RFP # XXXXXX | Proposal Name Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services Request for Information (RFI) State of Florida, Department of Management Services September 3, 2015 This document contains information that is proprietary and confidential to Phase One Consulting Group, LLC. that shall not be disclosed outside or duplicated, used, or disclosed in whole or in part for any purpose other than to evaluate Phase One Consulting Group, LLC. Any use or disclosure in whole or in part of this information without the express written permission of Phase One Consulting Group, LLC. is prohibited. Submitted by: Jodi Huston, Vice President, [email protected], 571.244.9935 Submitted to: Joel Atkinson, Associate Category Manager, [email protected], 850.488.0950
40
Embed
RFP # XXXXXX | Proposal Name # XXXXXX | Proposal Name Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services Request for Information
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
RFP # XXXXXX | Proposal Name
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
Request for Information (RFI)
State of Florida, Department of Management Services
September 3, 2015
This document contains information that is proprietary and confidential to Phase One Consulting Group, LLC. that shall not be disclosed outside or duplicated, used, or disclosed in whole or in part for any purpose other than to evaluate Phase One Consulting Group, LLC. Any use or disclosure in
whole or in part of this information without the express written permission of Phase One Consulting Group, LLC. is prohibited.
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page 1
1 Introduction
Phase One is a trusted name in Cyber-Security across the federal government
and we bring expertise in the most demanding Cyber policies including the
Federal Information Security Management Act (FISMA), Federal Risk and
Authorization Management Program (FedRAMP), Federal Information
Processing Standards (FIPS), and Federal Information System Controls Audit
Manual (FISCAM).
Phase One is a full lifecycle, global Information
Technology (IT) solutions firm that seeks to radically
change the way that IT is planned, deployed, and
secured. We know that clients need solutions that work without breaking-the-bank and that is why
we specialize in the technologies that leverage modern platforms to achieve incredible results.
Today's IT application technologies have greatly changed the way that solutions can be developed
and deployed and our approach uses these technologies to put traditional firms out-of-business.
Phase One has provided management consulting and IT development services to the federal
government for more than 18 years. We are a minority-owned US business through the RLJ
Equity Partner Group and we bring a team of industry-recognized experts with extensive
corporate reach-back to every interaction. We have demonstrated expertise in professional
services, Cyber-Security, data analysis and processing, IT administrative support, application
development, and management and general administrative support.
Phase One has proven experience and is widely known across government agencies as a highly
skilled IT process, Cyber-Security, and technology management firm. Over the past several
years, more than half of our revenue has come from solution implementations for major agencies
such as Department of Transportation (DOT) and the Department of Agriculture (USDA).
Through our background in architecture–and now implementation–we understand the enterprise
and the technology security challenges associated with the deployment of enterprise solutions
and the culture change required to fully adopt the new processes and technologies accompanying
the solution.
2 Background
Using proven planning and management techniques, Phase One works with its clients to navigate
strategic and tactical crossroads. We focuses our expertise on affecting change by building
trusted relationships across communities, building consensus, and providing technology and
vendor-independent advice. Phase One is made up of four competency areas, as presented in
figure 1 on the following page.
Cyber-Security
The cyber-security competency area is one of Phase One's fastest growing competency areas,
along with Solutions and Infrastructure. Phase One helps clients with the full cyber-security
lifecycle including strategies, plans, and architecture. The cyber-security competency area is
frequently called on to help with the deployment and operations of cyber-security capabilities.
The cyber-security competency area includes individuals with strong cyber-security backgrounds
in planning and operations. All cyber-security employees are encouraged to work actively within
the competency area to develop innovative solutions to common cyber-security challenges.
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page 2
Sharing of intellectual property,
practices, and vulnerability
awareness are just some of the
keys to success for the cyber-
security competency area.
