Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

RFP IT Security Provider

When you RFP for the IT Security provider to implement monitoring, virtual patching, forensic analysis, security incidents, zero day attack software, etc, what did you do? How you’ve selected the provider and what are the things they cover for you? Who were your choices for this?
0
HelenIT
Asked:
HelenIT
1 Solution
 
btanExec ConsultantCommented:
It is more of asking the credential and proof of claims in their experience for those mentioned points. Very much what a MSSP can provide as well. Minimally the start off point is always there is need for covering the two scope
a) incident handling framework
b) incident governance lifecycle

Those activities are part and parcel for the above mentioned. Good useful references are below and the provider should very well understand those as it is expected as baseline capability to cover these and demonstrate it.
a) NIST's Cybersecurity framework (recommends the phases of Identify, Protect, Detect, Respond and Recover)
b) ENISA Incident Management guide (covers roles, workflow, lifecycle of triage, resolution, closure, post analysis)
c) ENISA Actionable Information for Security Incident Response (covering actionable info from preparation, stroage, analysis, and distribution)

Note in reference to NIST framework, I do the provider breadth of services covering activities embedded within the
a) Detect (Anomalies and Events, Security Continuous Monitoring and Detection Processes)
b) Response (Response Planning, Communications, Analysis, Mitigation and Improvements)

You can check out Federal one sample RFP covering the aspect of synopsis/solicitation for malware and automated Dynamic Malware Analysis

Also for candidates, the CPNI has previously under the program of  "iDATA: Improving Defences Against Targeted Attack" engaged providers (Qinetiq, BAE and MWR) to share more, I do see they are likely ones in the listing.

Others do include Mandiant (FireEye), CrowdStrike, Dell SecureWorks, and FoxIT which has incident handling experience with their research capability (this is another criteria to verifiable proof that can be asked as provider proof of prior experience )
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now