitution phase  Maintenance
 Disaster/emergency declaration  Communication and response  Critical business operations  Recovery procedures
TIMEFRAME Phased Project Approach RFP Scope of work Testing Implementation Completion Date
WORK SCHEDULE 0% 20% 40% 60% 80% 100% Hours Required
Server • Protection • $75.00 Interview • User/Manager/Per staff member • $65.00 Workstation • Evaluation • $50.00 UPS/Backup • Evaluation • $75.00 per hour
PROJECT COST $0.00 $20,000.00 $40,000.00 $60,000.00 $80,000.00 $100,000.00 $120,000.00 Cost
PROJECT SALARIES 15% 11% 14% 21% 6% 9% 11% 13% Project Manager IT Manager Client Representative Manager Security Manager Human Resources Manager Compliance Manager Legal Representative Security Fulfillment Manager
PROJECT COST •Management Team $100.00 per hour •Customer Support Team $50.00 per hour •Restoration Team $50.00 per hour •Incident Response Team $75.00 per hour
Compliance • Gap Analysis & Removal • Port Scan • Audit • Mitigation • Violation Prevention • Security Policy • Acceptable Use Policy • Remote Access Policy TechnicalDescription • Critiqued • Analyzed • Reviewed • Infrastructure Tests • Data Disposal • Training • Confidentiality Agreement • Progress Reports Requirements • Insurance Coverage • Review Source Code • Review IT Architecture • Document Projected Costs • Hire 3 Contract Development Security Specialists Benefits of our Recommendations
Global • Security • Compliance Very • Professional Proven • Integrity

Recommandé

Consultant Profile - Ellen R Shaffer_21JUN2016
Consultant Profile - Ellen R Shaffer_21JUN2016Consultant Profile - Ellen R Shaffer_21JUN2016
Consultant Profile - Ellen R Shaffer_21JUN2016Ellen Shaffer
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionGovernment Technology and Services Coalition
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkChaitanya Bhatt
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowkCura_Relativity
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slidesInSync Conference
 
Computer Hacking Forensic Investigator - CHFI
Computer Hacking Forensic Investigator - CHFIComputer Hacking Forensic Investigator - CHFI
Computer Hacking Forensic Investigator - CHFIEC-Council
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 

Recommandé

Consultant Profile - Ellen R Shaffer_21JUN2016
Consultant Profile - Ellen R Shaffer_21JUN2016Consultant Profile - Ellen R Shaffer_21JUN2016
Consultant Profile - Ellen R Shaffer_21JUN2016Ellen Shaffer
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionGovernment Technology and Services Coalition
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkChaitanya Bhatt
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowkCura_Relativity
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slidesInSync Conference
 
Computer Hacking Forensic Investigator - CHFI
Computer Hacking Forensic Investigator - CHFIComputer Hacking Forensic Investigator - CHFI
Computer Hacking Forensic Investigator - CHFIEC-Council
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook TemplateMark S. Mahre
 
Benefits of Software Asset Management
Benefits of Software Asset ManagementBenefits of Software Asset Management
Benefits of Software Asset ManagementIskandar Ahmat
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsGovernment Technology and Services Coalition
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Cadre network and security assessments
Cadre network and security assessmentsCadre network and security assessments
Cadre network and security assessmentsScott Mcilwaine
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examInfosec
 
Trent Ballentine JRules
Trent Ballentine JRulesTrent Ballentine JRules
Trent Ballentine JRulesTrent Ballentine
 
CompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateCompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateInfosec
 
Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentationlucydavidson
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
 
Pure Gold: Leveraging Software Usage Data to Reduce License Costs & Risk
Pure Gold: Leveraging Software Usage Data to Reduce License Costs & RiskPure Gold: Leveraging Software Usage Data to Reduce License Costs & Risk
Pure Gold: Leveraging Software Usage Data to Reduce License Costs & RiskJohn Emmitt
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowInfosec
 
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...CA Technologies
 
Case Study: How a fortune 500 global security company reduced SoD Auditing by...
Case Study: How a fortune 500 global security company reduced SoD Auditing by...Case Study: How a fortune 500 global security company reduced SoD Auditing by...
Case Study: How a fortune 500 global security company reduced SoD Auditing by...Maria Wilson
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
CompTIA CASP Objectives
CompTIA CASP ObjectivesCompTIA CASP Objectives
CompTIA CASP Objectivessombat nirund
 
Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler, MBA CPA
 
Tony_Reid_Resume
Tony_Reid_ResumeTony_Reid_Resume
Tony_Reid_ResumeTony Reid
 
Proteus OCM Company Profile
Proteus OCM Company ProfileProteus OCM Company Profile
Proteus OCM Company ProfileKGanzy
 
VA Tech Expo Frank McIntire SDVOSB March 2015
VA Tech Expo Frank McIntire SDVOSB March 2015VA Tech Expo Frank McIntire SDVOSB March 2015
VA Tech Expo Frank McIntire SDVOSB March 2015Frank McIntire
 

Contenu connexe

Tendances

SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook TemplateMark S. Mahre
 
Benefits of Software Asset Management
Benefits of Software Asset ManagementBenefits of Software Asset Management
Benefits of Software Asset ManagementIskandar Ahmat
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Cadre network and security assessments
Cadre network and security assessmentsCadre network and security assessments
Cadre network and security assessmentsScott Mcilwaine
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examInfosec
 
CompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateCompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateInfosec
 
Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentationlucydavidson
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
 
Pure Gold: Leveraging Software Usage Data to Reduce License Costs & Risk
Pure Gold: Leveraging Software Usage Data to Reduce License Costs & RiskPure Gold: Leveraging Software Usage Data to Reduce License Costs & Risk
Pure Gold: Leveraging Software Usage Data to Reduce License Costs & RiskJohn Emmitt
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowInfosec
 
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...CA Technologies
 
Case Study: How a fortune 500 global security company reduced SoD Auditing by...
Case Study: How a fortune 500 global security company reduced SoD Auditing by...Case Study: How a fortune 500 global security company reduced SoD Auditing by...
Case Study: How a fortune 500 global security company reduced SoD Auditing by...Maria Wilson
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
CompTIA CASP Objectives
CompTIA CASP ObjectivesCompTIA CASP Objectives
CompTIA CASP Objectivessombat nirund
 
Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler, MBA CPA
 
Tony_Reid_Resume
Tony_Reid_ResumeTony_Reid_Resume
Tony_Reid_ResumeTony Reid
 

Tendances (20)

SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook Template
 
Benefits of Software Asset Management
Benefits of Software Asset ManagementBenefits of Software Asset Management
Benefits of Software Asset Management
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
Cadre network and security assessments
Cadre network and security assessmentsCadre network and security assessments
Cadre network and security assessments
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new exam
 
Trent Ballentine JRules
Trent Ballentine JRulesTrent Ballentine JRules
Trent Ballentine JRules
 
CompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateCompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 update
 
Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentation
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk Management
 
Pure Gold: Leveraging Software Usage Data to Reduce License Costs & Risk
Pure Gold: Leveraging Software Usage Data to Reduce License Costs & RiskPure Gold: Leveraging Software Usage Data to Reduce License Costs & Risk
Pure Gold: Leveraging Software Usage Data to Reduce License Costs & Risk
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
 
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
 
Case Study: How a fortune 500 global security company reduced SoD Auditing by...
Case Study: How a fortune 500 global security company reduced SoD Auditing by...Case Study: How a fortune 500 global security company reduced SoD Auditing by...
Case Study: How a fortune 500 global security company reduced SoD Auditing by...
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
CompTIA CASP Objectives
CompTIA CASP ObjectivesCompTIA CASP Objectives
CompTIA CASP Objectives
 
Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized World
 
Tony_Reid_Resume
Tony_Reid_ResumeTony_Reid_Resume
Tony_Reid_Resume
 

Similaire à PCMJcapstone

Proteus OCM Company Profile
Proteus OCM Company ProfileProteus OCM Company Profile
Proteus OCM Company ProfileKGanzy
 
VA Tech Expo Frank McIntire SDVOSB March 2015
VA Tech Expo Frank McIntire SDVOSB March 2015VA Tech Expo Frank McIntire SDVOSB March 2015
VA Tech Expo Frank McIntire SDVOSB March 2015Frank McIntire
 
Linda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Tom Reinheimer
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_PackageRandy B.
 
