Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
|
|
- Noah Caldwell
- 7 years ago
- Views:
Transcription
1 4937 Fargo Street North Charleston SC Phone Fax w w w. c o d e l y n x. c o m Request for Information: Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services Department of Management Services, Division of State Purchasing Department, State of Florida Submitted on 03 September 2015 This proposal includes data that shall not be disclosed outside this intended recipient and shall not be duplicated, used, or disclosed in whole or in part for any purpose other than to evaluate this response.
2 Table of Contents Introduction... 2 CodeLynx Executive Summary... 2 Credentials... 2 Proposed Solution... 2 Benefits to the State of Florida... 3 Benefits to the Agencies and Departments... 3 Background... 4 Past Performance... 4 Contact Information... 5 Key Contact within CodeLynx... 5 Business Information... 5 Response to Section IV... 5 Pre-Incident Services... 6 Incident Response Agreements... 6 a) Assessments... 6 b) Preparation... 7 c) Developing Cyber-Security Incident Response Plans... 8 d) Training... 8 Post-Incident Services... 8 a) Breach Services Toll-free Hotline... 9 b) Investigation/Clean-up... 9 c) Incident response... 9 d) Mitigation Plans... 9 e) Identity Monitoring, Protection, and Restoration Notes Page 1 of 10
3 Introduction CodeLynx Executive Summary CodeLynx, LLC is not only qualified to provide assessment and remediation services in the event of a cyber-security incident, we also have a commercially available software application designed specifically to track and monitor activities required to prevent such incidents, Zeva ( CodeLynx, a Woman-Owned Small Business (WOSB) headquartered in North Charleston, South Carolina, has been protecting our customers and the general public as a full service security solutions provider, since Specializing in the design, installation, maintenance and assessment of complex risk monitoring and mitigation systems, CodeLynx excels in supporting and improving security solutions that protect customer assets, customer infrastructure, and the public at large. CodeLynx is a qualified GSA vendor under GSA IT Schedule 70 Contract GS-35F-0012V under NAICS Codes , , , , , and We have distinguished our company from others by installing and maintaining complex security systems and developing affiliated software products for the global security community for more than a decade. Our customers include the Department of Defense, secure government facilities, law enforcement agencies, industrial complexes, universities, hospitals, and commercial organizations. In addition, CodeLynx also provides cyber security certification and accreditation services for our clients network operating environments. Credentials Our cyber security professionals are recognized specialists as evidenced by their combination of advanced formal education, specific technical training and years of practical experience. A sampling of our staff credentials includes: Certified Information Systems Security Professional (CISSP) Certified Secure Software Lifecycle Professional (CSSLP) SANS Aud507: Auditing & Monitoring Networks, Perimeters, and Systems CompTIA Security+ CompTIA Network+ SOA Certified Security Specialist Information Assurance Technical (IAT) Level I, II, or III under the Navy s Cybersecurity (CS) workforce program Proposed Solution In fulfilling the services listed within the RFI, CodeLynx proposes Zeva, our internally developed webbased commercial off-the-shelf software tool. The Zeva assessment solution will provide the State of Florida with assurance that the assessments are taking place at the agency and department levels by providing visibility into the status, progress, completion and results of the security assessments and evaluations. The tool will also allow the state to establish the set of benchmarks and standards to be used across all agencies to ensure that state policy objectives are being met. We are confident the Page 2 of 10
4 intuitive features constructed with the goal of proactively managing compliance, will become a critical management utility throughout the state. High-level features of Zeva include: Benefits to the State of Florida Establishing and distributing benchmarks across all agencies and departments Data visualization of vulnerabilities and action items One system of record for all assessments, reporting, support materials, and remediation efforts Visibility across the organization allowing for collaboration among departments, personnel and resource management, and program evaluation. The ability to analyze results across all agencies to determine area of need that need addressing at the state level Customizable real-time reporting A system of record that the state is taking a proactive and comprehensive approach Benefits to the Agencies and Departments Due to our unique position within the industry, we developed an industry-leading application, Zeva, designed to provide assessment visibility, incident response preparation, and incident response tracking. Zeva also provides management staff the key information and insight into performance via: The ability to attach supporting documentation such as agency level policies Assessment scoring The capture of comments such as findings, recommendations, and mitigation plans Remediation tracking Self-Assessments prior to actual audits Current disposition of an incident response Post-incident response evaluation Page 3 of 10
