A B C D E
DIR Managed IT Security Services
A. External controlled penetration testing Pricing Criteria
i. Scanning Pricing Criteria Small Customer Medium Customer Large Customer
Defined Internet facing infrastructure devices, servers, and underlying software will be assessed for potentially exploitable vulnerabilities. Each IP address in the provided subnets will be thoroughly scanned for listening services. Listening services will be tested for known vulnerabilities and each discovered vulnerability will be verified and tested for exploitability. Exploits not known to cause system instability will be executed and the details of the security compromise will be documented. The result of the external penetration assessment will be a greater awareness of potential points of security breach, the extent of, and detailed remediation recommendations. External Scanning / Vulnerability Discovery will include the following: • Network Surveying Customer Discount 21% 21% 21%
ii. Penetration testing Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
Defined Internet facing infrastructure devices, servers, and underlying software will be assessed for potentially exploitable vulnerabilities. Each IP address in the provided subnets will be thoroughly scanned for listening services. Listening services will be tested for known vulnerabilities and each discovered vulnerability will be verified and tested for exploitability. Exploits not known to cause system instability will be executed and the details of the security compromise will be documented. The result of the external penetration assessment will be a greater awareness of potential points of security breach, the extent of, and detailed remediation recommendations.

External Penetration Assessment will include the following:
• Network Surveying
o Port Scanning
o System Identification
o Services Identification
o Vulnerability Research, Testing and Verification
o Penetration Testing
• Basic Web Application Testing
• Infrastructure Device Testing
• Security Device Testing
o Firewalls
o Intrusion Detection Systems
o VPN
Discount % off MSRP 23% 23% 23%
DIR Admin Fee 2% 2% 2%
Customer Discount 21% 21% 21%
iii. WAR Dialing Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Priced per block of numbers) Phone / Modem / Fax Dial-Up Enumeration and Vulnerability Testing within identified numbers an extensions. Long distance and international numbers will be priced at additional costs if toll exclusion options are not provided by the customer. Includes findings documentation.
Discount % off MSRP 23% 23% 23%
DIR Admin Fee 2% 2% 2%
Customer Discount 21% 21% 21%
iv. WAR Driving Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Price per building ) Wireless Network Enumeration and Vulnerability Testing includes wireless access point detection, identification, security configuration review and findings documentation. Wireless networking infrastructure will be assessed for the application of secure design practices and tested for the existence of rogue or miss-configured access devices.

• Vulnerability testing for each discovered access device
• Wireless infrastructure design analysis
• Documentation of discovered rogue devices and vulnerabilities

