Solved

RFP IT Security Provider

Posted on 2015-02-03
1
308 Views
Last Modified: 2016-03-23
When you RFP for the IT Security provider to implement monitoring, virtual patching, forensic analysis, security incidents, zero day attack software, etc, what did you do? How you’ve selected the provider and what are the things they cover for you? Who were your choices for this?
0
Comment
Question by:HelenIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40588125
It is more of asking the credential and proof of claims in their experience for those mentioned points. Very much what a MSSP can provide as well. Minimally the start off point is always there is need for covering the two scope
a) incident handling framework
b) incident governance lifecycle

Those activities are part and parcel for the above mentioned. Good useful references are below and the provider should very well understand those as it is expected as baseline capability to cover these and demonstrate it.
a) NIST's Cybersecurity framework (recommends the phases of Identify, Protect, Detect, Respond and Recover)
b) ENISA Incident Management guide (covers roles, workflow, lifecycle of triage, resolution, closure, post analysis)
c) ENISA Actionable Information for Security Incident Response (covering actionable info from preparation, stroage, analysis, and distribution)

Note in reference to NIST framework, I do the provider breadth of services covering activities embedded within the
a) Detect (Anomalies and Events, Security Continuous Monitoring and Detection Processes)
b) Response (Response Planning, Communications, Analysis, Mitigation and Improvements)

You can check out Federal one sample RFP covering the aspect of synopsis/solicitation for malware and automated Dynamic Malware Analysis

Also for candidates, the CPNI has previously under the program of  "iDATA: Improving Defences Against Targeted Attack" engaged providers (Qinetiq, BAE and MWR) to share more, I do see they are likely ones in the listing.

Others do include Mandiant (FireEye), CrowdStrike, Dell SecureWorks, and FoxIT which has incident handling experience with their research capability (this is another criteria to verifiable proof that can be asked as provider proof of prior experience )
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question