FEDERAL SUPPLY SERVICE Federal Network Systems LLC - Verizon

More documents

Recommendations

Info

• Firewall Assessment. Verizon Professional Security Services uses proven automated and manual processes to review customers’ Internet, Extranet, or Intranet firewall architectures to ensure that valuable assets are protected from attack. The assessment gathers data on operating system configurations, firewall administrative access, and firewall rule sets. The data are then compared against industry best practices, known security vulnerabilities, and compliance with any existing company security polices. The assessment culminates in a written report with findings and recommendations. • Security Policy Reviews. These are high-level assessments of an organization’s current policies, how they are disseminated to employees, and how they are enforced. The process begins with a customer interview, which results in an assessment of the current written policy. Please note that this review does not include the creation or modification of existing security policy, a service that Verizon offers as Security Policy Planning and Development. The final report will make recommendations about any deficiencies found during the review process. This review typically covers three major areas: - Logical Security. Includes system access control (i.e., log-in), password policy, software configuration and change control, anti-virus protection, acceptable use, data security, privacy, data availability, and data integrity. - Managerial Security. Includes security awareness training, personnel security, organizational structure (division of responsibility), policy enforcement, incident handling procedures, and separation of duties. - Physical Security. Includes building access control, restricted access to computer facilities (e.g., server rooms), and computer location. Can also cover fire-suppression systems, facility construction, or air conditioning. • Security Policy Planning and Development. This service covers all of the basic analysis of the Security Policy Review (logical, managerial, physical security reviews), but goes beyond the review stage to provide businesses with a standard "Best Practices" Security Policy template. The template identifies, recommends, and implements appropriate security policy and policy-specified safeguards to help protect customers’ information assets. Key components include: - Assessment of the full range of security policy and planning, including privacy, confidentiality, administration, Internet access, remote access, incident handling, audit requirements, roles and responsibilities, training and awareness, etc. - Draft Security Policy - Presentation of Draft Policy - Final Security Policy with high-level implementation plan • Technology Planning for Security Safeguards. This service helps customers select the best security solutions for their needs from a broad range of security consulting services. Verizon security consultants provide two (2) days of onsite consulting services to help customers select, design, and configure a robust security solution. Verizon offers technology planning services for the following security safeguards: - Firewalls - Two-Factor Authentication - Intrusion Detection Systems - PKI/ LDAP/ X.500 - Virus Protection - Physical Security - Content Filtering - Biometrics - URL Filtering - RADIUS Servers - Encryption • Customer Training (Awareness, Executive Security, and IT Security). Verizon offers three types of training sessions for customers, which include Awareness Training, Executive Security Training (different from the pre-sales Executive Security Briefing), and IT Security Training.
- Security Awareness Training. Awareness Training follows the development of an information security policy. Once the security policy has been created and implemented, it should remain as the guideline for acceptable system use, and users should be informed of this through an awareness training session. Verizon offers awareness training sessions that: - Educate users about acceptable use of system assets - Explain the reasons why the company must protect its information assets - Review threats, including social engineering - Address the penalties for noncompliance - Executive Security (IT) Security Training. Executive-level training follows a complete investigative research of a customer's security network, and is intended to equip management with information on threats from the Internet, underground chat rooms, anarchy and hacktivists sites, etc., to determine if the customer is the subject of any potential attack. - IT Security Training. This training educates, informs, and guides IT personnel in planning, designing, implementing, and adhering to best security practices related to the need or environment. • Risk Assessment and Compliance Audits. Verizon has a unique set of skills and experience to ensure that customers receive the most comprehensive and cost-effective risk assessment and vulnerability analysis available. Verizon uses a custom-developed assessment methodology and tools to conduct comprehensive analysis of the security risks associated with the customer’s computing environment. Our security engineers know how the "bad guys" attack systems. When conducting assessments, our engineers think like hackers, and can exploit even the smallest of vulnerabilities. Verizon offers Basic and Advanced levels of Security Audits. • Computer Incident Response Team (CIRT) Retainer Program. Verizon’s CIRT and Cyber Crimes Unit have the experience and know-how to respond to today’s network intrusions and security events. The CIRT Retainer Program includes Incident Response Planning, CIRT Training, and CIRT Response. Verizon provides expert guidance in detection, containment, internal reporting, external disclosure, and investigation. Computer crime investigation and computer forensics are esoteric fields, and few individuals or corporations have the depth of experience as Verizon's CIRT and Cyber Crimes Unit. Configuration Management of the Common Operating Environment Verizon MNS SiteWatch. MNS SiteWatch provides a scalable management and maintenance solution for customers’ data CPE. Letting Verizon take care of ensuring optimum performance of the data network lets customers focus their enterprise expertise on core business and strategic initiatives. The SiteWatch service offers three packaged solutions to meet customers' needs. These solutions offer a flexible set of feature choices, including fault detection and isolation, Web-based performance reports, and Move, add, and change (MAC) activities. All services include 24x7 proactive monitoring and combined data network management and maintenance capabilities. Verizon provides: • Fault Management. Fault detection and isolation, maintenance dispatch, carrier coordination, and web-based trouble ticketing. Four maintenance coverage options are available. This is positioned as enhanced maintenance. • Performance Management. Fault Management components, plus web-based performance reporting. Also included is a quarterly performance assessment. • Configuration Management. Performance Management components, plus software configuration capabilities, including MAC activities and software backup and restoral SiteWatch Configuration Management. SiteWatch Configuration Management offers customers end-toend WAN management solutions. This service offers all of the benefits of SiteWatch Fault Management and Performance Management, plus Configuration Management, to help ensure configuration data storage in case of device or configuration loss. SiteWatch Configuration Management helps customers maximize their network performance and minimize downtime by proactively monitoring their network and resolving all network faults for covered portions of
Page 1 and 2: FEDERAL SUPPLY SERVICE AUTHORIZED I
Page 3 and 4: INFORMATION FOR ORDERING OFFICES AP
Page 5 and 6: 8. Trade Agreements Act of 1979, as
Page 7 and 8: 13.1 FEDERAL INFORMATION PROCESSING
Page 9 and 10: the contract, based on the potentia
Page 11 and 12: c. The Contractor agrees to provide
Page 13 and 14: Simulation of thirteen different se
Page 15 and 16: TERMS AND CONDITIONS APPLICABLE TO
Page 17 and 18: ceiling price for individual tasks
Page 19 and 20: 11 INVOICES The Contractor, upon co
Page 21 and 22: To facilitate the migration, Verizo
Page 23 and 24: - Enterprise Performance. High-avai
Page 25: Security Services (Antivirus progra
Page 29 and 30: Please note that installation optio
Page 31 and 32: B7. Sustaining Engineer B8. Junior
Page 33 and 34: A. MANAGEMENT (A1-A3) These positio
Page 35 and 36: independently and lead large techno
Page 37 and 38: (3) Education and Other Requirement
Page 39 and 40: corporate Information Management gu
Page 41 and 42: evaluations for vendor equipment. A
Page 43 and 44: (a) Substitution. Two (2) to four (
Page 45 and 46: analyses to provide comparative dat
Page 47 and 48: (a) Substitution. Education may be
Page 49 and 50: (a) Total Experience. Five (5) year
Page 51 and 52: efinements, reducing operating time
Page 53 and 54: (1) Experience Requirements: (a) To
Page 55 and 56: Federal Network Systems LLC (FNS) C
Page 57 and 58: Federal Network Systems LLC (FNS) C

FEDERAL SUPPLY SERVICE Federal Network Systems LLC - Verizon

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?