The INFOSEC Services practice offers Federal and Commercial customers a source for comprehensive consulting services focused on the protection of Information Technology (IT) systems against unauthorized access to or modification of data, whether in storage or transit.

Our holistic approach to security is unique in the industry.  We feature 14 security-related service areas that correlate with those specified in Federal Information Processing Specifications (FIPS) 200.

Our highly qualified, nationally and internationally recognized ISSOs and ISSEs can supplement your Information Assurance (IA) and INFOSEC staffs by augmenting your staff or they can focus on providing technical expertise from one of the security-related offerings listed below.  When you need help, we have you covered.

For more information on the services we offer click one of the 14 security-related areas below and discover how INFOSEC Services can help you build a secure IT environment.

SERVICES OFFERED

 
INFOSEC Operations

INFOSEC Services specializes in the protection of data at rest, data in transit, and the operational authority of IT system users for Government agencies and other enterprises under Federally mandated requirements.

Our experts take a holistic approach to IT systems security operations by bringing together a wide array of measurable services ranging from Certification and Accreditation to Vulnerability Management and Training to ensure your entire enterprise system (people, processes and business units) function securely. You benefit by being better prepared to respond to an event, lowering costs of change, increasing productivity and providing improved critical business services.

Click here to view the complete
INFOSEC Operations white paper

Incident Response The unexpected happens. Being prepared for it is a responsibility that does not diminish based on time or technology used.

At INFOSEC Services our Information System Security Officers have extensive experience in developing Incident Response Guides, Contingency Plans, and Continuity of Operations Plans. Our team starts the process by examining existing documents and understanding workflow processes. Then we identify how to initially respond to a possible contingency event, how to put contingency event plans into action, and how to ensure business operations are minimally interrupted by an event.

Using this approach to Incident Response and Disaster Recovery your organization can move beyond developing a plan for responding to an immediate threat to a comprehensive plan that provides for system-wide resiliency and more importantly, business continuity.
Business Process Engineering Success comes from efficient, repeatable processes and INFOSEC Services' Business Process Engineering service (i.e., Business Process Analysis, Business Process Re-Engineering, Business Process Development, and Business Process Management) is designed to help you get the most from how effective you are in directing business workflow. All of our INFOSEC consultants are versed in business process engineering. We will document the policies and procedures that are part of your organization's overall IT workflow or further throughout your system as required. We ensure that the workflow can be performed in a manner that exemplifies the value of the process as intellectual property.

INFOSEC Services' team will determine what business processes exist and contribute to the success of the organization (business process analysis), determine how to change business processes to create greater efficiency (less cost or greater productivity) or improvements that contribute to overall product output and management style (business process re-engineering), or overseeing and managing process execution and improvement (business process management)
Audits & Surveys INFOSEC Services provides a wide array of audits and surveys tailored specifically to client needs. Our goal is that each audit and survey effort is tied to gains in security and efficiency within the organization.

An INFOSEC Services audit and survey offers services to identify the existing organizational structure and how it relates to future operations. It also enables the organization to communicate to stakeholders the impact of actions taken as a result of management, operations or relationships.
Strategic Planning You recognize your enterprise IT system requires greater security, but where do you start? INFOSEC Services' strategic planners are experts when it comes to evaluating and identifying key system issues.

INFOSEC Services' strategic planning experts will develop a project plan that identifies critical steps for system enhancement. Each of the items on the project plan will be considered in depth, with approximate costs and an explanation of how the item supports the IT system.

By undertaking strategic planning for your IT system, you will have a roadmap that identifies which operations and system characteristics can be enhanced to meet your overall objective of ensuring greater security.

Click here to view the complete
Strategic Planning white paper
Risk Management Risk management is the process of determining what internal and external risks are prevalent to an IT system, applying a mathematical model (using the National Institute for Standards and Technology [NIST] Risk Assessment Methodology) to determine likelihood of such event(s) occurring, and determining which risks are acceptable and which risks need to be mitigated.

The INFOSEC Services team will use the most subjective methods for determining risks and the right methodology for evaluating risks. As a result, your organizational goals for risk management and mitigation can be achieved efficiently and effectively. Plus, a Risk Management assessment enables you to leverage a process that has exponential impact on achieving safe, secure system operation.

Click here to view the complete
Risk Management white paper
Knowledge Management For any organization, intangible assets consist of the tacit knowledge and intellectual property that provide a basis from which the organization can make decisions, excel and prosper. Our practice of knowledge management means collecting this knowledge, making it explicit, and using it once in your best interest.

Our goal is to identify information and knowledge that builds greater security for IT systems to identify information and knowledge that needs protection in the digital system, and to protect various authority levels vested in users of the system(s).

