Laserfiche WebLink
Proposal to Provide <br />CJIS Gap Assessment City of South Bend <br />Project Approach <br />Crowe anticipates each project will consist of three phases. <br />/ //%ORMYi r r // ii i <br />%� /�OG �i/ <br />R <br />0 <br />c. <br />d <br />V <br />All key planning activities may <br />include internal stakeholders or <br />(if applicable) third parties. <br />• Confirm scope and approach <br />for the engagement <br />• Define Communications Plan <br />• Identify Key Stakeholders <br />• Finalize project timeline, target <br />dates, and execution strategy <br />• Discuss testing approach, <br />sampling method, and <br />determine sample <br />• Develop and delivery <br />requested items <br />• Finalize a Project Plan <br />• Conduct Kick-off Meeting <br />• Plan logistics for fieldwork <br />• Finalize format for final <br />deliverables <br />• Requested Items <br />• Initial Interview Schedule <br />• 3 weeks (includes time to <br />respond to requested item) <br />• 4 hours: Client will need to <br />spend approximately 4 total <br />hours for kick-off meeting and <br />to gather requested materials. <br />All key fieldwork activities may <br />include internal stakeholders or <br />(if applicable) third parties. <br />• Review requested items <br />• Conduct interviews with Key <br />Stakeholders in order to <br />assess the design of the <br />control environment <br />• Document design control gaps <br />• Coordinate with Key <br />Stakeholders to conduct testing <br />• Conduct testing to evaluate <br />control effectiveness (see <br />potential testing approaches <br />below) <br />• Assess results of control <br />testing and document gaps <br />• Evaluate gaps against CJIS <br />requirements <br />• Completed work programs <br />• Scan results from automated <br />testing <br />• 2 - 3 weeks <br />• 4 — 6 hours per week: Key <br />stakeholders will need to <br />commit approximately 4 - 6 <br />hours a week to participate in <br />interviews and so support <br />testing procedures. <br />10 <br />• Create Exit Document <br />• Conduct Exit Meeting with Key <br />Stakeholders <br />• Create and deliver technical <br />document summarizing the <br />engagement results in a <br />spreadsheet (if applicable) <br />• Document the Security <br />Assessment Report with Gap <br />Analysis, including: <br />• Executive Summary <br />• Dashboard of CJIS <br />Compliance <br />• Discussion of the Procedures <br />Performed <br />• Prioritized List of Gaps <br />• Remediation Plan of Action <br />with Milestones <br />• Exit Meeting Document <br />• Technical Document, <br />spreadsheet summarizing any <br />technical results of the <br />engagement <br />• Security Assessment Report, <br />including Remediation Plan of <br />Action <br />• 3 weeks <br />• 2 — 4 hours: Client will spend 2 <br />— 4 hours participating in exit <br />meetings, reviewing <br />deliverables, and responding (if <br />necessary) to the report. <br />Providing a comprehensive solution is critical to the success of this project. Providing a combination of <br />testing approaches will provide maximum value to validate the effectiveness of the control environment. <br />The specific procedures to be performed will be determined during scoping and the initial interviews with <br />Key Stakeholders. <br />Some of the test procedures that could be included as part of the testing are: <br />0 Penetration Testing. Testing designed to mimic an attacker in an attempt to validate information <br />