Critical Path

advertisement
Project Management
Methodology
Procurement management
Procurement Management

Purchasing




Hardware
Software
Vendor Services
Consulting Services




Outsourcing development
Training Services
Maintenance
Documents



Contract
Specification
Statement Of Work
Procurement management processes

Processes





Planning
Conducting procurement
Administering
Closing
Procurement can be organized as a subproject
Procurement management processes

Planning
Initial market research
 Decide about what to buy
 Preliminary cost estimation
 Make short list of vendors (2 to 5 names)

Procurement management processes

Conducting procurement





Request For Proposals (RFP) sent out to vendors
 RFP must reflect critical requirements, both functional and
non-functional. It must enable vendor evaluation, otherwise it
will be useless
 Respectively, evaluation criteria must be defined (do not
send them to vendors)
Collect responses
Responses review and evaluation
Communicate to vendors
Select a vendor
Generic RFP structure



RFP set of criteria should reflect:
 Management approach – 30%
 Technical approach – 30%
 Past performance – 20%
 Price – 20%
Weights are assigned in order to facilitate responses
evaluation
Management approach and past performance groups of
criteria most probably exist, when technical approach
must be developed for each project specifically
Technical part of RFP

The following must be addressed







Functional capabilities - Yellow
Platform solution - Red
Open architecture - Orange
Security - Green
Performance - Blue
Scalability - Purple
Usability (ease of use) - TBrown
Technical Part of RFP –
Functional capabilities
Two-factor authentication
Team Yellow Snake
Questions to ask our Vendors





What authentication factors/forms does your
product support?
What directory services does your product
integrate with?
Where is your product currently deployed?
Does your product support federated user
authentication?
What federated user authentication protocols
does your product support?
Functional Capabilities




Do you offer 24/7 technical support?
What Data and transport encryption
protocols does the product support?
Comments
The questions are good and relevant, except of one re the product
deployment. This one is better to locate at the section that requests
about the company experience
Anti-virus RFP
Platform solution
Team Red
Questions

Current Solutions for:



Licenses






Linux Server
Windows Workstation
Comments:
First group is fine but
Others are not relevant to
The topic. Better choice
Would be to ask about
Plans for the future
Type of licenses
Number of computers per license
Effectiveness - % of malware protection
Maintenance – updates and patches
Support
Interaction with other software?
THE GREEN TEAM
IPS
Security
Adam, Liane, Paul, Matt
Questions to the
vendor
It’s not easy being
Questions
Questions are good re
Security. Not all are
Relevant to IPS

1. Does your product allow for remote
access/administration?

2. What are your terms when it comes to
ownership of data (cloud)?

3. Do third parties conduct security
assessments on your products?
Questions Cont’d

4. Does your product store data
unencrypted?

5. Do you review security at each phase
during the software development cycle?

6. What methodologies do you use for
testing your products’ security?
Questions Cont’d

7. Do you delete data once requested by
the customer?

8. Do you have a privacy policy, if so, what
is it?

9. What are the vendors’ security
certifications?
Questions Cont’d

10. What are your disaster recovery
plans?

11. What are your risk mitigation
strategies?

12. How are the end users alerted to new
updates?
Questions Cont’d

13. What kind of authentication controls are
built into the product?

14. How is your application team educated in
current application security risks?

15. What is your process for notifying
customers of security problems and the
solutions?
TEAM BLUE:
Web Traffic Filtering Project -
Performance
We would like to know….
1.
What are the performing advantages in this system that we
should consider over any other similar system in the market?
2.
How quickly this integrated system could run up at the
beginning of each working day?
3.
How many workstations could this system handle?
4.
What is the possible down time in annual bases?
5.
How many applications could simultaneously run before any
indication of system slow down?
Good
questions
RFP SIEM
Scalability
Scalability
●
●
●
Good questions
SIEM (Security information and event
management)
Logging and event management
Nodes refers to any software that creates
log files that are collected by the SIEM
software.
How many additional network nodes can be
added?
Scalability
●Is there a delay in logging if the number of
nodes exceed a certain amount?
●How much additional storage capacity
required per node?
●Will adding more nodes cost more money?
(license restrictions)
●Is it open source?
●Does the interface support WANs?
●How in-depth can individual logs be
accessed? (per computer, per software,
●
Firewall project RFP
Usability
Team Brown
Mike
Max
Kowri
Nahin
Questions




Does this product require more than average
technical knowledge in order to operate?
Will there be any bottlenecking involved with
the implementation of the 3 firewalls?
Will it be easy to control the access
permissions and privileges for user data
travelling through the firewalls?
How much throughput will the product be
able to analyze before it starts dropping
packets?
More Questions


Good questions although
It is difficult to segregate
Usability and performance
For this sort of tools
Will there be any connectivity
complications involved with the different
vendor products and because of the more
complex network structure?
Are we able to increase the number of
SSL/VPN peer connections?
Procurement management processes

Administering procurement


Define procedures and have them described in the RFP.
Vendors must be aware about procedures
The description must provide information about:




Due date of responses submission
Document format
Delivery channels
Contact information
Procurement management processes

Closing procurement

Having a vendor selected, focus on her performance





Make deeper investigation of technical capabilities. Sometimes people
conduct a Proof Of Concept project in order to understand things better
Prepare a contract (legal document)
Prepare technical specification and/or statement of work (SOW)
Technical specification is provided to buy products “off the shelf”
SOW is provided to buy services, such as



Installation and configuration
Training
Development
SOW content


SOW describes the content, terms, and
conditions of the purchased (outsourced)
service delivery
This is some sort of initial project plan that
shows the project milestones, critical
human resources, and price
Download