Strategy and Planning
The Strategy and Planning
competency area is deeply rooted
in the Phase One DNA. Even
cyber-security implementation
engagements are heavily
influenced by Phase One's
intellect developed in the
Strategy and Planning
competency area. At Phase One,
all client engagements include a
strategy and planning dimension
as a key differentiator for how
business is done. Clients have
come to expect innovation, proper
planning, and well executed
engagements across all of our contracts. The Strategy and Planning competency area is
responsible for key methodologies focused on cyber-security strategy, transformation, strategic
communications, and complex problem-solving.
Solution and Infrastructure
The Solutions and Infrastructure competency area includes Agile application development and
management, mobile ecosystem development and management, as well as cyber-security and
related service areas. The Solutions and Infrastructure competency area provides Phase One
clients with the end-to-end services needed to help them take advantage of the huge potential for
improvement offered by current and emerging cyber tools and best practices. Many Phase One
clients have saved money and offered better services with new or enhanced cyber solutions
designed and developed by Phase One. The Solutions and Infrastructure competency area has
been a leader in the development of Agile approaches to software design and development.
Management and Organization
The Management and Organization competency area includes professionals with domain
expertise in the design, management and operations of business and government organizations.
Phase One teams are called on to solve many organizational challenges for clients. How
organizations should be designed, governed, and managed is part of the intellectual property
responsibilities of the Management and Organization competency area. Further, Phase One
teams support clients with business process reengineering, business and solution analysis and
design, and organizational change management.
Figure 1 - Phase One’s core capabilities align with the skills and capabilities required for the development of a comprehensive Cyber-Security Strategy.
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
The information on this page is subject to the nondisclosure statement on the cover page. State of Florida RFI, Page 3
3 Contact Information
Company Information Phase One Consulting Group, LLC 99 Canal Center Plaza, Suite 405 Alexandria, VA 22314 www.pocg.com
Point of Contact Ms. Jodi Huston Vice President [email protected] 571.244.9935
4 Response to Section IV
Phase One has the experience and expertise to help the State of Florida accomplish its objectives
in the most cost-effective and forward-thinking manner possible. We take a vendor-agnostic
approach to client technology deployments. This means that our teams thoroughly examine our
client’s needs and make recommendations based not on our corporate partnerships, but rather on
the solutions best suited to solving your problems. We have deployed technologies from all
major manufacturers including Microsoft, Cisco, Symantec, Checkpoint, Palo Alto, Unix/Linux,
BlueCoat, F5, and many more.
As described throughout this document, Phase One has extensive experience supporting projects
similar in scope and criticality to the technical requirements of the State of Florida’s multiple
cyber-security programs.
4.1 Pre-Incident Services
4.1.1 Incident Response Agreement
Yes, Phase One is able to provide this service. Phase One works with clients to establish
thorough terms and conditions, unique to each organization, as to what activities to undertake
with concern to cyber security. By examining the possible scenarios that might take place,
vulnerabilities in systems can be addressed preemptively, and recommendations for responses
will be developed using industry best-practices and case studies.
Department of Transportation. Phase One has assisted DOT, one of the largest US
Government Departments, with Cyber-Security policy development, keeping it aligned with
the requirements of the FISMA, and ahead of the latest threats facing critical organizations
such as the Federal Aviation Administration (FAA). By establishing terms and conditions
for incident response ahead of time, in keeping with federal standards and requirements,
DOT was enabled to respond more rapidly in the event of a cyber-security breach.
Commodity Futures Trading Commission (CFTC). Phase One has implemented multiple
cyber-security tools to meet the SANS Institute’s (SANS) Twenty Critical controls
guidelines, which map directly with the continuous monitoring 800-53 controls, and to
improve the overall security posture of the CFTC network. A Network Access Control
(NAC), Security Information and Event Management (SIEM), Multi-Factor Authentication,
Configuration Integrity Verifier and various Vulnerability Scanning solutions have been
employed by the Phase One team. The security controls addressed helped the CFTC
become compliant with National Institute of Standards and Technology (NIST) 800-53