pdf

Carnegie Mellon University - RFP Ex - Outsourcing Managed Security Services.pdf
Carnegie Mellon University Rfp Ex Outsourcing Managed Security Services

Resource covering Economics titled 'Carnegie Mellon University Rfp Ex Outsourcing Managed Security Services'.

This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
  • Q: What is the main purpose of this Carnegie Mellon report?
    A: To provide guidance and a template for organizations creating a Request for Proposal (RFP) for Managed Security Services (MSS).
  • Q: What distinction does the report make between 'Management' and 'Monitoring'?
    A: Management involves configuration and maintenance of devices; Monitoring involves analyzing alerts and logs for threats.
  • Q: What is a critical 'Exit Strategy' consideration mentioned?
    A: Ensuring the contract defines how data (logs, configurations) will be returned to the client upon termination.
  • Q: What financial metric should be requested in an RFP to assess vendor stability?
    A: Audited financial statements for the past 3 years.
  • Q: What is the 'SLA' warning regarding 'Time to Notify'?
    A: That 'Time to Notify' is useless if it starts only after the vendor 'validates' the alert; the clock should start at detection.
  • Q: Why does the report suggest asking about 'Analyst Turnover'?
    A: High turnover rates at an MSSP can indicate poor working conditions and a lack of experienced staff handling your data.
  • Q: What is the 'Co-Management' model described?
    A: A hybrid approach where the client retains some administrative rights to the security devices managed by the MSSP.
  • Q: What specific question should be asked regarding 'Portal Access'?
    A: Whether the client has real-time, read-write, or read-only access to the same console the MSSP analysts use.
  • Q: How does the report address 'Customization'?
    A: It warns that excessive customization can lead to higher costs and support challenges; standard services are cheaper but less flexible.
  • Q: What is the 'Vendor Neutrality' criterion?
    A: Whether the MSSP requires you to buy specific hardware vendors or can support a heterogeneous environment.

Ask a question

Have a doubt or need clarification?



I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.

Thank you!

I have received your message and I shall get back to you shortly.