Part 2: Solution ProposalsYou now take the role of a cyber security firm who wants the business of the various organizations seeking help, and will respond to the RFPs from other groups with well-rese

JJ Cloud Request for Proposal (RFP) For Cyber Security Services RFP Overview JJ Cloud has invested in this RFP (Request for Proposal) to seek out responses to our current cyber security issues. We are looking for professionals that have experience in the following fields and are offering these services: Service A: Cloud Server Security We are looking to increase our security measures for our cloud based server. We have certain basic securities in place, however w ith our growing employee and customer base, we are seeking to further the security in order to prevent any sensitive information getting out. After performing the enhancements we would also require an assessment of the work done to see how the new securit y details set in place reduce any risk we might have, as well as an audit to check for any other potential security threats. Service B: Web and Mobile Application Security We have also launched a web and mobile app that customers and employees can use to manage their information. For our employees they use the web app to log their hours worked, and to see their paycheck, shifts worked, benefits, etc. For our customers, they can use the mobile app to upgrade their storage and see what files are taking up how much space. We have had incidents where users have been able to access more storage than they had originally been charged for. We’ve also had incidents where users have had their information stolen or deleted without any backups. We are looking for imp roved security features on both of these apps and how they are set up to reach the server. Service C: Future Security In addition to the services outlined above we are also requesting a foundation for a cyber security plan and training protocol, whose ma in goal is to decrease the odds for employee mistakes and also further increase awareness about what security measures we have in place to protect us and our data. Organization Overview This organization is a company that works to help users find an easy and affordable way to store their data. We currently offer a mobile app for customers to manage their account and allow them to organize their data in any way they choose. We also offer customers a repair service where they can mail in their d evices and we can help them with some technical issues. We can also backup their harddrive to their cloud server or restore a backup if they have one already. This company is currently broken up into a bunch of mini departments. We currently have a team of certified computer techs to deal with issues with mailed customer computers and other devices. We also have a customer support team that works with customers to handle any problems or questions they might need help with. Another department we have is an e mployee support department, in which we deal with any issues that our employees might deal with at work, ranging from network issues to paychecks to vacation days. We have a web based app that we currently have in place that all employees are expected t o use. In this app employees can clock in to start their shift, clock out for break, and clock out for the day. Managers can also send messages to other managers or employees and when the employee logs in for the day, the message will appear next to their punch in. This ensures that information is being sent and received efficiently. Technology Environment This section documents the existing technology environment. Vendors reported that they were having some issues with security and getting wrong storage. The current security policies are listed below, and are further expanded in the table following: 1. Secure cloud accounts. 2. Check for free security upgrades. 3. Restrict infrastructure access through firewalls. 4. Tether the cloud. 5. Replace passwords with keys. 6. Turn on auditing and system monitoring. The tables below identify the JJ Cloud’s current technology standards. Technology Current Standard Cisco Meraki Network Infrastructure Meraki’s cloud based management VMware Virtual Environment vSphere Database(s) Amazon Web Services, SAP, Enterprise DB, Garantia Data, Cloud SQL by Google, Azure by Microsoft, Rackspace Aerohive Wi -Fi 802.11ax Palo Alto Firewall Alkira Cloud Firewall Server OS Windows and Linux Desktop OS Google Chrome OS and Microsoft Windows Azure Server Hardware Pro Cloud Server and WebEA Desktop Hardware Windows 10/11, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2 Laptop Hardware HP Cloud Laptop Mobile Hardware Distant Immobile Cloud, Proximate immobile computing entities, Proximate mobile computing entities, and Hybrid (a combination of 1 -3) Browsers Mozilla Firefox, Microsoft Edge, Safari, and Google Chrome Email Server/Client Tutanota, Gmail, Zoho, iCloud email, and Mail.com Virtual Environment VMware Cloud and Cloud computing Storage Area Network Cloud computing and Hybrid approach Active Directory Azure Active Directory VPN HA VPN and Classic VPN Scanners Aqua Security, Wiz, Amazon Inspe ctor, Oracle OCI, Orca Security, Prisma Cloud, Google Cloud Embedded Scanner, Intruder’s CloudBot, Tanable.io Container Security, and Qualys CSPM Printers Google Cloud Print Internet ● Bandwidth ● Redundancy ● 3Mbps or more ● Geographical Redundancy Cybersecurity Assessment JJ cloud highly focuses on maintaining security for our client’s data. Therefore, the goal of cybersecurity assessment is to identify and remove weaknesses, strengthen the security of the data. Vulnerability and penetration testing are limited to the areas that we believe it is safe to perform. What we are looking for the vulnerability and penetration testing services: - Identify and prevent potential risks (threats) that could affect our sy stem and network. - Identify weaknesses in our security and strengthen those weaknesses. - Identify a better option (if any) to secure our system and network. - Identify potential risks for mobile devices and mobile applications. - Strengthen physical security. - Id entify potential risks for our workplace (risks that could be in employees’ computers or laptops). - Most importantly, strengthen security for our data server (database). All services that are performed should be presented and explained clearly to our organ ization representative. Cost Cost will be discussed before the contract. Proposers may negotiate. The cost may vary depending on how clear the efforts have been done. The contract will not be fulfilled unless both, organization and proposer, agree upon th e final cost. Evaluation Every company has different standards, and their own way of evaluating things. Our company will be critiquing the proposals submitted to see if they meet our needs. Some reference points can be found listed below: ● Quality of the solutions to our needs: there can be many different solutions to a problem but we need to see if the solution works for all our platforms. ● If it’s clear and organized: basically if we can understand what you put in the proposal and it’s well organized ● If the solution could actually fix our problems: sometimes the solution could not fix a problem or make the problem worse ● What references you used: sometimes the reference used can be either good or bad ● Proven technical ability: evidence that yo u have the skills we need. ● Ability to work cooperatively and collaboratively with others: there are times where you cannot do something alone and need help. ● If a solution can offer stability (financial or otherwise): it’s always best to have stability whet her it is financial, mental. etc.