5 Background Past Performance CodeLynx s single focus is security. We provide securely developed custom software, as well as commercial software. We provide Enterprise Security Systems, a partial list of which includes Security Operations Centers (SOC s) video walls and displays, cameras, access control, and secure video storage. We also provide cyber security solutions, including assessments and audits, audit preparation, and incident response preparation. We have applied our vast physical security assessment expertise along with our in-depth understanding of organizational hierarchies to several client engagements pertinent to this RFI. We developed an Assessment Accreditation Tool (AAT) for the US Marine Corps (USMC) Law Enforcement community several years ago that has enabled them to consistently monitor and enhance the standards applied within 18 command organizations around the world. This application was so successful, they recommended it to the Army who adopted it two years ago with similar positive results. This tool enables organizations to conduct self-assessments throughout the year and in preparation for a formal outside inspection. The results from each installation are viewable by that installation as well as headquarters organizational personnel and are accumulated for trend performance over time. This enables enhanced decision making and resource allocations in the areas identified as the most vulnerable. This application was then adopted by the USMC Mission Assurance program to support their unique needs for conducting assessments across a broad spectrum of program areas including anti-terrorism, cyber-security and critical infrastructure protection. CodeLynx possesses not only the engineering expertise to develop user-facing features, our staff also has years of experience as subject matter experts to facilitate the discussions required for successfully designing the workflow and visibility required across multiple organizational stakeholders. At CodeLynx, Information Assurance is a key core competency, as demonstrated by the extensive experience our team possesses and a successful track record of receiving favorable Authorities to Operate (ATOs) for several production systems deployed in the Department of Defense s Nonsecure Internet Protocol Router Network (NIPRNet) and Secret Internet Protocol Router Network (SIPRNet) environments. Our experience includes responsibility for system accreditation efforts via the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) on multiple projects, which involved generating numerous system architecture, design, procedural, and security documents and ensuring their compliance with DoD standards. We possess extensive experience ensuring server and system compliance with Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) on multiple projects and in various environments. The STIG implementation process consisted of hardening the security posture of web servers, operating systems, and database management systems to comply with established cyber security guidelines, as well as testing and documenting the configurations to ensure functional integrity. Tools used in this process included DISA Gold Disk, Retina Network Security Scanner, and Tenable Nessus for vulnerability scanning. Page 4 of 10
6 Our staff oversaw the accreditation of the network environment of a complex enterprise ESS Project under the National Institute of Standards and Technology United States Government Configuration Baseline (NIST USGCB) guidelines. This deployment included multiple physical sites, hundreds of cameras and access control points, as well as Intrusion Detection Systems (IDS) and secure network appliances. In addition we have supported our customers through numerous audits of their network operating environments conducted by both internal and external governing bodies. CodeLynx personnel possess many different industry certifications, including CISSP, CSSLP, Security+, Network+, various SOA certifications, including SOACP, and GIAC SANS audit training. In addition to our broad and deep certified personnel bench, we have extensive industry experience. This experience includes obtaining multiple DoD Authorities to Operate (ATO s) and Authorities to Connect (ATC s). We also are responsible for a major Washington, D.C. museum s security department passing an annual NIST USGCB audit. We have prepared incident response plans, and must maintain a network where incident response is a critical component. We are familiar with a wide array of industry best-practices and standards, and thus are able to provide guidance on best approaches to cyber security. As a secure software development firm, enterprise security solutions hardware provider, and cyber security solutions provider, we also can provide a unique single point of contact to almost any cyber security need. If a secure custom software application needs to be developed, or hardware updated, we can provide it. We can also link the two together, allowing existing hardware to talk to existing software. Additionally, we can provide audit and assessment capabilities, and incident response and preparedness. Contact Information Key Contact Judith Godwin CodeLynx, LLC Director, Software Engineering Judith.Godwin@CodeLynx.com x329 Business Information CodeLynx, LLC 4937 Fargo St., North Charleston, SC Phone: Fax: Response to Section IV Page 5 of 10
