There are multiple areas where systems can make organizations vulnerable to virus attacks and data theft, among other threats. The goal of our IT Security Solutions is to ensure your data Confidentiality, Integrity, and Availability is protected. We can assist you in protecting the Confidentiality of your data through our enterprise-wide Security Program; protecting the Integrity of your data through our Information Assurance Program and securing your assets; and protecting the Availability of your data by implementing our DR/COOP services.
E-INFOSOL’s enterprise-wide Security Program, we perform a system assessment and provide advice as to help you identify the FIPS 199 Security Categorization and FIPS 200 to identify the applicable Security Controls required.
Whether it’s the traditional approach, or one focused on the Cloud Computing environment, we provide Authorization Boundary Identification, as well as prioritization of assets by their level of criticality.
Additional services in this program include the development of an Information Security Plan in compliance with NIST SP 800-18 Rev 1 (Guide for Developing Security Plans for Federal Information Systems), as well as the development of IT Contingency Plans in compliance with NIST SP 800-34 Rev1, and developing a Configuration Management Plan for Information Systems in compliance with NIST SP 800-128. Furthermore, we aid in the development of all policies and procedures concerning Technical, Operational and Management Security Controls, as defined in NIST SP 800-53 Rev 3. Our services also include guidance and implementation of NIST SP 800-53 Rev 3 Security Controls applicable, based on a FIPS 199 Security Categorization.
Our FISMA audit services focus on executing a Risk Assessment that fully complies with NIST SP 800-37 Rev 1. After the audit, results are presented to Senior Executives along with an overview of the Information System’s Security Posture to help them make a Risk-Based decision with the goal of providing an Authorization to Operate.
The diverse technical background and expertise of our team ensures audits are engaged accurately from a Technical perspective, thus providing the more feasible recommendations to implement Security Controls.
We use the latest Vulnerability Assessment tools to execute in-depth Security Testing of Infrastructure Assets. We believe this assessment is essential in every organization, as it reveals Security Holes that may otherwise go unnoticed until the network is compromised. Therefore, we strongly recommend periodic Vulnerability Assessments with a proper scope, as determined by your particular system needs. We can assist in identifying assets vulnerabilities and in mitigating the risk of vulnerabilities being exploited. Given the uniqueness of every IT environment, we tailor our Security Assessment activities to fit each specific environment. Our expertise in Virtualization and Cloud Computing also enables us to fully understand security configurations and attributes specific to these environments.
Our approach to Security Assessments involves manually extracting security configuration from the assets, observing the implementation of security controls and performing automated vulnerability scanning. Both Vulnerability Scanning and Security Assessment services are offered as part of our FISMA audit service.
Information Assurance program services can be fully integrated with our Enterprise-Wide Security Program. As part of our Information Assurance Program we provide Continuous Vulnerability Scanning to identify vulnerability and Security Configuration in assets. Having a continuous process, rather than a batch, has multiple advantages. Among them, having less business disruption (downtime) and being able to manage risks as they come, instead of getting a list of them once a month. Furthermore, we will ensure assets are configured according to the applicable security benchmarks (i.e. USGCB, CIS, STIGs).
In addition, we review your organization’s IT system to validate the implementation of Configuration Controlled changes in Infrastructure assets. The validation process verifies that the implemented changes have the desired impact. Our assessment has the added value of providing a Security Perspective and Impact Analysis on the Change Control Board.
Whether it’s a violation of your organization’s policy, an attempt to access unauthorized data or any other event that potentially threatens your network or host security, we provide Support Incident Response activities to help you stay informed and protected. E-Infosol is a trusted third-party that will help you develop Security Benchmark for your organization’s most valuable assets. A great example of security benchmarking is determining—through metrics—how long it takes your organization to remove all access to sensitive data after an employee has been terminated, and setting a performance goal.
Contingency Planning is one of the most important Security Controls defined in NIST SP 800-53 Rev 3, required on all Federal Information Systems The implementation level of a Contingency Plan depends upon a System FIPS 199 Security Categorization. Our expertise in Security and Virtualization enables us to provide your organization with the latest DR/COOP mechanisms and tools for your infrastructure. Through our partnership with VMWare we can provide you with an effective and efficient solution that fully complies with the requirements established in NIST SP 800-53 Rev 3.
Our Cyber Security SMEs engaged in Supply Chain Risk Management perform in-depth risk assessments of IT products being acquired for an organization’s network environment. Extensive research enables our SMEs to provide solutions to customers that significantly minimize, mitigate or eliminate risks.
We play a vital role in an organizations IT acquisition process. Our SMEs pre-screen products and establish reciprocity with government/ Intelligence Community partners to establish lists of acceptable IT manufacturers and products. We educate users on proper navigation of the acquisition process consistent with existing organizational directives, policies, and guidance. Additionally, we assist organization in establishing balance between managing risk while operational requirements and accomplishing the mission. Overall, the ongoing efforts of our Cyber Security SMEs allow leaderships the agility to make informed procurement risk decisions at the speed of operations.