ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
TechnologySpecific Product SelectedOwned / Managed by Function?Using Another Function's Technology? (If Yes, Cite Function)Outsourced?Oursource Partner?Estimated Purchase PriceEstimated Annual Support and Maintenance PercentageEstimated Annual Support / Maintenance Annual IncreaseYear 1 Annual Maintenance CostYear 2 Annual Maintenance CostYear 3 Annual Maintenance Cost
2
Command Center
3
Telephone SystemOutsourcedYesYes$50,000.0030%5%$15,000.00$17,500.00$20,000.00NoYes
4
Servers to Convey System StateTwo servers with LAMPNo$5,000.0025%5%$1,250.00$1,500.00$1,750.00Command CenterNetwork Security MonitoringThreat IntelIncident ResponseForensicsSelf-Assessment
5
Encryption for CommunicationS/MIME certs using external CA$3,000.0020%10%$600.00$900.00$1,200.00
6
Ticket Tracking SystemCyberCPR$35,000.0035%5%$12,250.00$14,000.00$15,750.00
7
SIEMNoNetwork Security Monitoring$0.00$0.00$0.00
8
Availability MonitoringWhat's Up$5,000.0020%$1,000.00$1,000.00$1,000.00
9
Performance MonitoringWhat's Up$5,000.0025%$1,250.00$1,250.00$1,250.00
10
External Threat FeedsNoThreat Intel$0.00$0.00$0.00
11
Network Security Monitoring
12
SIEMSplunk$200,000.0030%5%$60,000.00$70,000.00$80,000.00
13
NIDSSecurity Onion$15,000.0020%5%$3,000.00$3,750.00$4,500.00Note: for hardware
14
NIPSn/a5%$0.00$0.00$0.00
15
HIDSWidows Event Logs$0.00$0.00$0.00
16
EPS$0.00$0.00$0.00
17
HIPSCarbonBlack$35,000.0020%5%$7,000.00$8,750.00$10,500.00
18
Host Event LogsWindows Event Logs25%$0.00$0.00$0.00
19
Network Infrastructure LogsSplunk (existing)5%$0.00$0.00$0.00
20
Application LogsSplunk (existing)30%$0.00$0.00$0.00
21
HoneypotsADHD10%$0.00$0.00$0.00
22
Wi-Fi IDS (WIDS)Kismet$3,000.000%5%$0.00$150.00$300.00Hardware
23
Wi-Fi Scanning YesSelf-Assessment$0.00$0.00$0.00
24
Malware Detonation DevicesCuckoo Sandbox$0.00$0.00$0.00
25
Full Packet Capture (PCAP)Security Onion$0.00$0.00$0.00
26
Test SystemsRepurposed hardware20%$0.00$0.00$0.00
27
Development Systems for NIDS, etc.Spare hardware25%$0.00$0.00$0.00
28
Log ArchiveSpare hardware / Postgresql$2,000.005%5%$100.00$200.00$300.00
Hard drives for expansion and backup
29
Threat Intelligence
30
SIEMYesNetwork Security Monitoring$0.00$0.00$0.00
31
LogsYesNetwork Security Monitoring$0.00$0.00$0.00
32
NIDSYesNetwork Security Monitoring$0.00$0.00$0.00
33
External Threat FeedsThreatConnect$20,000.0025%5%$5,000.00$6,000.00$7,000.00
34
Business Partner Info Exchange Platformad hoc$0.00$0.00$0.00
35
Indicator of Compromise CollectionInternal Hardware, custom code$8,000.0030%$2,400.00$2,400.00$2,400.00
36
Intelligence Development EnvironmentRepurposed hardware$0.00$0.00$0.00
37
Threat Intelligence Portalad hoc$0.00$0.00$0.00
38
Correlation / Mapping / Relationship DevelopmentMaltego$5,000.0035%5%$1,750.00$2,000.00$2,250.00
39
Incident Response
40
Network Collection of Memory GRR$5,000.0020%5%$1,000.00$1,250.00$1,500.00Hardware
41
Network Collection of Host File Systemn/a$0.00$0.00$0.00
42
Local Collection of MemoryThumb drives with winpmem$500.000%5%$0.00$25.00$50.00
43
Local Collection of HostSIFT Kit$0.00$0.00$0.00
44
Hardware write blockers (potentially enumerate all drive types)Tableau$1,500.0010%5%$150.00$225.00$300.00
45
Key Escrow for Full Disk Encryptionn/a$0.00$0.00$0.00
46
Mobile Device CollectionSantoku$1,000.00$0.00$0.00$0.00hardware
47
Examination WorkstationsRepurposed hardware$0.00$0.00$0.00
48
Forensic Software - Workstation/ ServerSIFT Kit$0.00$0.00$0.00
49
Forensic Software - MobileSIFT Kit$0.00$0.00$0.00
50
Forensic Software - CloudSIFT Kit$0.00$0.00$0.00
51
Dedicated Artifact StorageA bunch of disks$5,000.005%10%$250.00$750.00$1,250.00
52
Secure Roomleased space from internal business$0.00$0.00$0.00
53
Safe$500.00$0.00$0.00$0.00
54
Shredder$1,000.00$0.00$0.00$0.00
55
CrusherOutsourced, as neededYesIron Mountain$500.00$0.00$0.00$0.00
56
Forensics - Host Based
57
Network Collection of Memory YesIncident ResponseYes$0.00$0.00$0.00
58
Network Collection of Host File SystemYesIncident ResponseYesRetainer for all forensic analysis$100,000.0010%10%$10,000.00$20,000.00$30,000.00
59
Local Collection of MemoryYesIncident ResponseYes$0.00$0.00$0.00
60
Local Collection of HostYesIncident ResponseYes$0.00$0.00$0.00
61
Hardware write blockers (potentially enumerate all drive types)YesIncident ResponseYes$0.00$0.00$0.00
62
Key Escrow for Full Disk EncryptionYesIncident ResponseYes$0.00$0.00$0.00
63
Mobile Device CollectionYesIncident ResponseYes$0.00$0.00$0.00
64
Examination WorkstationsYesIncident ResponseYes$0.00$0.00$0.00
65
Forensic Software - Workstation/ ServerYesIncident ResponseYes$0.00$0.00$0.00
66
Forensic Software - MobileYesIncident ResponseYes$0.00$0.00$0.00
67
Forensic Software - CloudYesIncident ResponseYes$0.00$0.00$0.00
68
IOC Collection Servers / Information AccessYesIncident ResponseYes$0.00$0.00$0.00
69
Network IDSYesIncident ResponseYes$0.00$0.00$0.00
70
Log Access - real timeYesIncident ResponseYes$0.00$0.00$0.00
71
Log Access - archivalYesIncident ResponseYes$0.00$0.00$0.00
72
Host IDSYesIncident ResponseYes$0.00$0.00$0.00
73
Host Event LogsYesIncident ResponseYes$0.00$0.00$0.00
74
Forensics - Network Based
75
Examination WorkstationsAs above, retainer for all forensic analysis$0.00$0.00$0.00
76
Network Log Access$0.00$0.00$0.00
77
Full Packet Capture (PCAP)$0.00$0.00$0.00
78
Modeling / Testing$0.00$0.00$0.00
79
Storage and Retention Capability$0.00$0.00$0.00
80
Network IDS$0.00$0.00$0.00
81
Forensic Software - Cloud$0.00$0.00$0.00
82
IOC Collection Servers / Information Access$0.00$0.00$0.00
83
Log Access - real time$0.00$0.00$0.00
84
Log Access - archival$0.00$0.00$0.00
85
Forensics - Reverse Engineering
86
DisassemblersAs above, retainer for all forensic analysis$0.00$0.00$0.00
87
Debuggers$0.00$0.00$0.00
88
Sandboxes$0.00$0.00$0.00
89
Malware Detonation Devices$0.00$0.00$0.00
90
Modeling / Testing$0.00$0.00$0.00
91
Non-attributable network connections$0.00$0.00$0.00
92
Research Network$0.00$0.00$0.00
93
Honeypots$0.00$0.00$0.00
94
Forensics - eDiscovery
95
Network Agents for Host Based Collectionn/a$0.00$0.00$0.00
96
Backup Inventorytape library$0.00$0.00$0.00
97
Key Word Search / Selectionn/a$0.00$0.00$0.00
98
User Activity CollectionWindows Event LogsNoNetwork Security Monitoring$0.00$0.00$0.00
99
Host based information collection capability$0.00$0.00$0.00
100
Self-Assessment - Configuration Monitoring