7 Pre-Incident Services Incident Response Agreements Terms and conditions in place ahead of time to allow for quicker response in the event of a cyber-security incident. RESPONSE: The Zeva system allows for the creation of assessment templates, which would outline all of the criteria, infrastructure and systems that would need to be evaluated in the event of a cybersecurity incident. These templates can then be replicated throughout the organization for individual location threat assessments, quick incident response, ongoing vulnerability reviews, and change management gap analysis. Criticality of the assessment points and action items can be designated in the system with the use of comment classifications and tag data groupings which allow for tailored reporting based on your audience. a) Assessments Evaluate a State Agency s current state of information security and cyber-security incident response capability. RESPONSE: With Zeva, you can create custom evaluations that meet the needs of your organization. To help accomplish this, the system allows users to import industry and regulatory body-specific standards, replicate company approved processes, and survey vulnerability based on our Cyber Security Specialists expertise level, with the goal of ensuring that incident response capabilities are tailored to your organization s needs as well as the requirements imposed on you by the market and government. Customization of your risk settings, information groupings, assessment types, organizations, score types, and languages provide the adaptability needed to assess all aspects of your organization. Documentation, such as policies or photographic evidence can easily be attached from a computer, phone, or tablet to support audit finding. Additionally, Zeva s robust security model ensures that users access to data, evaluations, reporting, and support materials is appropriate. In addition to providing a robust cyber-security evaluation tool in Zeva, CodeLynx also provides the resources and expertise required to perform a comprehensive cyber-security capability evaluation. CodeLynx staff have a successful track record of performing the extensive system-level evaluation, documentation, and auditing tasks required by the Department of Defense (DoD) to obtain Authorities to Operate (ATO s) and Authorities to Connect (ATC s) for multiple production systems deployed in Nonsecure Internet Protocol Router Network (NIPRNet) as well as Secret Internet Protocol Router Network (SIPRNet) environments. Our experience includes responsibility for system accreditation efforts via the DoD Information Assurance Certification and Accreditation Process (DIACAP) on multiple projects, which involved evaluating the security posture of numerous hardware and software components present in large, globally-scalable enterprise systems and generating and ensuring DoD compliance of all artifacts required for successful accreditation. This included system architecture, design, procedural, and security documents. We possess extensive experience ensuring server and system compliance with Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) on multiple projects and in various environments. The STIG implementation process Page 6 of 10
8 consisted of hardening the security posture of web servers, operating systems, and database management systems to comply with established cyber security guidelines, as well as testing and documenting the configurations to ensure functional integrity. Tools used in this process included DISA Gold Disk, Retina Network Security Scanner, and Tenable Nessus for vulnerability scanning as well as HP Fortify and SonarQube for source code analysis. CodeLynx has personnel trained to do cyber security auditing, including the GIAC SANS Audit training. CodeLynx has participated successfully in the GIAC SANS AuditWarz audit simulation contest. Additionally, CodeLynx has many cyber-security certifications, including but not limited to, CISSP, CSSLP, and Security+. CodeLynx maintains the United States Holocaust Memorial Museum: Department of Protection Services (USHMM DPS) security network and devices. Since 2010, CodeLynx has been tasked with ensuring that DPS will pass an annual NIST United States Government Configuration Baseline (USGCB) cyber security audit of the network and attached devices. CodeLynx participates in every step of the audit, including pre-audit self-assessment and remediation, meeting with the auditors and going through the audit interviews, and performing any necessary post-audit remediation efforts. All parts of the audit process are documented and reviewed for lessons learned and improving the next audit cycle. CodeLynx provides the Zeva software tool, which aids in tracking compliance over time with standards, auditing compliance, and showing trends over time. Zeva allows for easy visibility into, and running of, audits and compliance, including: The design of security solution systems The maintenance of inventory data The assessment of equipment The remediation of vulnerabilities identified The generation of product work orders b) Preparation Provide guidance on requirements and best practices. RESPONSE: With the assessment criteria established by our Cyber-Security expert, the Zeva system can used to identify trends in your current compliance efforts including best practices or program gaps. Best practices can be enveloped into a continuous monitoring and process improvement campaign within Zeva, for implementation across your organization. As part of our duties, CodeLynx is familiar with DISA STIGs, NIST standards, Council on Cyber Security Critical Security Controls, SANS Top 20, PCI DSS, and OWASP standards. Additionally, CodeLynx has GIAC SANS training on developing proper cyber security controls, and auditing to evaluate compliance. As part of maintaining certifications, CodeLynx personnel stay up to date with the latest in industry best practices and requirements. In addition to being familiar with the above standards, we are able to recommend products and tools that best meet the requirements of the above-mentioned standards, while maintaining vendor neutrality. Our Zeva product assists in tracking compliance with all standards, and is useful to track how the different tools are performing in meeting their stated goals and Page 7 of 10