Discount % off MSRP 23% 23% 23%
DIR Admin Fee 2% 2% 2%
Customer Discount 21% 21% 21%
v. Social Engineering Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Priced per building) Physical data access testing performed by attempting general building, floor, network, and system access in order to review potential shortcomings of current security policies and processes. Findings and recommendations will be formally documented and delivered in presentation format. Discount % off MSRP 23% 23% 23%
DIR Admin Fee 2% 2% 2%
Customer Discount 21% 21% 21%
vi. Applications Assessment Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Priced per application) Web based application testing to identify application, operating systems, or configuration vulnerabilities. Findings and recommendations will be formally documented with prioritization and remediation effort estimates. Discount % off MSRP 23% 23% 23%
DIR Admin Fee 2% 2% 2%
Customer Discount 21% 21% 21%
B. Security Monitoring and Management Services
xii. Antivirus, email and anti-spam Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is cost per user for one year contract) *Multi-year contracts available at reduced rates. Websense offers Hosted Email Security managed services that are complete AV and spam prevention for the end-user. This service assumes you already have your mail services established and that they are routable through the Websense Managed Services portal. All mail must pass through this portal in order to be scanned. SLA terms and conditions apply. More detailed service information can be found at: http://www.websense.com/global/en/ProductsServices/HostedEmailSecurity/ Discount % off MSRP 18% 18% 18%
DIR Admin Fee 2% 2% 2%
Customer Discount 16% 16% 16%
IT Security Services Pricing
A. Security Governance and Advisory Services
1. HIPAA Planning and Implementation Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Provide a review of existing security environment and provide feedback on how effectively it aligns with HIPPA regulations. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
2. Texas Administrative Code, Chapter 202 Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Provide a review of existing security environment and provide feedback on how effectively it aligns with Texas Administrate Code, Title 1, Part 10, Chapter 202. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
3. Texas Government Code, Chapter 2059 Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Provide a review of existing security environment and provide feedback on how effectively it aligns with Government Code Section 2059. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
B. Network infrastructure discovery, mapping and inventory services
i. Connection and configuration Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed in per device) Discovery and documentation of network devices, device configurations, and routing detail. Devices must be configured with a SNMP community string Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
ii. Scanning Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed in per device) Perform a network discovery scan for each location that will discover routers, switches, printers, computers, firewalls, and any other networking devices that have a TCP/IP address. Information will then be documented in a spreadsheet format. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
iii. Topology mapping Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed in per device) Review of the existing networking equipment, such as switches and routers, to determine networking topology. Routing details will be noted and communicated in a graphic document. Devices must be configured with a SNMP community string Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
iv. Network utilization and change detection Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed in per device) Perform a review of the existing network, LAN, segment(s) of the environment and measure TCP/IP network utilization between discovered segments. Information will be collected during various periods of time. Report will provide average and high utilization between components in the environment. Devices must be configured with a SNMP community string Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
v. Network forensics and hot fix detection Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Problem discovery, analysis, and resolution. Details varies based on issue and complexity.
• Review issue with customer
• Develop Scope of work document to align with needs
• Perform necessary activities
• Deliver information required
Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
C. Infrastructure Services
i. Firewall and VPN policy and architecture review Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Price indicated is per Firewall or Firewall Cluster) Firewall Configuration and Policy Health Check -
• Review of the existing security policy and any necessary
or proposed modifications
• Review VPN rules and configuration
• Develop consolidated security policy and objects database		 Discount % off MSRP 25% 25% 25%
DIR Admin Fee 2% 2% 2%
Customer Discount 23% 23% 23%
ii. ISB/IPS policy and architecture review Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Price indicated is per IPS or IDS device) IPS Configuration and Policy Health Check -
• Review of the existing security policies and any necessary
or proposed modifications
• Review rules and configuration
• Develop consolidated security policy and objects database		 Discount % off MSRP 25% 25% 25%
DIR Admin Fee 2% 2% 2%
Customer Discount 23% 23% 23%
iii. Access control/identity management review/integration services Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Assist customer to define project criteria and specific requirements and needs from Access Control/Identity Management systems, review solutions or tools that are available, pilot group testing, and integration into customer environment. Complete with project documentation deliverable and knowldge transfer. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
iv. Network architecture review Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is per network reviewed) Review and analyze current network design documentation, diagrams and network topology. Discuss challenges and future growth requirements with customer to provide custom deliverable with specific reccomendations for network architecture changes, upgrades, refreshes and/or validation of current network state and growth plans. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
v. Host hardening and secure build development Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Review Host OS and services, assist customer to define project criteria and access requirements, review solutions or tools that are available, pilot group testing, and integration into customer environment. Complete with project documentation deliverable and knowldge transfer. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
vi. Disaster Recovery plan review, development and telecommunications redundancy Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) DR planning, outage acceptance review, system prioritization and classification, technical review, documentation, and recommendations.
• Review requirements with customer
• Develop Scope of Work to align with requirements
• Perform meetings with key business and IT individuals
• Develop classifications
• Develop modifications to accommodate requirements
• Develop documentation 		Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
vii. High availability architecture review and development Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Systems level HA review, assist customer to define project criteria and requirements, technical reccomendataions for solutions or tools needed, pilot group testing, and techncal integration into customer environment. Complete with project documentation deliverable and knowldge transfer. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
D. Risk and Vulnerability Assessment Services
i. Perimeter vulnerability scans Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
Defined Internet facing infrastructure devices, servers, and underlying software will be assessed for potentially exploitable vulnerabilities. Each IP address in the provided subnets will be thoroughly scanned for listening services. Listening services will be tested for known vulnerabilities and each discovered vulnerability will be verified and tested for exploitability. Exploits not known to cause system instability will be executed and the details of the security compromise will be documented. The result of the external penetration assessment will be a greater awareness of potential points of security breach, the extent of, and detailed remediation recommendations.

External Scanning / Vulnerability Discovery will include the following:
• Network Surveying
o Port Scanning
o System Identification
o Services Identification
o Vulnerability Research, Testing and Verification

Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
ii. Perimeter penetration scans Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
Defined Internet facing infrastructure devices, servers, and underlying software will be assessed for potentially exploitable vulnerabilities. Each IP address in the provided subnets will be thoroughly scanned for listening services. Listening services will be tested for known vulnerabilities and each discovered vulnerability will be verified and tested for exploitability. Exploits not known to cause system instability will be executed and the details of the security compromise will be documented. The result of the external penetration assessment will be a greater awareness of potential points of security breach, the extent of, and detailed remediation recommendations.

External Penetration Assessment will include the following:
• Network Surveying
o Port Scanning
o System Identification
o Services Identification
o Vulnerability Research, Testing and Verification
o Penetration Testing
• Basic Web Application Testing
• Infrastructure Device Testing
• Security Device Testing
o Firewalls
o Intrusion Detection Systems
o VPN
Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
iii. Internal network vulnerability assessments Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
In addition to the identified primary assets, all internal network infrastructure, servers, workstations, IP-based devices, and underlying software will be assessed for known vulnerabilities and high risk services. Each discovered service will be tested for vulnerabilities, patch and version level. The result of the internal systems assessment will be a greater awareness of risk to primary assets and internal systems, a comprehensive list of discovered vulnerabilities, and detailed remediation recommendations.