New En Softek It Capabilities Brochure March 2011
New En Softek It Capabilities Brochure March 2011New En Softek It Capabilities Brochure March 2011
New En Softek It Capabilities Brochure March 2011harryatensoftek
 
RHMR_Consultant_Profile_RRHarris07232016
RHMR_Consultant_Profile_RRHarris07232016RHMR_Consultant_Profile_RRHarris07232016
RHMR_Consultant_Profile_RRHarris07232016Ronald (RON) Ray Harris
 
DianeOakleyResume20170130
DianeOakleyResume20170130DianeOakleyResume20170130
DianeOakleyResume20170130Diane Oakley
 
Curt Sherrod - Resume
Curt Sherrod - ResumeCurt Sherrod - Resume
Curt Sherrod - Resumecsherrod
 
SLoveless_Resume_20160201
SLoveless_Resume_20160201SLoveless_Resume_20160201
SLoveless_Resume_20160201Sara Loveless
 
Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore.
 
David L Burt Resume
David L Burt ResumeDavid L Burt Resume
David L Burt ResumeDavid Burt
 
Raju 5.7 java
Raju 5.7 javaRaju 5.7 java
Raju 5.7 javaRaju G P
 
Linder,William H IT Auditor 0216
Linder,William H IT Auditor 0216Linder,William H IT Auditor 0216
Linder,William H IT Auditor 0216William Linder
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015Debra McElvy
 

Similaire à PCMJcapstone (20)

Proteus OCM Company Profile
Proteus OCM Company ProfileProteus OCM Company Profile
Proteus OCM Company Profile
 
VA Tech Expo Frank McIntire SDVOSB March 2015
VA Tech Expo Frank McIntire SDVOSB March 2015VA Tech Expo Frank McIntire SDVOSB March 2015
VA Tech Expo Frank McIntire SDVOSB March 2015
 
V Empower Inc.
V Empower Inc.V Empower Inc.
V Empower Inc.
 
Linda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT Security
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
 
New En Softek It Capabilities Brochure March 2011
New En Softek It Capabilities Brochure March 2011New En Softek It Capabilities Brochure March 2011
New En Softek It Capabilities Brochure March 2011
 
RHMR_Consultant_Profile_RRHarris07232016
RHMR_Consultant_Profile_RRHarris07232016RHMR_Consultant_Profile_RRHarris07232016
RHMR_Consultant_Profile_RRHarris07232016
 
DianeOakleyResume20170130
DianeOakleyResume20170130DianeOakleyResume20170130
DianeOakleyResume20170130
 
Curt Sherrod - Resume
Curt Sherrod - ResumeCurt Sherrod - Resume
Curt Sherrod - Resume
 
SLoveless_Resume_20160201
SLoveless_Resume_20160201SLoveless_Resume_20160201
SLoveless_Resume_20160201
 
Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance Analyst
 
David L Burt Resume
David L Burt ResumeDavid L Burt Resume
David L Burt Resume
 
Raju 5.7 java
Raju 5.7 javaRaju 5.7 java
Raju 5.7 java
 
Under Defense
Under DefenseUnder Defense
Under Defense
 
Linder,William H IT Auditor 0216
Linder,William H IT Auditor 0216Linder,William H IT Auditor 0216
Linder,William H IT Auditor 0216
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015
 
