Risk-Based Security Program Development
Fundamentally, information security protects information from unauthorized disclosure or modification while at the same time ensuring its accessibility to those who need it. We will assist you identify your important data and implement FISMA-compliant controls to protect it, while at the same time defining processes to support and measure their effectiveness. We can support information security policy development, risk assessments, and Certification & Accreditation activities.
Network Security Engineering
All information security programs require technology engineering, whether to deploy new technology or to evaluate existing implementations. Your program may benefit from having security engineering support independent of Operations and Maintenance staff. We have extensive experience with networked infrastructures in general and specifically can help support:
- Whole-Disk Encryption Deployment and Management
- Two-Factor Authentication
- Vulnerability Management
- Configuration Compliance and Auditing
- Network Risk Modeling and Change Control
Computer and Network Intrusions
Network intrusions can highlight breakdowns in security controls, user awareness, or policy enforcement; they may indicate a failure somewhere in the program. Having trained analysts with the proper technology and tested process in place before an intrusion occurs can make the difference between rapid detection and blissful ignorance. We focus as much attention on root cause analysis after an incident as we do on response and eradication. We can assist you with:
- Custom Network Monitoring
- Network Flow Analysis
- Incident Detection, Analysis, and Response
Computer Forensic Investigations
Proper digital evidence handling and analysis throughout an investigation requires training, experience, and documented processes and procedures. We have worked with U.S. attorneys, General Counsels, and federal law enforcement. With the amendments to the Federal Rules of Civil Procedure, Electronic Discovery is now a major requirement at federal agencies. We can provide support and consultation for all aspects of computer forensic investigations, including e-Discovery.