Project Management Methodology

Procurement management

Procurement Management

Purchasing Hardware Software Vendor Services Consulting Services

Outsourcing development Training Services Maintenance

Documents Contract Specification Statement Of Work

Procurement management processes

Processes Planning Conducting procurement Administering Closing

Procurement can be organized as a sub-project

Procurement management processes

Planning Initial market research Decide about what to buy Preliminary cost estimation Make short list of vendors (2 to 5 names)

Procurement management processes

Conducting procurement Request For Proposals (RFP) sent out to vendors

RFP must reflect critical requirements, both functional and non-functional. It must enable vendor evaluation, otherwise it will be useless

Respectively, evaluation criteria must be defined (do not send them to vendors)

Collect responses Responses review and evaluation Communicate to vendors Select a vendor

Generic RFP structure

RFP set of criteria should reflect: Management approach – 30% Technical approach – 30% Past performance – 20% Price – 20%

Weights are assigned in order to facilitate responses evaluation

Management approach and past performance groups of criteria most probably exist, when technical approach must be developed for each project specifically

Technical part of RFP

The following must be addressed Functional capabilities - Yellow Platform solution - Red Open architecture - Orange Security - Green Performance - Blue Scalability - Purple Usability (ease of use) - BrownT

Technical Part of RFP – Functional capabilities

Two-factor authentication

Team Yellow Snake

Questions to ask our Vendors

What authentication factors/forms does your product support?

What directory services does your product integrate with?

Where is your product currently deployed? Does your product support federated user

authentication? What federated user authentication protocols

does your product support?

Functional Capabilities

Do you offer 24/7 technical support? What Data and transport encryption

protocols does the product support?

Comments The questions are good and relevant, except of one re the product

deployment. This one is better to locate at the section that requests about the company experience

Team Red

Anti-virus RFPPlatform solution

Questions Current Solutions for:

Linux Server Windows Workstation

Licenses Type of licenses Number of computers per license

Effectiveness - % of malware protection Maintenance – updates and patches Support Interaction with other software?

Comments:First group is fine but Others are not relevant to The topic. Better choiceWould be to ask about Plans for the future

THE GREEN TEAMIPS

Adam, Liane, Paul, Matt

It’s not easy being green

SecurityQuestions to the vendor

Questions

1. Does your product allow for remote access/administration?

2. What are your terms when it comes to ownership of data (cloud)?

3. Do third parties conduct security assessments on your products?

Questions are good re Security. Not all areRelevant to IPS

Questions Cont’d

4. Does your product store data unencrypted?

5. Do you review security at each phase during the software development cycle?

6. What methodologies do you use for testing your products’ security?

Questions Cont’d

7. Do you delete data once requested by the customer?

8. Do you have a privacy policy, if so, what is it?

9. What are the vendors’ security certifications?

Questions Cont’d

10. What are your disaster recovery plans?

11. What are your risk mitigation strategies?

12. How are the end users alerted to new updates?

Questions Cont’d

13. What kind of authentication controls are built into the product?

14. How is your application team educated in current application security risks?

15. What is your process for notifying customers of security problems and the solutions?

TEAM BLUE: Web Traffic Filtering Project -

Performance

We would like to know….

1. What are the performing advantages in this system that we

should consider over any other similar system in the market?

2. How quickly this integrated system could run up at the

beginning of each working day? 

3. How many workstations could this system handle?

4. What is the possible down time in annual bases?

5. How many applications could simultaneously run before any

indication of system slow down?

Good questions

RFP SIEM

Scalability

Scalability● SIEM (Security information and event

management)● Logging and event management● Nodes refers to any software that creates

log files that are collected by the SIEM software.

Good questions

Scalability

●How many additional network nodes can be added?●Is there a delay in logging if the number of nodes exceed a certain amount?●How much additional storage capacity required per node?●Will adding more nodes cost more money? (license restrictions)●Is it open source?●Does the interface support WANs?●How in-depth can individual logs be accessed? (per computer, per software, ect.)

Firewall project RFPUsability

Team BrownMikeMax

KowriNahin

Questions

Does this product require more than average technical knowledge in order to operate?

Will there be any bottlenecking involved with the implementation of the 3 firewalls?

Will it be easy to control the access permissions and privileges for user data travelling through the firewalls?

How much throughput will the product be able to analyze before it starts dropping packets?

More Questions

Will there be any connectivity complications involved with the different vendor products and because of the more complex network structure?

Are we able to increase the number of SSL/VPN peer connections?

Good questions althoughIt is difficult to segregate Usability and performanceFor this sort of tools

Procurement management processes

Administering procurement Define procedures and have them described in the RFP.

Vendors must be aware about procedures The description must provide information about:

Due date of responses submission Document format Delivery channels Contact information

Procurement management processes

Closing procurement Having a vendor selected, focus on her performance

Make deeper investigation of technical capabilities. Sometimes people conduct a Proof Of Concept project in order to understand things better

Prepare a contract (legal document) Prepare technical specification and/or statement of work (SOW)

Technical specification is provided to buy products “off the shelf” SOW is provided to buy services, such as

Installation and configuration Training Development

SOW content

SOW describes the content, terms, and conditions of the purchased (outsourced) service delivery

This is some sort of initial project plan that shows the project milestones, critical human resources, and price