1
Table of Contents
I.
Executive Summary
i.
II.
Layered Security Solution
Research
i.
ii.
III.
Review of Firm’s Qualifications
Review of Requirements and Clarification Questions
Data Analysis
i.
RFP Clarification Questions
ii.
RFP Technical Requirements and Differences from Existing Controls
iii.
Data Privacy Legal Requirements as per RFP’s Compliance
iv.
Security Assessment Project Plan Definition
v.
Risk Assessment Project Plan Definition
vi.
Risk Prioritization and Mitigation Project Plan Definition
vii.
Risk Mitigation Actions Based on Qualitative Risk Assessment’s Risk
Prioritization
IV.
Solution Design
i.
Benefits of Our Recommendations
ii.
Data Privacy Legal Requirements as per RFP’s Compliance
iii.
Procedure to Conduct a Security Assessment and Risk Identification
iv.
Data Security Mitigation Actions Based on Qualitative Risk Assessment
v.
Phased Project Approach and High-Level Project Plan Including
Prioritized Security Controls
2
V.
Evaluation Design
i.
Phased Project Approach and High-Level Project Plan Outline
ii.
High-Level Description of Current Client’s Need
iii.
IT Security Compliance and Governance Gap Analysis Plan Outline
iv.
Compliance Project Plan Definition
v.
Disaster Recovery Plan Outline
vi.
Business Continuity Plan Outline
3
Executive Summary
Layered Security Solution
To ensure the security of business-critical information, it is essential to develop a cohesive multi-layered strategy to address the threats. Traditionally, organizations focus their defensive controls at the perimeter in the belief that this makes it difficult for attackers to penetrate systems. However, once this perimeter is breached, the attackers have relatively free reign within the network. Hardened, perimeter