Our security strategists have experience keeping ahead of evolving threats within the commercial and government space through a cyber defense system with the following components:
- Policy: Align information system policy, procedures and governance structure with DOD Information Assurance Certification and Accreditation Process (DIACAP) controls and Risk Management Framework (RMF) standards, as well as being able to adapt the National Institute of Standards and Technology (NIST) towards commercial IT security.
- Prevention: Act on known threats and information by developing security policies, authorization & authentication, firewall management, endpoint security, patching, vulnerability assessments, audit reviews, providing secure gateways and implementing Security Technical Implementation Guides.
- Detection: Identification of threats through active and passive detection points that span all access vectors (email, web, data systems, etc.).
- Mitigation: Respond quickly and effectively to detected intrusions, report and isolate affected systems, and implement recovery procedures to normal operations.
- Repetition: consistently perform this process, improve through lessons learned, and provide a feedback loop to gauge improvement.
We bring experience in software products and tools such as the DISA Assured Compliance Assessment Solution (ACAS), vulnerability scanners, and SIEM tools.