|
Information security and assurance is an ever-present challenge for organizations. Risks can arise from complex and targeted threats, inadequate business processes, incomplete implementation of policies and regulations, technology mis-configurations, lack of testing, interconnectivity, employee misconduct, and unforeseen business interruptions. SecureIT responds to this escalating threat environment with an integrated, standards-based suite of services and solutions. We use a collaborative approach to devise your strategy through an examination of your agency’s requirements, enterprise architecture and existing security and privacy capabilities. We then work with your organization to address the gaps. We build security into your organization, processes and systems which results in reduced risk and more predictable project schedules. The outcome is an agile, scalable security program which provides clear actionable information and supports risk-based decisions and compliance.
Planning, Engineering and Assessment
- Organizational and common security control definition and implementation
- Categorization of information and systems to identify security impact level (FIPS PUB 199) or mission assurance category (DOD 8500)
- Security planning and development of effective system security plans (SSP) and System Security Authorization Agreements (SSAA)
- Interconnection analysis and development of agreements
- Risk assessment and management
- Contingency planning and testing
- Privacy Impact Assessments
- Security testing and evaluation (ST&E) per NIST SP 800-53A and DOD 8500
- Certification and Accreditation (C&A) in accordance with NIST, DIACAP, CNSS and agency-specific policy
Implementation, Integration & Management
- Asset and inventory management
- Vulnerability management
- Configuration and change management
- Security information, audit and event management
- System security support such as information systems security officer (ISSO) and information assurance security officer (IASO)
Our team of security analysts, engineers, and consultants provide security and privacy expertise throughout the system planning, development, implementation and operation lifecycles. SecureIT personnel are knowledgeable and practiced in Federal civilian government and Defense security and privacy policy, standards, requirements and best practices. We have an acute understanding of the following standards/regulations, and our professionals are experts at ensuring compliance with them
- Federal Information Security Management Act (FISMA)
- Office of Budget and Management (OMB) Circulars and Memos
- National Institutes of Standards and Technology (NIST) Special Publications
- Department of Defense 8500 series of Information Assurance Directives
- Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Instruction
- Privacy Act
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- NIST Security Content Automation Program (SCAP)
- Security Technical Implementation Guides (STIG)
Our personnel are certified information security professionals with experience in all aspects of the information assurance spectrum. We use repeatable and trusted IA processes for identifying and managing requirements, devising security controls, assessing for effectiveness and preparing information necessary for approval and audit. Members of our team are active in industry information assurance and information security associations, including ISSA and ISACA. This involvement keeps us abreast of the latest threats, and active in the formulation of new strategies to contain and control them. We deliver innovative and pragmatic technology solutions to improve risk management and to increase efficiencies in information assurance processes.
|