RFP: Security Services

By Greg Shipley our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/  You've heard the warnings, you've seen the books and you've read the headlines. The Department of Justice, the CIA, NASA, the Department of Commerce and even Yahoo! are just a few of the organizations that have publicly fallen victim to electronic sabotage. In 1997 alone, CERT (Computer Emergency Response Team) handled more than 39,000 incidents affecting more than 140,000 sites. Your organization recently connected to the Internet, but even if it hadn't, internal security is not where it should be, which could prove troublesome. You've finally been convinced that things need to change. So now what? Where do you go? Where do you start? In the newest chapter of Network Computing's RFP series, we set ou t to address one of the largest growing concerns among IT directors and administrators: network security. Our latest creation, Proprietary Rubbish Information Systems (PRIS), is a midsized company with about 6,000 employees. It has built its business on gathering innovative solutions to smelly problems and reselling this information to large companies in the waste management industry. PRIS has been successful enough over the years to have opened offices in four countries and 15 states. Although PRIS would not be deemed a "high-profile" organization, its data and networks are critical to the success of its business. And like most companies, PRIS cannot afford to have its enterprise systems compromised or disabled. PRIS' networking infrastructure comprises a mix of Unix, Microsoft Windows NT and Novell NetWare, with a single mainframe running OS/390. Most clients run Windows95; a handful of workgroups exists. Branch offices are connected to one of several hub offices via dedicated circuits. The bulk of the file and print services resides on NetWare servers, some of which have been updated to NetWare 4.11, but most still run version 3.12. The entire U.S. division is part of single NDS tree, while the European branches are moving toward NT version 4 and a multimaster domain model. PRIS faces the same security issues as other companies of its size: few IT security-related policies, little contingency planning, poor general security awareness, misconfiguration of existing equipment, unknown security threats, frequent use of contractors and a general lack of internal expertise in the area of risk analysis. Fortunately, upper management at PRIS has acknowledged some of these issues and taken a proactive stance to address them before a costly incident arises. However, like most companies that size, PRIS does not have sufficient staff or tools for thorough evaluation of its current enterprise security structure, much less for maintaining it. Rat her than leaving it to chance, PRIS decided to bring in experts to establish and maintain a more secure environment.

For an Adobe Acrobat format version of the Comparison of Estimates graphic , click here. Complete Proposals Digital Equipment Entrust Miora Systems Consulting Price Waterhouse WheelGroup Other Articles by Greg Shipley Managing Digital Keys WorldSecure Server Combats E-Mail Plagues Certificate Authorities: How Valuable Are They? Related Links RFP: Detailed Solutions for WAN Tehnology Unlocking Virtual Private Networks RFP: Corporate Intranets RFP Collaborative Computing Solutions Bridging The Business-to-Business Authentication Gap