Solved

RFP IT Security Provider

Posted on 2015-02-03
1
314 Views
Last Modified: 2016-03-23
When you RFP for the IT Security provider to implement monitoring, virtual patching, forensic analysis, security incidents, zero day attack software, etc, what did you do? How you’ve selected the provider and what are the things they cover for you? Who were your choices for this?
0
Comment
Question by:HelenIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40588125
It is more of asking the credential and proof of claims in their experience for those mentioned points. Very much what a MSSP can provide as well. Minimally the start off point is always there is need for covering the two scope
a) incident handling framework
b) incident governance lifecycle

Those activities are part and parcel for the above mentioned. Good useful references are below and the provider should very well understand those as it is expected as baseline capability to cover these and demonstrate it.
a) NIST's Cybersecurity framework (recommends the phases of Identify, Protect, Detect, Respond and Recover)
b) ENISA Incident Management guide (covers roles, workflow, lifecycle of triage, resolution, closure, post analysis)
c) ENISA Actionable Information for Security Incident Response (covering actionable info from preparation, stroage, analysis, and distribution)

Note in reference to NIST framework, I do the provider breadth of services covering activities embedded within the
a) Detect (Anomalies and Events, Security Continuous Monitoring and Detection Processes)
b) Response (Response Planning, Communications, Analysis, Mitigation and Improvements)

You can check out Federal one sample RFP covering the aspect of synopsis/solicitation for malware and automated Dynamic Malware Analysis

Also for candidates, the CPNI has previously under the program of  "iDATA: Improving Defences Against Targeted Attack" engaged providers (Qinetiq, BAE and MWR) to share more, I do see they are likely ones in the listing.

Others do include Mandiant (FireEye), CrowdStrike, Dell SecureWorks, and FoxIT which has incident handling experience with their research capability (this is another criteria to verifiable proof that can be asked as provider proof of prior experience )
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question