9 requirements. It can also be used to evaluate several different vendors tools to determine which one provides the best fit for the State of Florida. As part of maintaining the USHMM DPS network, we must provide guidance on requirements and best practices for securing their network against intruders, securing their data against tampering, and providing 24x7 real-time access to all incident information. We also must prepare their personnel, their network, and their attached devices for the annual NIST USGCB audit, to ensure a favorable outcome. c) Developing Cyber-Security Incident Response Plans Develop or assist in development of written State Agency plans for incident response in the event of a cyber-security incident. RESPONSE: Incident response plans should encompass risk scenarios as well as the probability of occurrence and impact. Using information grouping tags and custom scoring models within Zeva, a user is able to create self-assessments and incident audit templates that outline all criteria to be covered based on priority to your organization. That template and its prioritization are then pushed out organization wide as the incident response plan. As part of the CISSP and Security+ certification requirements, personnel must demonstrate an understanding of incident response best practices and disaster recovery planning. Disasters may include data corruption or deletion, both accidental and intentional. Additionally, GIAC SANS provides members with concrete tools and appropriate responses to cyber security events. This training includes development of incident response plans. As part of the ATO certification process, incident response plans had to be developed and approved by the DoD Information Assurance Managers, project owners, and cyber security controllers. CodeLynx was able to provide the required plans and associated documentation, and meet all necessary control objectives. The end result was a securing of the needed Authority to Operate and Authority to Connect. Zeva can be used to come up with highly robust checklists ahead of any incident, allowing for rapid response and thorough review of all incidents, including all required documentation. During the incident, management will have full visibility into all activities occurring, where they are at on any given activity, and the results obtained. After the immediate response to the incident has passed, all data can be reviewed, lessons learned can be developed, and appropriate next steps can be discerned. Additionally, tools purchased can be objectively evaluated to determine if they met their stated goals and requirements. d) Training Provide training for State Agency staff from basic user awareness to technical education. RESPONSE: These services are not within our core capabilities. Post-Incident Services Page 8 of 10
10 a) Breach Services Toll-free Hotline Provide a scalable, resilient call center for incident response information to State Agencies. RESPONSE: These services are not within our core capabilities. b) Investigation/Clean-up Conduct rapid evaluation of incidents, lead investigations and provide remediation services to restore State Agency operations to pre-incident levels. RESPONSE: When a standards template is created in the system, it can be accessed by all relevant users (based on permission settings). Incident investigation is available 24/7 should any incident arise and can be accessed while on line or completed in offline/airplane mode if internet connectivity is not available. Investigations can be created in a manner of seconds and remediation follow-up can be scheduled with a click of a button. All supervisory staff and evaluators with access to the cyber security evaluation also have the ability to see the progress of that incident investigation and any open issues. c) Incident response Provide guidance or technical staff to assist State Agencies in response to an incident. RESPONSE: The Zeva system provides visibility into all investigations in real-time. As such, the response to incidents and open action items can be proliferated as the incident is occur or as a result of the investigation. The search tool within Zeva allows investigator to identify like incidents to ensure responses are consistent with plans and with prior actions. Systems access restrictions ensure the security of the information being reviewed as well as incident support documentation, while also providing valid users with access to track the response and mitigation programs. Commentary of each investigation can be pushed to view only users within Zeva, or ed to persons responsible for addressing identified issues. d) Mitigation Plans Assist State Agency staff in mitigation plan development based on investigation and incident response. Assist State Agency staff with incident mitigation activities. RESPONSE: Mitigation Plans can be established and continuously updated based on cyber-security threat assessments and incident response results within our system. Zeva can either create a new evaluation or a remediation-based evaluation dictated by the custom triggers designated by the client. Once a trigger criterion has been established, a user can designate a follow-up action or time interval response for an individual criterion, a tag group or section of the survey, or the entire evaluation. Follow-up actions, assessor commentary, and attached policies and procedures then act as the mitigation plan for subsequent assessments. Results of the secondary evaluations are then paired with the original for period-over-period tracking in the dashboards and reports. These results may also be viewed independently of the initial assessment as well. Page 9 of 10
11 e) Identity Monitoring, Protection, and Restoration Provide identity monitoring, protection, and restoration services to any individuals potentially affected by a cyber-security incident. RESPONSE: These services are not within our core capabilities. Notes: At this time, we do not have a Service Catalog to provide. Page 10 of 10
GEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationREQUEST FOR INFORMATION
Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 3 September 2015 6506 Loisdale Rd, Ste 325
More informationcarahsoft Florida Department of Management Services CARAHSOFT S RESPONSE TO THE REQUEST FOR INFORMATION
carahsoft CARAHSOFT S RESPONSE TO THE Florida Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationDepartment of Management Services. Request for Information
Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley
More informationNavigate Your Way to NERC Compliance
Navigate Your Way to NERC Compliance NERC, the North American Electric Reliability Corporation, is tasked with ensuring the reliability and safety of the bulk power system in North America. As of 2010,
More informationCurrent IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationCyber-Security Assessment, Remediation, and Identity Protection, Monitoring and Restoration Services
Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring and Request for Information 9/3/2015 12:00PM Prepared For State of Florida Department of Management Services Division of State
More informationHow To Manage A Vulnerability Management Program
VULNERABILITY MANAGEMENT A White Paper Presented by: MindPoint Group, LLC 8078 Edinburgh Drive Springfield, VA 22153 (o) 703.636.2033 (f) 866.761.7457 www.mindpointgroup.com blog.mindpointgroup.com SBA
More informationIndependent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN
Independent Security Operations Oversight and Assessment Captain Timothy Holland PM NGEN 23 June 2010 Independent Security Operations Oversight and Assessment Will Jordan NGEN Cyber Security 23 June 2010
More informationReliable, Repeatable, Measurable, Affordable
Reliable, Repeatable, Measurable, Affordable Defense-in-Depth Across Your Cyber Security Life-Cycle Faced with today s intensifying threat environment, where do you turn for cyber security answers you
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationState of Florida Department of Management Services
September 3, 2015 State of Florida Attn: Joel Atkinson Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 350 Seventh Avenue 10th Floor New York, New
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationSymantec Control Compliance Suite Standards Manager
Symantec Control Compliance Suite Standards Manager Automate Security Configuration Assessments. Discover Rogue Networks & Assets. Harden the Data Center. Data Sheet: Security Management Control Compliance
More informationAccess FedVTE online at: fedvte.usalearning.gov
FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationWelcome to Modulo Risk Manager Next Generation. Solutions for GRC
Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS
More informationThe Information Assurance Process: Charting a Path Towards Compliance
The Information Assurance Process: Charting a Path Towards Compliance A white paper on a collaborative approach to the process and activities necessary to attain compliance with information assurance standards.
More informationFedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please
More informationBusiness Case Outsourcing Information Security: The Benefits of a Managed Security Service
Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...
More informationEverything You Wanted to Know about DISA STIGs but were Afraid to Ask
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationSymantec Control Compliance Suite. Overview
Symantec Control Compliance Suite Overview Addressing IT Risk and Compliance Challenges Only 1 in 8 best performing organizations feel their Information Security teams can effectively influence business
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationFedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
More informationSecurity. Security consulting and Integration: Definition and Deliverables. Introduction
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationSimply Sophisticated. Information Security and Compliance
Simply Sophisticated Information Security and Compliance Simple Sophistication Welcome to Your New Strategic Advantage As technology evolves at an accelerating rate, risk-based information security concerns
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationData- Centric Enterprise Approach to Risk Management Gregory G. Jackson, Sr. Cyber Analyst Cyber Engineering Division Dynetics Inc.
Data- Centric Enterprise Approach to Risk Management Gregory G. Jackson, Sr. Cyber Analyst Cyber Engineering Division Dynetics Inc. May 2012 (Updated) About the Author Gregory G. Jackson is a senior cyber
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationState of Florida Cyber Security Services RFI
RFI ATTENTION: State of Florida Dept. of Management Services Joel Atkinson Associate Category Manager 4050 Esplanade Way, Suite 360 Tallahassee, FL 32399-0950 (850) 488-1985 joel.atkinson@dms.myflorida.com
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More informationA Comprehensive Cyber Compliance Model for Tactical Systems
A Comprehensive Cyber Compliance Model for Tactical Systems Author Mark S. Edwards, CISSP/MSEE/MCSE Table of Contents July 28, 2015 Meeting Army cyber security goals with an IA advocate that supports tactical
More informationrating of 5 out 5 stars
SPM User Guide Contents Aegify comprehensive benefits... 2 Security Posture Assessment workflow... 3 Scanner Management... 3 Upload external scan output... 6 Reports - Views... 6 View Individual Security
More informationCYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES
CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES How can you better prepare and respond to cyber risks? ACE developed Loss Mitigation Services to help policyholders understand and gauge various areas
More informationThe Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation
The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation Copyright, AlgoSec Inc. All rights reserved The Need to Ensure Continuous Compliance Regulations
More informationSecurity solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.
