DUNS CAGE 5T5C3

Similar documents
Les joies et les peines de la transformation numérique

Handling Complex and Difficult Privacy and Information Security Issues

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Department of Management Services REQUEST FOR INFORMATION

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

BHConsulting. Your trusted cybersecurity partner

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

BHConsulting. Your trusted cybersecurity partner

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

The Evolving Threat to Corporate Cyber & Data Security

Strategies for Deriving Maximum Benefit From Audit. Allan Boardman CyberAdvisor.London

Cyber Security Incident Response Fighting Fire with Fire

NERC Staff Organization Chart

Effective Cyber Incident Response in Insurance Companies

A Global Look at IT Audit Best Practices

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

Position Description IT Auditor

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Request for Proposal (RFP)

Application for Certification

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

MassMutual Business Continuity Disclosure Statement

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

INFORMATION TECHNOLOGY AUDIT &

building for my Future 2013 Certification

Must Have Items for Your Cybersecurity or IT Budget in 2018

ISACA Enterprise. Solutions and Resources

Information Security Program Audit Introduction and Survival Guide

Building a BC/DR Control Library and Regulatory Response Program

RISK MANAGEMENT FRAMEWORK COURSE

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

Critical Infrastructure Protection for the Smart Grid

Cybersecurity & Privacy Enhancements

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Cyber, Information Security, and Data Protection

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

PLEASE NOTE. - Text the phrase MICHAELBERWA428 to the number /23/2016 1

Vice President and Chief Information Security Officer FINRA Technology, Cyber & Information Security

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

REQUEST FOR EXPRESSIONS OF INTEREST

How to Conduct a Business Impact Analysis and Risk Assessment

Cyber Resilience. Think18. Felicity March IBM Corporation

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Business Continuity Planning

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

Digital Health Cyber Security Centre

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

IT-CNP, Inc. Capability Statement

Public Safety Canada. Audit of the Business Continuity Planning Program

WHITE PAPER- Managed Services Security Practices

50+ Incident Response Preparedness Checklist Items.

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

IS Audit and Assurance Guideline 2002 Organisational Independence

FDIC InTREx What Documentation Are You Expected to Have?

Could the BIGGEST Threat to Your Business be INSIDE Your Company?

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

locuz.com SOC Services

Business Continuity Management Standards A Side-by-Side Comparison

ISO 27001:2013 certification

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Defensible Security DefSec 101

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

CYBERSECURITY MATURITY ASSESSMENT

Incident Response and Cybersecurity: A View from the Boardroom

Taking the Mystery Out of Counting CPE. Opening Remarks

Incident Response Services

4A Healthcare Data Security & Privacy

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Mohammad Shahadat Hossain

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

IT Vulnerabilities: What an IT Auditor Should be Thinking About

NERC Staff Organization Chart Budget

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

TRAINING SEMINAR COURSE OUTLINE October

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

HITRUST CSF: One Framework

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Security and Privacy Governance Program Guidelines

COPYRIGHTED MATERIAL. Index

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

itsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

Capabilities Statement W. Catawba Ave Cornelius NC (704) Phone (800) Fax

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

Chapter 4 After Incident Detection

Continuing Professional Education Policy

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

CyberVista Certify cybervista.net

Cybersecurity Overview

Memphis Chapter. President s Message. This annual event is designed to provide students with a

Sirius Security Overview

Transcription:

Response to Department of Management Services Cyber Security Assessment, Remediation, and Identity Protection, Monitoring and Restoration Services Request For Information 131 Guilford Road, Bloomfield Hills MI 48304 Office and Fax (866) 531-8620 www.securelyyoursllc.com Small Minority Owned Business DUNS 832707884 CAGE 5T5C3

Response to RFP No. 725-10936 Table of Contents Introduction... 3 Background... 3 Contact Information... 4 Response to Section IV... 4 131 Guilford Road, Bloomfield Hills, MI 48304 Phone and Fax: 866-531-8620 2

Introduction Response to RFP No. 725-10936 Securely Yours LLC (SY LLC) is focused on providing cost-effective innovative solutions to our clients in the area of Information Security, Privacy, Disaster Recovery, Business Continuity, Incident Response and IT audit. As you will see from our response, we feel we are well qualified to work with and assist Department of Management Services Division of State Purchasing (Department) with their incident response needs. Here are some of the highlights why we are excited to respond to this RFI: The proposed security team has over 100 years of combined experience in conducting vulnerability assessments like the one requested by Department We are the industry leaders when it comes to Incident Response programs and have assisted several clients in this area. We have published several books and articles on the topic of information security. We are frequently quoted in magazines around the world on the topics of information security, business continuity, privacy and IT security risks Our team consists of resources who have extensive large organization experience and majority of our resources have at least one certification (CISSP, CISA, CISM or CPA) We have leveraged our long history of performing this type of work to develop a repeatable and proven methodology. When the assessment approach is repeatable, proven, and structured, clients benefit by receiving service that has been vetted. We have a robust assessment methodology, an architecture design methodology, and security tools that increase our efficiency and reduce project costs and duration Our implementation approach encompasses effective training and education processes to ensure that Department can continue after the security study and mitigate the risks identified in the study We are a 100% minority owned small business entity Our company is 100% dedicated to Information Security and is very familiar with various approaches to conducting information security study as requested by Department Background Securely Yours LLC is a minority owned small business headquartered in Bloomfield Hills, MI. Securely Yours LLC was registered in January 2009. The founder and CEO of the firm, Sajay Rai has over 32 years of experience in information security, business continuity, privacy, IT audits and IT risk. Some of the highlights of his career include: Partner and National Director of Ernst & Young s information security and risk practice from 1999 to 2003 Managing Principal and Executive for IBM s Business Continuity Consulting practice Started IBM s information security practice 1992 and led the global roll out of the practice from 1992 to 1999 Co-Author of a security book Defending the Digital Frontier: A Security Agenda. The book has a Forward from Rudy Giuliani Hold a CPA license and certificates of CISSP and CISM Frequent speaker at national, regional and international conferences 131 Guilford Road, Bloomfield Hills, MI 48304 Phone and Fax: 866-531-8620 3