Internal Systems Assessment will include the following:

• Primary Asset Classification
• Network Surveying
• Infrastructure Device and Servers Testing
o Port Scanning
o System Identification
o Services Identification
o Vulnerability Research, Testing and Verification

Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
iv. Network risk assessments Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Priced per reviewed network segment) Device Enumeration, Vulnerability Scanning, and Findings and Remediation Documentation. • Primary Asset Classification
• Network Surveying
• Infrastructure Device and Servers Testing
o Port Scanning
o System Identification
o Services Identification
o Vulnerability Research, Testing and Verification		 Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
v. Host vulnerability assessments Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
Single Host Vulnerability Scanning, Findings and Remediation Documentation • Asset Classification
• Network-level Analysis
o Port Scanning
o Services Identification
o Primary Systems Password Strength Review
o Vulnerability Research, Testing and Verification		 Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
vi. Host risk assessments Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
Single Host Risk Analysis and Classification • Asset Classification
• Network-level Analysis
o Port Scanning
o Services Identification
o Primary Systems Password Strength Review
o Vulnerability Research, Testing and Verificatio		 Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
xii. Data security assessment Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Data Classification, Access Documentation, and Controls Recommendations. Review of technical requirements, project design specifics, the development of a project plan (depending on the project complexity and length), technical deployment, and knowledge transfer. Based on project complexity and length, project scoping, project management, and documentation will be performed. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
E. Implementation Services
i. Security product deployment & configuration services Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Review of technical requirements, project design specifics, the development of a project plan (depending on the project complexity and length), technical deployment, and knowledge transfer. Based on project complexity and length, project scoping, project management, and documentation will be performed.

Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
ii. Firewall/VPN deployment and configuration services Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Review of technical requirements, project design specifics, the development of a project plan (depending on the project complexity and length), technical deployment, and knowledge transfer. Based on project complexity and length, project scoping, project management, and documentation will be performed.

Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
iii. NIDS/NIPS deployment and configuration services Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Review of technical requirements, project design specifics, the development of a project plan (depending on the project complexity and length), technical deployment, and knowledge transfer. Based on project complexity and length, project scoping, project management, and documentation will be performed.

Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
iv. HIDS/HIPS deployment and configuration services Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Review of technical requirements, project design specifics, the development of a project plan (depending on the project complexity and length), technical deployment, and knowledge transfer. Based on project complexity and length, project scoping, project management, and documentation will be performed.

Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
v. PKI and access control design and implementation services Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Review of technical requirements, project design specifics, the development of a project plan (depending on the project complexity and length), technical deployment, and knowledge transfer. Based on project complexity and length, project scoping, project management, and documentation will be performed.

Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
F. Incident Response Services
i. Virus outbreak assistance Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Adhoc outbreak remediation and incident handing relating to viruses, Trojans, and malicious code control. This may include source identification, implementation of technical tools, network configuration changes, and infection cleanup. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
ii. Ciber attack response assistance Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Adhoc outbreak remediation and incident handing relating to viruses, Trojans, and malicious code control. This may include source identification, implementation of technical tools, network configuration changes, and infection cleanup and systems compromise support. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
iii. Forensic services Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Provide Forensic services to review exchange email message communications, deleted data on desktop or laptop computer, and provide forensic image of desktop or laptop hard drive. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
iv. Remediation services Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Adhoc Remediation Services from any network or system failure, corruption, virus, worm, malicious code, etc. Assist customer to restore or retrieve data, systems to pre-failure state. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
G. Security Support, Intelligence and Alerting Services
i. Firewall support services Pricing Criteria Small Customer (see criteria below) Medium Customer (see criteria below) Large Customer (see criteria below)
(Pricing listed is hourly rate) Provide on-site or phone-based firewall support services as needed. Discount % off MSRP 20% 20% 20%
DIR Admin Fee 2% 2% 2%
Customer Discount 18% 18% 18%
DIR uses the following criteria to define small, medium, and large state Customers:
Item Small Medium Large
Publicly addressable IP Addresses 1 Class “C” Network (256 or less) 2-255 Class “C” Networks (512 to 65,280) 1 Class “B” Network (65,536 plus)
FTE s (Full Time Employees) 1-99 100-999 1000 plus
Servers 1-5 6-200 201 plus
Work Stations 1-99 100-999 1000 plus
Mobile Devices 1-99 100-999 1000 plus
IT FTE 1-5 6-20 21 plus
Buildings/Sites 1 2-3 4 plus
Location/s 1 2-3 4 plus