Department of Management Services REQUEST FOR INFORMATION

Similar documents
SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner

Nebraska CERT Conference

Protect Your Organization from Cyber Attacks

Cyber Security Program

Sage Data Security Services Directory

Continuous protection to reduce risk and maintain production availability

CCISO Blueprint v1. EC-Council

Incident Response Services

CYBERSECURITY MATURITY ASSESSMENT

Threat and Vulnerability Assessment Tool

Securing Your Digital Transformation

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Statement for the Record

CISO as Change Agent: Getting to Yes

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Vulnerability Assessments and Penetration Testing

Forensics and Active Protection

Cybersecurity, safety and resilience - Airline perspective

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

INFORMATION ASSURANCE DIRECTORATE

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Advanced Security Tester Course Outline

Rethinking Information Security Risk Management CRM002

Think Like an Attacker

Certified Information Security Manager (CISM) Course Overview

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Cyber Security. Building and assuring defence in depth

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Defense in Depth Security in the Enterprise

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Cybersecurity, the Challenges Healthcare Faces AUGUST 17, 2018 BUILDING LEADERS TRANSFORMING HOSPITALS IMPROVING CARE HTS3 2018

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Background FAST FACTS

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

PREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation

CYBER RESILIENCE & INCIDENT RESPONSE

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Cyber Risks in the Boardroom Conference

PROFESSIONAL SERVICES (Solution Brief)

CompTIA Cybersecurity Analyst+

6.6 INCIDENT RESPONSE MANAGEMENT SERVICES (INRS) (L )

Building a Resilient Security Posture for Effective Breach Prevention

Automating the Top 20 CIS Critical Security Controls

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

An ICS Whitepaper Choosing the Right Security Assessment

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

SOLUTION BRIEF Virtual CISO

Changing the Game: An HPR Approach to Cyber CRM007

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

IT SECURITY FOR NONPROFITS

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

NCSF Foundation Certification

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

Business continuity management and cyber resiliency

MNsure Privacy Program Strategic Plan FY

locuz.com SOC Services

REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.

Education Network Security

Building cyber security

Cyber Security For Business

ISE North America Leadership Summit and Awards

ISE Canada Executive Forum and Awards

Security Awareness Training Courses

Information Technology General Control Review

State of Security Operations

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Objectives of the Security Policy Project for the University of Cyprus

Cyber Security Risk Management and Identity Theft

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Information Security Risk Strategies. By

Security Incident Management in Microsoft Dynamics 365

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Request for Proposal (RFP)

CYBERSECURITY RESILIENCE

Security Solutions. Overview. Business Needs

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Business Continuity Management Standards A Side-by-Side Comparison

Moving Beyond the Heat Map: Making Better Decisions with Cyber Risk Quantification

Continuous Monitoring and Incident Response

Cybersecurity The Evolving Landscape

Avanade s Approach to Client Data Protection

Choosing the Right Security Assessment

Background FAST FACTS

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

DUNS CAGE 5T5C3

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Transcription:

RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President St, Suite 2300 Baltimore, MD 21202 Telephone: 410-340-3560 Email: rolsen@northstargroupllc.com Website: www.northstargroupllc.com

Table of Contents Introduction... 3 Background... 3 Contact Information... 4 Service Offering... 4 2

Introduction North Star Group, LLC as a vendor under GSA Schedule 70, takes this opportunity to submit our response to the Department of Management Services Request for Information (RFI) for Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services. Our goal is to provide information regarding our skills, knowledge and experience in support of the scope of work that includes Cyber Security support services focused primarily on: 1. Pre-Incident Services 2. Post-Incident Services We have assisted organizations of all sizes and from various industries in assessing and improving their cyber security posture. This proposal will outline North Star Group LLC s prior experiences and how they pertain to the current scope of work. Background North Star Group LLC, founded in 2006, is a veteran-owned professional services firm offering Cyber Security, Project Management, Systems Engineering, Acquisition Management, Enterprise Architecture, Training, Aviation Sciences and Outreach Communications. With a proven track record of leadership, thoroughness and satisfaction, North Star Group assists commercial and U.S. Government clients in meeting their mission while reducing expenses. North Star Group s wholly-owned subsidiary, Comprehensive Applied Security Solutions (COMPASS), develops and implements managed cyber security solutions that enable clients to: Identify and significantly minimize the vulnerability of their IT infrastructure Cost-effectively allocate cyber security-related resources Ensure that staff members are properly educated and trained in cyber security best practices and crisis management Having performed vulnerability scans and penetration tests on over 15,000 nodes, North Star Group has developed a methodology that requires minimal client support, keeping time and resources as a top priority. With client size ranging from 75-12,000 employees, North Star Group has experience working with different organization cultures and tailors their approach to employee training accordingly. 3

