DUNS CAGE 5T5C3

Transcription

1 Response to Department of Management Services Cyber Security Assessment, Remediation, and Identity Protection, Monitoring and Restoration Services Request For Information 131 Guilford Road, Bloomfield Hills MI Office and Fax (866) Small Minority Owned Business DUNS CAGE 5T5C3

2 Response to RFP No Table of Contents Introduction... 3 Background... 3 Contact Information... 4 Response to Section IV Guilford Road, Bloomfield Hills, MI Phone and Fax:

3 Introduction Response to RFP No Securely Yours LLC (SY LLC) is focused on providing cost-effective innovative solutions to our clients in the area of Information Security, Privacy, Disaster Recovery, Business Continuity, Incident Response and IT audit. As you will see from our response, we feel we are well qualified to work with and assist Department of Management Services Division of State Purchasing (Department) with their incident response needs. Here are some of the highlights why we are excited to respond to this RFI: The proposed security team has over 100 years of combined experience in conducting vulnerability assessments like the one requested by Department We are the industry leaders when it comes to Incident Response programs and have assisted several clients in this area. We have published several books and articles on the topic of information security. We are frequently quoted in magazines around the world on the topics of information security, business continuity, privacy and IT security risks Our team consists of resources who have extensive large organization experience and majority of our resources have at least one certification (CISSP, CISA, CISM or CPA) We have leveraged our long history of performing this type of work to develop a repeatable and proven methodology. When the assessment approach is repeatable, proven, and structured, clients benefit by receiving service that has been vetted. We have a robust assessment methodology, an architecture design methodology, and security tools that increase our efficiency and reduce project costs and duration Our implementation approach encompasses effective training and education processes to ensure that Department can continue after the security study and mitigate the risks identified in the study We are a 100% minority owned small business entity Our company is 100% dedicated to Information Security and is very familiar with various approaches to conducting information security study as requested by Department Background Securely Yours LLC is a minority owned small business headquartered in Bloomfield Hills, MI. Securely Yours LLC was registered in January The founder and CEO of the firm, Sajay Rai has over 32 years of experience in information security, business continuity, privacy, IT audits and IT risk. Some of the highlights of his career include: Partner and National Director of Ernst & Young s information security and risk practice from 1999 to 2003 Managing Principal and Executive for IBM s Business Continuity Consulting practice Started IBM s information security practice 1992 and led the global roll out of the practice from 1992 to 1999 Co-Author of a security book Defending the Digital Frontier: A Security Agenda. The book has a Forward from Rudy Giuliani Hold a CPA license and certificates of CISSP and CISM Frequent speaker at national, regional and international conferences 131 Guilford Road, Bloomfield Hills, MI Phone and Fax:

4 Response to RFP No Member of Institute of Internal Auditor s Professional Issues Committee. Board Member of Detroit Chapters of ISACA, IIA and SIM Contact Information Securely Yours LLC is located at 131 Guilford Road, Bloomfield Hills MI Phone is Fax is The Primary and Secondary SIC codes are 7379 and 7376 (NAIC Codes are , ). The key contact is Sajay Rai, President and CEO of Securely Yours LLC. He can be reached at Fax is and his is sajayrai@securelyyoursllc.com. Response to Section IV SY LLC has performed many engagements in the area of incident response and have developed a repeatable methodology which is consistent with industry standards including NIST The diagram below identifies the phases and the tasks performed within each phase. 131 Guilford Road, Bloomfield Hills, MI Phone and Fax:

5 Response to RFP No SY LLC s responses to specific questions from the Department are listed in the table below: Pre-Incident Services a) Incident Response Agreements b) Assessments c) Preparation d) Cyber Security IR plans e) Training SY LLC Response As part of our consulting services, SY LLC will work with the Department to prepare the Incident Response (IR) policy, plans and procedures. The policy will highlight the overall IR program for the Department. The IR plan will outline the overall plan and the procedures will outline the details of how the incidents are managed within the Department. The phases of the incident management plan are based on NIST and include the activities outlined in the pre-incident services required by the Department. The plans created by SY LLC will prepare the Department in managing and handling the incidents. SY LLC will perform an assessment of Department s incident management program and update the documents as required. SY LLC has conducted several training workshops for its clients and will provide appropriate training to the Department as well. We have developed several data breach simulation exercises and tabletop simulations which will assist the Department with the required knowledge to be prepared for unforeseen incidents. Specifically, the following answers are provided to the questions: a) SY LLC will assist the agencies with terms and conditions required to be in place ahead of time so that when an incident occurs, the agencies do not have to deal with such terms and conditions. b) SY LLC will perform an assessment of the current state of agencies and assist the agencies be bettered prepared in case of an incident. This will include the review of the IR plans, crisis management program and the communications plans. c) SY LLC will assist the agencies be prepared in case of an incident. We will assist the 131 Guilford Road, Bloomfield Hills, MI Phone and Fax:

6 Response to RFP No Post-Incident Services a) Breach Service Toll- Free Hotline b) Investigation Cleanup c) Incident Response d) Mitigation Plans e) Identity, Monitoring, Protection and Restoration agencies through simulation exercises and tabletop exercises to prepare for incidents. d) SY LLC will provide services to the agencies, prepare them for cyber security incidents and develop a cyber- security incident plan, including data breach plans to address the incident. e) SY LLC will develop and conduct all incident response related training for the agency. SY LLC will provide consulting services to the Department in every facet of IR process. We will assist the Department during the investigation, cleanup, containment, eradication, follow-up, communication and restoration. Our experience in information security, privacy and compliance prepares us to assist the Department address majority of the cyber related incidents. Specifically, our detailed answers to the service questions are below: a) SY LLC does not provide 24x7 hotline for help desk calls. We will however assist the agencies prepare their current help desk manage and handle the incidents. We will provide the agencies help desk staff training related to incidents so that they are prepared in case of an actual incident. b) SY LLC will provide the agencies with investigation services and will help identify the incident. c) SY LLC will provide onsite assistance if needed to respond to any IT related incidents. d) SY LLC will provide mitigation services and assist with mitigation activities during an incident. e) SY LLC does not provide identity monitoring, protection or monitoring at this time. We look forward to working with the Department and provide specific details to your environment. Please let us know if you have any additional questions. 131 Guilford Road, Bloomfield Hills, MI Phone and Fax: