information assurance & network security
The Information Assurance Division provides our customers with the ability to utilize one team to address all of their organization’s security needs. Our team can compile a comprehensive outline of the customers’ current security architecture, provide a cohesive plan that identifies the areas containing weaknesses as well as the changes that would eliminate these weaknesses and then finally, work with the customer to implement these changes to keep the customers secure, compliant, and prepared to maintain the security posture of their information systems and networks.
General IA Description
The Information Assurance Division within ESS is comprised of highly-skilled and certified IA Professionals with vast experience in all aspects of information security to include policy development, network security architecture and design, vulnerability assessments and systems certification and accreditation following all Department of Defense (DoD), Intelligence Community (IC), Federal Government regulations as well as industry best practices.
Services
These days every enterprise has an indisputable reliance on computers and the networks to which they are connected. The manipulation and storage of computerized financial information, inventory data, personnel records, medical information, shipping schedules, email communications, contracts and intellectual property are but a few examples of the myriad ways we use these digital helpers. We also know that the ever present human factor can render your computer data completely worthless to you in the blink of an eye.
The ESS Information Assurance Team can provide comprehensive, turnkey system security solutions to meet all of our customers’ information security needs in conjunction with:
- Clinger-Cohen Act of 1996
- Federal Information Security Management Act of 2002 (FISMA)
- Sarbanes-Oxley Act of 2002
- Privacy Act of 1974
- OMB M-06-15, Safeguarding Personally Identifiable Information
- Industry Best Practices
- Other applicable government regulations
The vast level of experience within the ESS corps of IA personnel can identify weaknesses and develop comprehensive plans to include, but not limited to, the following areas:
Security Reviews and Audits
An in-depth review will be conducted of all aspect of the organization to identify the threats, vulnerabilities and risks to both the tangible and intangible assets of the organization and provide a detailed plan of how to mitigate them
Certification and Accreditation
Experience with the entire certification and accreditation process in compliance with standards to include DITSCAP, DIACAP, NIACAP, FISMA, DCID 6/3, NIST 800 guidance; from kick off to ATO/IATO
Security Risk Management
Understand your security posture in the context of risk to your organization, with the ability to prioritize response.
Intrusion Detection and Intrusion Protection Systems
Engineer solution sets which can thwart malicious attacks before they hit the network and offer proactive protection from an Intrusion Detection solution that fits your enterprise and your budget.
Enforced Policies & Procedures
Third-party embossed and audited security provides both the presence of mind and confidence needed to ensure your data is protected and your policies are executed.
Network Security Architecture and Design
Capable of integrating your security plan into your enterprise as you design the infrastructure. Create a scalable network-based detection, notification, and mitigation services capability.
Vulnerability Assessments
Assess system risks and prioritize their criticality based on accurate and timely threat analysis. Federated utilizes a proven and industry accepted Information Assurance Methodology that ensures comprehensive Critical Infrastructure Protection.
Privacy Impact Assessments
PIA, as required by the E-Government Act, is an assessment of actual or potential impacts which a system may have on privacy to ensure the organization has adequate safeguards in place to protect Personally Identifiable Information (PII).
Disaster Recovery & Continuity Planning
These days, the list of potentially business-disrupting events seems almost endless: viruses, power blackouts, natural disasters and even terrorist events. Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events
Incident Monitoring and Reporting
Incidents can be accidental incursions or deliberate attempts to break into systems and can be benign to malicious in purpose or consequence. Regardless, each incident requires careful response at a level commensurate with its potential impact to the security of individuals and the organization as a whole.
Security Event Auditing and Analysis
Auditing the security event logs for an organization can provide details about both outsider attacks as well as the abuse of rights by an insider. Proper auditing and analysis of these logs can help identify activities within the network to provide an in-depth understanding of the level of security
Security Awareness
The “people factor” - not technology - is key to providing an adequate and appropriate level of security, however people are also one of the weakest links in attempts to secure systems and networks. Providing a robust and enterprise wide awareness and training program is paramount to ensuring that people understand their IT security responsibilities, organizational policies, and how to properly use and protect the IT resources entrusted to them, there fore creating an IA empowered workforce.
Penetration Testing
In an attempt to raise situational awareness, a security-oriented probing of a computer system or network is conducted to seek out vulnerabilities that an attacker could exploit. The testing process involves an exploration of the all security features of the system in question, followed by an attempt to breech security and penetrate the system. The tester, sometimes known as an ethical hacker, generally uses the same methods and tools as a real attacker. Afterwards, the penetration testers report on the vulnerabilities and suggest steps that should be taken to make the system more secure.
© 2009. Engineering Systems Solutions.