North Star Group consulting expertise encompasses the full program management lifecycle from strategic planning to tactical execution, including process and control, process efficiencies and turn-key solutions North Star Group is ISO 9001-2008 compliant and maintains a DCAA compliant cost accounting system, two important qualifications recognized by many U.S. federal agencies. North Star Group is an award winning company recognized on the Inc. 500 list of fastest growing private companies in consecutive years of 2011, 2012 and 2013, along with being recognized by Smart CEO Magazine as one of the 100 best run companies in 2012 and 2013. Our address is: Baltimore Office: 250 South President St, Suite 2300 Baltimore, MD 21202 Washington D.C. Office 801 Pennsylvania Ave NW Suite 700A Washington, DC 20004 Contact Information Primary Contact: Mr. Robert Olsen Chief Executive Officer North Star Group, LLC Mobile: (410) 340-3560 E-Mail: rolsen@northstargroupllc.com Alternate Contact: Mr. Michael Shveda Chief Strategy Officer North Star Group, LLC Mobile: (443) 742-7454 E-Mail: mshveda@northstargroupllc.com Service Offerings 4

Pre-Incident Services: I. IT SECURITY ASSESSMENT Network Vulnerability Scanning Using industry best practices and leading software, COMPASS performs vulnerability scans on the client s network in 2 phases. The first phase, Host Discovery, scans the specified IP block(s) and identifies all active devices. The second phase, Vulnerability Scanning, scans each active device within the specified IP block(s) and identifies the known vulnerabilities. These vulnerabilities can include everything from patch update management to remote access exploits. External Penetration Testing COMPASS scans the client s external facing properties (i.e. web applications, proxy servers, etc.) for known vulnerabilities. Using known exploits for the identified vulnerabilities, our technicians actively attempt to breach the client network. Internal Network Penetration Testing COMPASS uses known exploits for the identified vulnerabilities (generated from the Network Vulnerability Scanning Phase) to penetrate the client s network. Through industry best practices and leading software, our technicians mimic a bad actor/hacker and actively attempt to breach the network. II. POLICY AND PROCEDURE ASSESSMENT COMPASS has defined thirty-six operational areas consisting of 1315 elements that collectively define an organization s overall security posture. Using this pre-defined structure as a standard, we evaluate the client s existing documentation to complete a policy gap analysis and identify weakness within the business unit. The policies we assess include but are not limited to: Incident Response Policy Password management Policy Network management Policy Access Control Management Policy Asset Management Policy 5

III. EMPLOYEE AWARENESS ASSESSMENT Employee Survey To measure the effectiveness of training and knowledge on policies and procedures for information technology, we issue an online scenario-based questionnaire to the client s employees. The survey is made up of 2 parts; cyber security best practices, and client policies. Social Engineering (Phishing) Exercise One of the most common forms of social engineering is a phishing attack. To demonstrate the importance of educating employees of phishing threats, COMPASS employs a mock-phishing exercise to see how employees would react in a real life scenario. The mock-phishing email is customized to fit the client s specifications and mailed to a sample of employees. Data on who clicked the link within the email is generated and provided to the client. This portion of the assessment is also used to test the client s email server and its ability to detect a phishing email. IV. EMPLOYEE TRAINING Employees give way to data breaches every day through common errors in judgment. Onsite and remote education is the best and most cost effective way to inform network users on best practices regarding securing sensitive data. This is why it is integral that organizations incorporate employee awareness training into their cyber security action plan. By educating employees on cyber security best practices, trends, policies, and procedures, organizations can significantly reduce their vulnerability to a data breach. COMPASS utilizes a variety of methods and channels to educate the policyholder s employees: Monthly Cyber Newsletter- COMPASS creates targeted monthly content on current cyber topics, blog posts, and tips that keep security a relevant topic within the organization. Webinars- COMPASS can host webinars on cyber security trends to give employees a chance to ask questions and hear firsthand the importance of keeping data secure. These are intended to be interactive sessions that empower employees with the information necessary to support the organization s goal of securing data. Onsite Training- COMPASS can provide face-to-face security awareness training on security best practices and company policies and procedures. These are intended to be interactive sessions that empower employees with the information necessary to support the organization s goal of securing data. 6