Through Knowledge Management, we can ensure that the intangible assets that are part of the overall business workflow are clearly defined in understandable terms that add value to management processes.

Click here to view the complete
Knowledge Management white paper
Certification & Accreditation INFOSEC Services is a leader in providing Certification and Accreditation (C&A) services for systems controlled by Federal mandate.

The INFOSEC Services team is highly experienced in the various processes. We focus on planning, compiling information, preparing documents, evaluating how well the system is defined, and presenting the system for certification and accreditation with the ultimate goal of ATO approval. This effort is accomplished by surveying systems to identify critical information, using functional analysis tools (like our System Security Plan Evaluation Tool?) and applying metrics to measure project results. This process fulfills the requirements from initial system identification through issuance of a properly authorized Authority to Operate document.

Perhaps more importantly, you will be assured knowing you have a system that is "safe to operate" or "acceptable to operate within acceptable risk"

Click here to view the complete
Certification and Accreditation white paper
Solutions Management & Forensics 'Solutions management' is the process of finding the best solution to an existing problem while 'forensics' is part of the practice of determining what happened (the root cause of a problem) after an incident or event occurred.

Our solution managers use needs analysis, policy, evaluation, knowledge management products (e.g., a lessons-learned database), etc., to understand your problems from the context of requirements, budget, and timeframe. The solutions manager then determines the most appropriate products and services as well as integration processes to allow for smooth implementation. Our goal is to link your requirements and/or needs to your business workflow operations ensuring the products and services defined are the most effective, efficient solution.

Our forensics capabilities will help you determine the root cause after an incident or event occurred. With our solutions management and forensics practice, you will enjoy a more secure system knowing the cause, not the symptom has been.

Click here to view the complete
Management and Forensics white paper
Configuration Management Configuration Management (CM) is the practice of gathering information about IT products and keeping that information current. (Configuration management also includes managing hardware and software licenses to guarantee the legality of the operation.) In gathering such information, organizations like yours can ensure that a complete status of the enterprise IT configuration is clearly delineated.

Our experts can develop a configuration management plan that ensures a clear understanding of the scope of your enterprise IT system and is available to every node of your enterprise network of systems. In doing so, it ensures the integrity of your system.

In addition, Configuration Management offers the ability for an organization to have an enterprise-wide perspective, allowing for highly effective planning, risk management, and road mapping so that changes can be analyzed for their impact throughout the enterprise.

Click here to view the complete
Configuration Management white paper
Engineering INFOSEC Services specializes in the protection of data at rest, data in transit, and the operational authority of IT system users for Government agencies and others enterprises under federally mandated requirements.

Our experts take a holistic approach to IT systems security technology by bringing together a wide array of measurable services ranging from vulnerability analysis and forensics to laboratory services including compatibility testing to ensure your entire enterprise system (people, processes and business units) use the best design schemes. You benefit by being better prepared to manage your operational system, to lower costs of change, and to provide improved critical business services.

Click here to view the complete
Engineering white paper
Architecture INFOSEC Services' architects are experts when it comes to designing IT systems with increased security. We offer services from full design to supplemental design reviews. When we review a network concept or system, our architects will review the design and determine what can be done to ensure greater security within the design.

Working with INFOSEC Services, you will have an IT system specifically designed for protecting data at rest, data in transit, and the operational authority of IT system users. Plus, you can be confident knowing that at the foundation of your system, the design is adding increased security functionality for future enhancements.

Click here to view the complete
Architecture white paper
Vulnerability Management Identifying vulnerabilities is at the core of ongoing efforts to maintain a safe, secure IT system. At INFOSEC Services our goal is to use the best tools based on customer system design to realize the best practices for finding and identifying problems before they become major issues. Using this approach, our goal is to reduce the amount of unacceptable risk based on exploitable system vulnerabilities.

INFOSEC Services' team will build capabilities, methods, and approaches to address and perform one-time and recurring testing and remediation requirements. Key to this effort will be determining the best path for remediating vulnerabilities.

Not only will you feel confident about reducing system vulnerabilities, but it may lead to more accurate FISMA reporting of vulnerabilities.

Click here to view the complete
Vulnerability Management white paper
Training INFOSEC Services team members have gained extensive knowledge in building, operating and maintaining secure IT systems for our clients. We offer INFOSEC training, both operational and technical, for your INFOSEC and Information Assurance personnel. This includes development of Annual Security Awareness training. In addition, we prepare your staff for successfully conducting INFOSEC operations within your enterprise when our specialists are not around.

Training is offered in each of the service areas we have defined for our INFOSEC Services practice.