Cybersecurity

Cyber security is defined as protecting information against threats from the Internet.  There are different areas that an organization has to concern themselves with when dealing with cyber threats.  There was a time when just having an anti-virus program was enough, but today that is not the case.  We understand this, and provide expertise in the following areas:

  • Risk Assessment
  • Security Consulting
  • Identity Management
  • Security Test and Evaluation
  • Continuous Monitoring

By using the systems life cycle process, we will work to ensure your organization is protected from many different types of cyber threats.  It is not uncommon that an organization considers security well after a system has been implemented.  We will ascertain risks to those systems, providing you a plan on how to mitigate the risks.

Risk Assessment – The process of determining the qualitative and quantitative value of a risk.  Using the following risk identification method: (risk = threat x vulnerability)

We will work with you to identify weaknesses (vulnerabilities) in your organizational security posture, finding the threats that could compromise the found weaknesses, and come up with a solution to help you protect against the threats.

Security Consulting – Sometimes all an organization needs is an expert to advise them on their security posture.  These experts in the industry are referred to as an Information Systems Security Engineer (ISSE).  We can provide ISSE consulting services to help you meet that need.  We can also embed an ISSE into your organization so that you will have expertise available anytime you need it.

Identity Management – To maintain the access, authentication, and authorization of individuals that have access to your organization.  We help you with ensuring that privileges to individuals are granted based on their job function and roles within your organization.  We cover issues such as how users are given an identity, protection of that identity, and a technology solution that supports protection of that identity such as digital certificates, passwords, network protocols, PKI (Public Key Infrastructure).

Security Test and Evaluation – An Independent Verification and Validation (IV&V) of security controls to make sure they are working and are implemented correctly.  This involves testing the system by means of penetration testing, and vulnerability assessment.

  • Penetration Testing – The practice of compromising a system similar to how an attacker would penetrate the system.  We will work with your organization to identify weaknesses that the “bad guys” will attempt to exploit.  Using the latest tools and practices, we will work with you to find techniques that bad guys can use.
  • Vulnerability Assessment – Identifying the weaknesses in your organization, and assessing those weaknesses.  Vulnerabilities can range from having poor policies (administrative control), to computer systems that are not patched (technical controls). We will work you to identify all the weaknesses of your organization, providing you a detailed report on our findings so you can make the best decision possible.

Continuous Monitoring – Security is an ongoing and dynamic process. With threats increasing and evolving on a daily basis, it is paramount for an organization to constantly identify these threats and create a strategy for mitigating against them.  We will help you design a plan best suited to your organizational needs to continuously monitor new threats.