These methods can be used individually or in combination to effectively keep employees educated on cyber security best practices, pitfalls, and policies. COMPASS will work with Allied World policyholders to determine the best and most cost efficient way to educate their employees. COMPASS training staff will discuss the preferred frequency, methods, and goals for the organization s cyber security education and develop an organizational training plan that cost effectively meets the policyholder s requirements. I. EXECUTIVE REPORT DELIVERABLES The executive report provides an outline of the assessment findings. The report is broken out into 3 sections (Technical, Policies, and Employee Awareness). 1. IT Assessment Report a. Using the data found in the IT Security Assessment, COMPASS provides a prioritized list of the exploitable vulnerabilities that were found within the network. This allows the client to focus on the higher risk vulnerabilities first, and then move to the other findings. 2. Policy Assessment Report a. Using the data found in the policy gap analysis, COMPASS creates a chart that outlines the number of elements missing within each of the 36 policies. b. As an additional resource, COMPASS attaches a policy guide that specifies what each of the client s policies should include. This allows the client to write their own policy(s) if they choose to do so internally. 3. Employee Awareness Report a. The data from the employee survey is collected and summarized to define the average score, the completion rate, and the areas that the client should focus on the most when educating their employees. b. The phishing exercise results show the number of clicks that resulted from the phishing test along with a list of which email addresses clicked the link. This is not meant as a disciplinary action, but as a starting point to getting the client s employees educated on potential cyber threats. 7

II. TECHNICAL REPORTS The Technical Report provides the client s technical team further information on the identified vulnerabilities from the IT Assessment. This includes a list of exploited vulnerabilities, a description of each, and suggestions on how to remediate. The size of the report is custom to each engagement and is determined by the number of vulnerabilities identified. Reports that are includes include but are not limited to: Wellness Report Vulnerability Report Vulnerability Validation Report Host Based Activity Report Host Report III. RAW DATA SCANS To ensure COMPASS is giving the client all of the resources needed for remediation, a disc is provided with the raw data scan results. This can consist of over 50,000+ pages of vulnerability reports and allows the client insight into every vulnerability (critical, high, medium, and low priority) so that they may identify and remediate all gaps. IV. EMPLOYEE TRAINING ROADMAP COMPASS provides an employee training roadmap based on the findings of the employee awareness assessment. The type and frequency of training is custom to the organization s industry, size, and culture. This can include but is not limited to: Webinars Seminars Employee Newsletters Dry Runs Post-Incident Services: I. INVESTIGATION/CLEAN-UP North Star Group s security engineers and analysts can provide forensic analysis in the event of a security incident that results is exposure of sensitive, protected data. Our analysts will use a collection of tools to determine the root cause of the incident, the scope of the data impacted, and the likelihood 8

that the hackers are continuing to infiltrate the network. NSG s analysts can assist State agencies with documenting the current state so that in the event of a data breach the infrastructure can be returned to its pre-incident level. II. INCIDENT RESPONSE North Star Group s security engineers and analysts can provide guidance in the event of an incident that encompasses not just technical guidance but also public relations, employee communications, and stakeholder (client) communications as appropriate. NSG personnel can also interact and advise with the State agency s legal and compliance teams to ensure that an integrated and comprehensive approach is taken. III. MITIGATION PLANS One of the key components to robust and effective information security defense is developing incident response and mitigation plans before they are needed. NSG analysts can assist State Agency staff with developing incident response plans that cover all functional areas to include forensic analysis, public relations, internal communications, legal, insurance and any other relevant functional areas and departments. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback