Effective implementation of comprehensive cyber security strategy has become one of the most important national priorities of our times. Each government agency is individually responsible for continuation of improvements in its cyber security posture.
With cyber security and telecommunications demands increasing and workforce decreasing, government organizations are experiencing an increased need for cost effective information assurance capabilities as well as improved management, control and response techniques.
IT-CNP provides specialized cyber security services that assist agencies in providing a safe and secure operating environment, while implementing a departmental information assurance processes to ensure that information security related policy directions as defined by legislative requirements as well as President's Management Agenda guidance and circulars on cyber security are implemented consistently across the enterprise.
:: Modern Challenges
Information technology evolved from room-size computers shut off from the rest of the world to tiny wireless communication mobile devices interconnected by internal networks and the internet. In this diverse world of communications systems, no one information assurance approach or solution works on all operating systems and can protect every type of computer, network and mobile device component.
Attackers must find only one vulnerability in a security system to gain access to the protected system while security experts must be cognizant of closing all potential vulnerabilities of the system. Complex software programming that controls networking, server and mobile devices are now composed of millions of lines of code and have many more potential security vulnerabilities that attackers may explore to compromise the security perimeter and get access to agency personal, confidential and mission critical information.
The range of risks confronting the operation of complex geographically dispersed government networks include, but are not necessarily limited to natural disasters, intentional malicious acts, inadvertent errors, unforeseen software/hardware conflicts and cascading failures from interconnected systems. Risk sources can come from malicious sources including foreign powers, terrorist groups and, occasional corrupt insiders, each of which can compromise or otherwise do significant damage to classified and unclassified systems.
IT-CNP's cyber security and audit personnel, best practices, lessons learned and information assurance technologies assist federal, state and local government customers in maintaining proactive cyber security posture.
Risk-based and effective internal information assurance controls are vitally necessary to assure:
- Uninterrupted availability of information system resources
- Confidentiality and integrity of information systems and their contents
- Effective robust user authentication and access controls
- Increased security of communications, information and critical infrastructure
- Interoperability of systems for authenticating individuals and machines on networks
- Compliance with enterprise information technology security requirements
- Standardization of security settings for a wide range of networking devices and applications
- Reliability, confidentiality and integrity of information exchange process
- Existence of accountability mechanisms assuring compliance for access to government data
:: Strategic Cyber Security Support Services
IT-CNP provides expert information assurance and cyber security consulting advice, guidance, and facilitation regarding current improvement practices, services, and support products to assist agencies in their information assurance and cyber security program management and efforts, which enable them to meet new challenges and continuously improve their mission performance.
:: Enterprise-Wide Cyber Security Program Support
The goal of IT-CNP's enterprise-wide cyber security program support is to improve the information security posture and reduce cyber security vulnerabilities of customer organization. This is accomplished by improving compliance with mandated regulatory acts and industry standards such as FISMA, OPM, FIPS, NIST, DOD RMF, SSAE-16 and all other applicable cyber security regulations, policies, and procedures.
In order to reduce cyber security vulnerabilities our security experts support customers to continue developing enterprise-wide directives, manuals and other standards that comply with the kaleidoscope of Federal statutory and regulatory requirements. Compliance with the directives, manuals and other guidance by each agency's respective security program demonstrates improved cyber security performance to the satisfaction of external review bodies such as the Government Accountability Office (GAO), Office of Management & Budget (OMB), and independent public auditors.
By identifying vulnerabilities and implementing corrective measures, IT-CNP's security compliance experts assist government agencies to effectively reduce the number of opportunities for system compromise, resulting in an overall improvement in the level of protection afforded our information resources. Ongoing monitoring is used to continuously assess the security posture of our operational environments to detect new or unpatched vulnerabilities, offering opportunities for proactive remediation and control.
:: IT-CNP's Enterprise-Wide cyber security solution components include:
- Enterprise cyber security policy development, statistical and analytical support
- Strategic cyber security business and action planning
- Network Security Monitoring/Analysis and Incident Response
- Cyber security Threat Analysis
- Cyber security research and engineering
- Security Operations Center (SOC) Operational Support
- Security Vulnerability Analysis
- Enterprise Cyber security Infrastructure Support
- Cyber security Technology Assessment and Forensics
- Certification & Accreditation (C&A) policy and compliance support
- Continuous Independent Validation and Verification (IV&V) testing of system security controls
- Continuous Monitoring in accordance with NIST and FedRAMP guidance