VASUDEO RANE
VASUDEO RANEVASUDEO RANE
VASUDEO RANE
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 

PCMJcapstone

  • 1. STATE GOVERNMENT DEPARTMENT OF FINANCE AND ADMINISTRATION DUE DATE: FEBRUARY 25, 2012
  • 2. QUALIFICATIONS Established in Indianapolis, Indiana - 2002 Provide database performance tuning and security services for database applications. In 2006, Project Manager was added Current focus is to provide security services to state and federal government agencies of which are compliant through security regulations.
  • 3. COMPARISON OF QUALIFICATIONS AND RFP MINIMUM REQUIREMENTS 10 years 22 employees 8 employees - RFP NUMBER: 427.04-107-08 Complete security assessments, penetration tests, policy creation, and regulatory compliance assistance Gross sales annually are $1.6 million (U.S. Dollars) Contract outsourced services for reviewing source code and development security specialists
  • 4. MAJOR CONTRACTS Four major contracts Previously selected for : Vulnerability Assessments Penetration Tests Risk Assessment Source Code Review Business Continuity Plan Disaster Recovery Plan
  • 5. CURRENT PROJECTS Strategic Compensation and Performance Management Analysis Auditing and Infrastructure Security Soundness and Consulting Network Security Upgrade and Equipment Security Compliance Requirements
  • 6. 8 PROJECT DESIGNATE EMPLOYEES: Pamela R. Gist, Project Manager Chris Warren, IT Manager Mychal Dudley, Client Representative Manager John Buchheim, Security Manager Amy Potential, Human Resources Manager Joshua Great, Compliance Manager Theodore Ralls, Legal Representative Paul Johnston, Security Fulfillment Manager
  • 7. PROBLEM STATEMENT Protect data Data management Network assessment Mitigation process Alleviate concerns Network tests Source code reviews Confidential security clearances 4750 Wesley Avenue, Norwood,Ohio 45212 NOTICE OF INTENT TO PROPOSE December 19, 2011 Brian Henebry, Coordinator Department of Finance and Administration State Government Tower, 12th Floor 312 8th Avenue North Capitol City, NY 12345-1200 Dear Mr. Henebry: PCMJ Security Services is responding to RFP-427.04-107-08 for Information Security Assessment Services (ISAS) Consultants with interest of submitting a proposal to the State Government, Department of Finance and Administration. By submitting this notice of intent to propose, we agree to provide a Technical Proposal, Cost Proposal and ensure compliance with project specifications. We are sure that the State of Ohio is committed to contracting only the best organizations to strengthen the State’s security posture. PCMJ specializes in vulnerability assessments, penetration tests and source code reviews with an excellent record in security services. We heartily submit this notice of intent to propose in response to RFP-427.04-107-08 and ensure that this is an appropriate mission for PCJM Security Services. Should you have further questions, RFP amendments or other communications regarding RFP-427.04-107-08, please feel free to contact me or write responsively. Please contact Pamela R. Gist, Project Manager at the address below or by email at pgist@email.itt-tech.edu. In addition, PCMJ Security Services would like to request a written copy of the State Information Resources Architecture (technical architecture). Please mail to the attention of Pamela R. Gist, Project Manager at the address above. Our firm is committed to providing “excellent security consultation”. Sincerely, Pamela R. Gist Pamela R. Gist Project Manager
  • 8. GAP ANALYSIS Field office in Ohio Review source code Development security specialists Hot site in addition to the office space
  • 9.  Proof of insurance  Business and professional licenses  Complete online contractor registration  All work is subject to: Inspection Evaluation Acceptance
  • 10. Review current policies Analyze current: configuration, settings, codes Test the setup Review findings Implement fixes
  • 13.  Physical security Boundaries, doors, locks  Network controls IDS/IPS, Firewall  Workstation - Antivirus, updates, account controls  User controls Acceptable Use Policy, Training
  • 14.  Target system owners/ key systems  6-8 hours/classroom instruction  Located at state headquarters  Include approved curriculum  Certificates for completed courses
  • 15.  Business Impact Analysis (BIA)  Business Continuity Plan (BCP)  Disaster Recovery Plan (DRP)  Incident Response  Infrastructure Protection Planning Implementation
  • 16.  Critical business functions  Critical resources  Recovery time objective  Recovery point objective
  • 17.  Members of Incident Response Team (IRT)  Roles  Responsibilities
  • 18.  Teams  Notification/activation  Recovery phase  Reconstitution phase  Maintenance
  • 19.  Disaster/emergency declaration  Communication and response  Critical business operations  Recovery procedures
  • 20. TIMEFRAME Phased Project Approach RFP Scope of work Testing Implementation Completion Date
  • 22. Server • Protection • $75.00 Interview • User/Manager/Per staff member • $65.00 Workstation • Evaluation • $50.00 UPS/Backup • Evaluation • $75.00 per hour
  • 24. PROJECT SALARIES 15% 11% 14% 21% 6% 9% 11% 13% Project Manager IT Manager Client Representative Manager Security Manager Human Resources Manager Compliance Manager Legal Representative Security Fulfillment Manager
  • 25. PROJECT COST •Management Team $100.00 per hour •Customer Support Team $50.00 per hour •Restoration Team $50.00 per hour •Incident Response Team $75.00 per hour
  • 26. Compliance • Gap Analysis & Removal • Port Scan • Audit • Mitigation • Violation Prevention • Security Policy • Acceptable Use Policy • Remote Access Policy TechnicalDescription • Critiqued • Analyzed • Reviewed • Infrastructure Tests • Data Disposal • Training • Confidentiality Agreement • Progress Reports Requirements • Insurance Coverage • Review Source Code • Review IT Architecture • Document Projected Costs • Hire 3 Contract Development Security Specialists Benefits of our Recommendations
  • 27. Global • Security • Compliance Very • Professional Proven • Integrity