Resumen

Solo disponible en BuenasTareas
  • Páginas : 9 (2141 palabras )
  • Descarga(s) : 0
  • Publicado : 30 de noviembre de 2011
Leer documento completo
Vista previa del texto
Prepared October 16, 2008

Proprietary and confidential

REQUEST FOR PROPOSAL

Table of Contents
USING THIS TEMPLATE 3

TEMPLATE CONTENTS 3

INTRODUCTION AND BACKGROUND 5

PURPOSE OF THE REQUEST FOR PROPOSAL 5

ADMINISTRATIVE 6

TECHNICAL CONTACT 6

CONTRACTUAL CONTACT 6

DUE DATES 6

SCHEDULE OF EVENTS 7GUIDELINES FOR PROPOSAL PREPARATION 8

PROPOSAL SUBMISSION 8

DETAILED RESPONSE REQUIREMENTS 9

EXECUTIVE SUMMARY 9

SCOPE, APPROACH, AND METHODOLOGY 9

DELIVERABLES 9

PROJECT MANAGEMENT APPROACH 9

DETAILED AND ITEMIZED PRICING 10

APPENDIX: REFERENCES 10

APPENDIX: PROJECT TEAM STAFFING 10

APPENDIX: COMPANY OVERVIEW 10

EVALUATION FACTORS FOR AWARD 11CRITERIA 11

SCOPE OF WORK 12

REQUIREMENTS 12

DELIVERABLES 12

USING THIS TEMPLATE

Foundstone has developed this Request For Proposal (“RFP”) template to help organizations identify and select a quality security vendor to perform professional services work. It also lists questions organizations should consider asking potential vendors to ensure that a thorough and comprehensiveapproach to the project will be taken. This template should apply for a variety of information security projects including:

• External Network Vulnerability Assessment and Penetration Testing
• Internal Network Vulnerability Assessment and Penetration Testing
• Web Application Penetration Testing
• Dial-In / RAS Security Testing
• DMZ or Network Architecture Designs /Reviews
• Wireless Network Assessment and Penetration Testing
• Virtual Infrastructure Security Assessment
• Server Configuration Reviews
• Firewall and Router Configuration Reviews
• VPN Configuration Reviews
• Voice over IP Assessments
• Social Engineering Assessments
• Physical Security Reviews
• Software Source Code Reviews
• Application ThreatModeling and Design Reviews
• Information Security Policy and Procedure Development or Review
• Information Security Risk Assessment
• Security Awareness Program Development or Review
• Incident Response Program Development or Review
• Secure SDLC Program Development or Review
• PCI Quarterly Scans
• PCI Report on Compliance Assessment or Gap Analysis

TEMPLATECONTENTS

The template contains a number of different sections that provide the vendor with a better understanding of the business and technical objectives of the effort. The major sections of the RFP template are:

• Introduction and Background: A description of the project’s objectives plus any additional background about the organization or business objectives that may provide the vendorwith additional useful perspective.

• Administrative Information: Contact information that the vendors will need to prepare and submit their proposal as well as major dates associated with the RFP submission, evaluation and award process.

• Guidelines for Proposal Preparation: Guidelines for vendor communication with the organization are provided in this section and a preferredproposal format is described for the vendor.

• Evaluation Factors for Award: Outlines the criteria that will be used to evaluate the various proposals.

• Statement of Work and Deliverables: This section provides sufficient technical details about the environment to allow a vendor to understand the scope of the effort and price it appropriately. In addition, the deliverables or workproducts required from the project are described.

INTRODUCTION AND BACKGROUND

PURPOSE OF THE REQUEST FOR PROPOSAL

ABC Company is a provider of specific products or services to types of customers in the industry. It has facilities in approximately number locations within the United States, as well as several other locations in Europe and Asia.

ABC Company is interested in conducting a...
tracking img