Our customized security engineering services to customers operating in high-security
and mission-critical environments include:
Security Requirements Analysis. We research and analyze mandated regulations,
documents and policies to derive security requirements. This includes DOD Directives,
Intelligence Standards and Directives, NIST Publications, Agency Directives and
legislative mandates like Sarbanes-Oxley.
Security Policy Development. We analyze existing agency/company security
policies and procedures with evolving government standards and/or industry "best
practices" for the enterprise class, and develop new/modified policy documents
Threat Assessment. We work closely with the client to develop a threat
scenario tailored to the client's environment. We do the research to identify
the threats so we can develop a risk management approach that makes sense for
the client environment.
Security Certification and Accreditation. We work with system acquisition
agencies and users to develop and document plans that ensure successful and timely
system accreditation under the most rigorous DoD and Intelligence Community standards.
Risk Management and Assessment. We develop cost-effective solutions based
on your requirements and threat assessment, using the latest in technology and
methods, to secure your information technology infrastructure. We work with the
client to develop an acceptable risk management model tailored to the client environment.
Security Vulnerability Assessment. We assess the vulnerabilities of server
operating systems, database management systems, application software, and network
components (firewalls, routers, gateways) as well as assessments associated with
enterprise security practices and procedures. The result is a prioritized list
of the discovered vulnerabilities, an analysis of the associated risks and potential
losses to the enterprise, and estimated mitigation costs.
Intrusion Detection and Monitoring. We perform real-time intrusion detection
and reporting at our Remote Network Operations Center in Colorado. The remote
management service includes configuration management, continuous monitoring, maintenance,
trouble support, incident detection and response, preventive countermeasures,
forensic analysis, daily audits, and periodic effectiveness tests.
Security Training and Awareness. We provide security training and education
courses and supporting materials to commercial and federal clients and have done
so for the past fifteen years. We develop courses for computer systems security
officers, executive awareness, systems administrators, and management. Specific
courses have been developed for clients with specific needs like malicious logic
and virus detection and eradication. We provide you with your security training
and education needs from standup lectures to computer based instruction and supporting
training awareness materials.
Security Product Testing and Analysis. Our information system and network
security laboratory services group will objectively evaluate and compare security
products as they apply to your environment. We have the capability to simulate
most client-server environments and demonstrate results to you in our presentation
High Assurance Tactical Systems Security Engineering. For over 12 years,
we have performed 'full spectrum' System Security Engineering tasks for several
unique, complex, mission critical, multilevel secure embedded tactical weapon
systems, including airborne platforms and ground support systems. We develop detailed
security functional and assurance requirements, C&A Plans, security policies
and policy models, security architecture descriptions, security concepts of operation,
risk analyses, and security test and evaluation (ST&E) plans and procedures.
We also analyze and specify IA and IA-enabled products to meet functional, performance,
and security requirements. We work closely with acquisition agencies, users, certifiers,
and developers to ensure that cost effective, secure, operationally responsive
solutions are implemented.
Penetration Testing. Using state-of-the-art tools and techniques, we
perform independent penetration tests on systems and networks to identify vulnerabilities
and to verify that your security mechanisms and safeguards are working as they
ISO 9001 Certified
IT Industry Expertise
Application Domain Experts
Numerous Contract Vehicles
Key Industry Affiliations