Database Security Assessment
You are a contracting officer’s technical representative, a Security System Engineer, at a military hospital. Your department’s leaders are adopting a new medical health care database management system. And they’ve tasked you to create a request for proposal for which different vendors will compete to build and provide to the hospital.
A Request For Proposal, or RFP, is when an organization sends out a request for estimates on performing a function, delivering a technology, or providing a service or augmenting staff. RFPs are tailored to each endeavor but have common components and are important in the world of IT contracting and for procurement and acquisitions. To complete the RFP, you must determine the technical and security specifications for the system.
You’ll write the requirements for the overall system and also provide evaluation standards that will be used in rating the vendor’s performance. Your learning will help you determine your system’s requirements. As you discover methods of attack, you’ll write prevention and remediation requirements for the vendor to perform. You must identify the different vulnerabilities the database should be hardened against.
An RFP, about 10 to 12 pages, in the form of a double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. There is no penalty for using additional pages. Include a minimum of six references. Include a reference list with the report.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
1.8: Create clear oral messages.
2.1: Identify and clearly explain the issue, question, problem under consideration.
2.2: Locate and access sufficient information to investigate the issue or problem.
2.3: Evaluate the information in logical manner to determine value and relevance.
2.4: Consider and analyze information in context to the issue or problem.
2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria.
4.2: Plan and execute a project, articulating clear objectives and goals for the team.
9.4: Manages and supports the acquisition life cycle and cybersecurity products used in the organization’s design, development, and maintenance of its infrastructure to minimize potential risks and vulnerabilities.