Posted Date : September 12,2019
Product (RFP/RFQ/RFI/Solicitation/Tender/Bid Etc.) ID : CSE-6181
Government authority located in Ohio; USA based organization looking for expert vendor for penetration and vulnerability testing services and security auditing services.
[A] Budget: Looking for Proposals
[B] Scope of Service:
Vendor needs to provide penetration and vulnerability testing services and security auditing services to the government authority located in Ohio.
• Electronic pen testing of the following systems:
- VPN connectivity (unauthorized access into data or connectivity through VPN – this must include both our SSL and IPSEC VPN connections)
- 802.11 technologies (Unauthorized access into the Wi-Fi network) Both prod and guest.
- Attempt to install rogue access point with our SSID and get our clients to associate to it
- ISE (Unauthorized equipment placed on BWC’s network)
- Current Production Ohio BWC website addresses
- Performance Test ODX website addresses
- Production ODX Website addresses
- WAN Links (unauthorized access to links & data)
- Externally-facing SharePoint
- Web Chat
- Externally-facing Web Services
- FTP Site
• Social engineering:
- Ability to get an employee to click on a link in a phishing email sent to them.
- If the employee clicks, ability to talk outbound to a command and control server.
- If the employee clicks, ability to gain unauthorized access to accounts via the social engineering exercise.
- Attempted skimmer installs on our P2PE Bluefin payment terminals
- Drop External media (USB) with malicious content
- Vishing calls to employees
• Simulated Phishing Attack on Endpoint Computer:
- Ability of malware to run on the machine
- If the malware can run, then ability of the malware to encrypt a file
- If malware can run, then ability of the malware to find a sensitive file containing a Social Security - Number on our network drives
- If malware can run, then ability of the malware to reach other endpoints or servers
- All security testing efforts are to be done in a non-destructive manner with minimal impact to our customers and never should any confidential information be compromised or shared with another party
[C] Eligibility:
Onshore (USA Only)
[D] Work Performance:
Performance of the work will be Offsite. Vendor needs to carry work in their office location.
Budget :
Deadline to Submit Proposals: September 23,2019
Cost to Download This RFP/RFQ/RFI/Solicitation/Tender/Bid Document : 5 US$
![]()
Product (RFP/RFQ/RFI/Solicitation/Tender/Bid Etc.) ID : CSE-6181
Government authority located in Ohio; USA based organization looking for expert vendor for penetration and vulnerability testing services and security auditing services.
[A] Budget: Looking for Proposals
[B] Scope of Service:
Vendor needs to provide penetration and vulnerability testing services and security auditing services to the government authority located in Ohio.
• Electronic pen testing of the following systems:
- VPN connectivity (unauthorized access into data or connectivity through VPN – this must include both our SSL and IPSEC VPN connections)
- 802.11 technologies (Unauthorized access into the Wi-Fi network) Both prod and guest.
- Attempt to install rogue access point with our SSID and get our clients to associate to it
- ISE (Unauthorized equipment placed on BWC’s network)
- Current Production Ohio BWC website addresses
- Performance Test ODX website addresses
- Production ODX Website addresses
- WAN Links (unauthorized access to links & data)
- Externally-facing SharePoint
- Web Chat
- Externally-facing Web Services
- FTP Site
• Social engineering:
- Ability to get an employee to click on a link in a phishing email sent to them.
- If the employee clicks, ability to talk outbound to a command and control server.
- If the employee clicks, ability to gain unauthorized access to accounts via the social engineering exercise.
- Attempted skimmer installs on our P2PE Bluefin payment terminals
- Drop External media (USB) with malicious content
- Vishing calls to employees
• Simulated Phishing Attack on Endpoint Computer:
- Ability of malware to run on the machine
- If the malware can run, then ability of the malware to encrypt a file
- If malware can run, then ability of the malware to find a sensitive file containing a Social Security - Number on our network drives
- If malware can run, then ability of the malware to reach other endpoints or servers
- All security testing efforts are to be done in a non-destructive manner with minimal impact to our customers and never should any confidential information be compromised or shared with another party
[C] Eligibility:
Onshore (USA Only)
[D] Work Performance:
Performance of the work will be Offsite. Vendor needs to carry work in their office location.
Budget :
Deadline to Submit Proposals: September 23,2019
Cost to Download This RFP/RFQ/RFI/Solicitation/Tender/Bid Document : 5 US$