Security solutions White paper Acquire a global view of your organization s security state: the importance of security assessments. April 2007 2 Contents 2 Overview 3 Why conduct security assessments?
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationWhite Paper: Consensus Audit Guidelines and Symantec RAS
Addressing the Consensus Audit Guidelines (CAG) with the Symantec Risk Automation Suite (RAS) White Paper: Consensus Audit Guidelines and Symantec RAS Addressing the Consensus Audit Guidelines (CAG) with
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationEFFECTIVE VULNERABILITY SCANNING DEMYSTIFYING SCANNER OUTPUT DATA
EFFECTIVE VULNERABILITY SCANNING DEMYSTIFYING SCANNER OUTPUT DATA Paul R. Lazarr, CISSP, CISA, CIPP, CRISK Sr. Managing Consultant, IBM Cybersecurity and Biometrics January 21, 2016 PERSONAL BACKGROUND
More informationPREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK
MAXIMIZE PERFORMANCE AND REDUCE RISK 1 BROCHURE COMPLEXITIES IN MISSION CRITICAL SYSTEMS CONTINUE TO INCREASE Mission critical communications systems have become increasingly complex as more features and
More informationIBM Rational AppScan: Application security and risk management
IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationBladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture
BladeLogic Software-as-a- Service (SaaS) Solution Help reduce operating cost, improve security compliance, strengthen cybersecurity posture February 20, 2014 Contents The Configuration Security Compliance
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationPCI DSS READINESS AND RESPONSE
PCI DSS READINESS AND RESPONSE EMC Consulting Services offers a lifecycle approach to holistic, proactive PCI program management ESSENTIALS Partner with EMC Consulting for your PCI program management and
More informationNessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)
Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Perimeter Service... 3 Subscription and Activation... 3 Multi Scanner Support...
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationRisk Management Framework (RMF): The Future of DoD Cyber Security is Here
Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Authors: Rebecca Onuskanich William Peterson 3300 N Fairfax Drive, Suite 308 Arlington, VA 22201 Phone: 571-481-9300 Fax: 202-315-3003
More informationGuideline on Vulnerability and Patch Management
CMSGu2014-03 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Vulnerability and Patch Management National Computer Board
More informationWorldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares
EXCERPT Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares IN THIS EXCERPT Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationManaging Business Risk
Managing Business Risk With Assurance Report Cards April 7, 2015 Table of Contents Introduction... 3 Cybersecurity is a Business Issue... 3 Standards, Control Objectives and Controls... 5 Standards and
More informationAccelerate your mission with GTSI Integration Services
Accelerate your mission with GTSI Integration Services GTSI delivers deep technical expertise and integrates advanced computer and networking technologies. Organizations requiring technology integration
More informationCorporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.
Corporate Overview MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.com IS&P Practice Areas Core Competencies Clients & Services
More informationSITUATIONAL AWARENESS MITIGATE CYBERTHREATS
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
More informationIBM Internet Security Systems October 2007. FISMA Compliance A Holistic Approach to FISMA and Information Security
IBM Internet Security Systems October 2007 FISMA Compliance A Holistic Approach to FISMA and Information Security Page 1 Contents 1 Executive Summary 1 FISMA Overview 3 Agency Challenges 4 The IBM ISS
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationFlorida Department of Management Services Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services RFI
Florida Department of Management Services Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services RFI August 25, 2015 Re: Cyber-Security Assessment, Remediation,
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationNetwork Management and Defense Telos offers a full range of managed services for:
Network Management and Defense Telos offers a full range of managed services for: Network Management Operations Defense Cybersecurity and Information Assurance Software and Application Assurance Telos:
More informationTenzing Security Services and Best Practices
Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationIntegrated Threat & Security Management.
Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate
More informationPCI DSS Reporting WHITEPAPER
WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
More informationSYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.
SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationAlcatel-Lucent Services
SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationTOP 10 Security Questions Introduction Breaches and other privacy and security incidents in healthcare are on the rise due to the vast size of the industry and the oneoffs of protected health information
More information8 Key Requirements of an IT Governance, Risk and Compliance Solution
8 Key Requirements of an IT Governance, Risk and Compliance Solution White Paper: IT Compliance 8 Key Requirements of an IT Governance, Risk and Compliance Solution Contents Introduction............................................................................................
More information