IS4799 Information Systems And Cybersecurity Capstone Project.
1
Table of Contents
I.
Executive Summary
i.
II.
Layered Security Solution
Research
i.
ii.
III.
Review of Firm’s Qualifications
Review of Requirements and Clarification Questions
Data Analysis
i.
RFP Clarification Questions
ii.
RFP Technical Requirements and Differences from Existing Controls
iii.
Data Privacy Legal Requirements as per RFP’s Compliance
iv.
Security Assessment Project Plan Definition
v.
Risk Assessment Project Plan Definition
vi.
Risk Prioritization and Mitigation Project Plan Definition
vii.
Risk Mitigation Actions Based on Qualitative Risk Assessment’s Risk
Prioritization
…show more content…
•
Cannot have any active managed security service provider contracts with any other agency in this state: We do no have any active contracts and are in the process of expanding our own business in the state of Georgia.
6
We can provide samples of previous reports for other clients that contain four of the five fields you requested:
•
Risk Assessment
•
Vulnerability Assessment
•
Penetration Testing
•
Business Continuity Plan/Disaster Recovery Plan (BCP/DRP)
SecureTECH has identified gaps in two areas that the state of Georgia’s minimum requirements request:
•
Must maintain at least one permanent office in this state: We are currently looking to expand our business but have not yet decided on the best location for our organization.
•
Provide previous reports for other clients for source code review:
SecureTECH does not have the means to assess source code security and does not employ development security specialists.
Data Analysis
RFP Clarification Questions
After reviewing the State of Georgia’s RFP for technology consulting services,
SecureTECH has identified the following questions:
1. The scope of the RFP states the State want a review of its entire system security program. How
3. According to to the text, which best describes a major goal of the DEA?
An agency relationship is a fiduciary relationship that is created with a written contract or oral agreement.
Any employment contract providing for direct services to a Federal agency by an individual or individuals; or
official felt it was important for the government to have some oversight and to have
Consider your case-study industry and the security discussions that are taking place there. Consider the security discussions that are taking place in this seminar. Delve into the models that have been explored and articulate what you and your colleagues think of these conceptual frameworks. Assess the overall value of models and frameworks to your industry's security environment. Reference sources and the interview will be essential to the success of this particular assignment.
information might be granted. In order for security policies to be effective, they must be
* Facility Security - There was not much mention of the physical security aspects that are employed at each site. Recommend doing a comprehensive review of the physical security of each complex and recommend security features to each distinct location. Highly recommend the corporate office shift to a common access card (CAC) entry to the facility.
◦Conducts an evaluation pursuant to 34 CFR 300.304 through 34 CFR 300.306 (if determined to be necessary by the new public agency); and
P1. Identify the threats and the consequences of a failure in securities that exist to the security of people, property and premises in a public service.
One weaknesses that still exists within the protocols defined by the FPS is the inspector-based workforce may hinder their ability to protect federal facilities. “Under its inspector-based workforce approach, FPS will rely more on local police departments
Knowledge of the provisions and application of the FOIA/PA and national security provisions, as well as relevant case law.
3. Grant Monitoring and Follow-Up - Ensure fiscal integrity and accountability of federal funds and improve compliance with all federal grant requirements. This element is linked with the Departmental Strategic Goal #6: Improvement Program Management and Strategy.
1. What are some of the emerging IT security technologies that should be considered in solving the Problem related to the case?
If the execution of work to be performed by your company requires the hiring of sub-contractors you must clearly state this in your proposal. Sub-contractors must be identified and the work they will perform must be defined. In your proposal please provide the name, address, and EIN of the sub-contractor. The AGENCY XYZ of Rock Hopper County will not refuse a proposal based upon the use of sub-contractors; however we retain the right to refuse the sub-contractors you have selected. Provisions of this RFP and the contents of the successful responses are considered available for inclusion in final contractual obligations. 3. CONTRACT TERMS The AGENCY XYZ of Rock Hopper County will negotiate contract terms upon selection. All contracts are subject to review by AGENCY XYZ legal counsel, and a project will be awarded upon signing of an agreement or contract, which outlines terms, scope, budget and other necessary items.
13. Which members of an organization are involved in the security system development life cycle? Who leads the process?