Response to RFP No. 725-10936 Member of Institute of Internal Auditor s Professional Issues Committee. Board Member of Detroit Chapters of ISACA, IIA and SIM Contact Information Securely Yours LLC is located at 131 Guilford Road, Bloomfield Hills MI 48304. Phone is 248723-5224. Fax is 866-531-8620. The Primary and Secondary SIC codes are 7379 and 7376 (NAIC Codes are 541519, 541513). The key contact is Sajay Rai, President and CEO of Securely Yours LLC. He can be reached at 248-723-5224. Fax is 866-531-8620 and his email is sajayrai@securelyyoursllc.com. Response to Section IV SY LLC has performed many engagements in the area of incident response and have developed a repeatable methodology which is consistent with industry standards including NIST 800-61. The diagram below identifies the phases and the tasks performed within each phase. 131 Guilford Road, Bloomfield Hills, MI 48304 Phone and Fax: 866-531-8620 4

Response to RFP No. 725-10936 SY LLC s responses to specific questions from the Department are listed in the table below: Pre-Incident Services a) Incident Response Agreements b) Assessments c) Preparation d) Cyber Security IR plans e) Training SY LLC Response As part of our consulting services, SY LLC will work with the Department to prepare the Incident Response (IR) policy, plans and procedures. The policy will highlight the overall IR program for the Department. The IR plan will outline the overall plan and the procedures will outline the details of how the incidents are managed within the Department. The phases of the incident management plan are based on NIST 800-61 and include the activities outlined in the pre-incident services required by the Department. The plans created by SY LLC will prepare the Department in managing and handling the incidents. SY LLC will perform an assessment of Department s incident management program and update the documents as required. SY LLC has conducted several training workshops for its clients and will provide appropriate training to the Department as well. We have developed several data breach simulation exercises and tabletop simulations which will assist the Department with the required knowledge to be prepared for unforeseen incidents. Specifically, the following answers are provided to the questions: a) SY LLC will assist the agencies with terms and conditions required to be in place ahead of time so that when an incident occurs, the agencies do not have to deal with such terms and conditions. b) SY LLC will perform an assessment of the current state of agencies and assist the agencies be bettered prepared in case of an incident. This will include the review of the IR plans, crisis management program and the communications plans. c) SY LLC will assist the agencies be prepared in case of an incident. We will assist the 131 Guilford Road, Bloomfield Hills, MI 48304 Phone and Fax: 866-531-8620 5

Response to RFP No. 725-10936 Post-Incident Services a) Breach Service Toll- Free Hotline b) Investigation Cleanup c) Incident Response d) Mitigation Plans e) Identity, Monitoring, Protection and Restoration agencies through simulation exercises and tabletop exercises to prepare for incidents. d) SY LLC will provide services to the agencies, prepare them for cyber security incidents and develop a cyber- security incident plan, including data breach plans to address the incident. e) SY LLC will develop and conduct all incident response related training for the agency. SY LLC will provide consulting services to the Department in every facet of IR process. We will assist the Department during the investigation, cleanup, containment, eradication, follow-up, communication and restoration. Our experience in information security, privacy and compliance prepares us to assist the Department address majority of the cyber related incidents. Specifically, our detailed answers to the service questions are below: a) SY LLC does not provide 24x7 hotline for help desk calls. We will however assist the agencies prepare their current help desk manage and handle the incidents. We will provide the agencies help desk staff training related to incidents so that they are prepared in case of an actual incident. b) SY LLC will provide the agencies with investigation services and will help identify the incident. c) SY LLC will provide onsite assistance if needed to respond to any IT related incidents. d) SY LLC will provide mitigation services and assist with mitigation activities during an incident. e) SY LLC does not provide identity monitoring, protection or monitoring at this time. We look forward to working with the Department and provide specific details to your environment. Please let us know if you have any additional questions. 131 Guilford Road, Bloomfield Hills, MI 48304 Phone and Fax: 866-531-8620 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback