Welcome to the NCCoE

Transcription

1 1 Welcome to the NCCoE Utilities Telecom Council February 2013! NCCoE! Strategic Plan! Foundations! Partnership! Goals! Business Model! 1!

2 Strategic Plan! Welcome February 2013!!"#$%&'($)*#+*,-.$/0$ 1#/2,3$4.$5"0/3,00$ 6.4,#0,7"#/*.$8,,90$ :;+<$'$!"#$%&'(!")*+*),(-./'"0'*1"%2.(!"#$%$"&$#"%'"()*"%+,"-*%./+/%/0.%.-1-+/#% -02*/'+*)(+)*"%34%"5)-$$-01%+,"6%7-+,%$*/(8(/#% 7/4'%+&%-6$#"6"0+%(&'+9":"(8;"<%*"$"/+/3#"<% /0.%'(/#/3#"%(43"*'"()*-+4%'&#)8&0'% =/0/;3$ 3&$)4*'(-./'"0'*1"%2.( =%'"()*"%(43"*%-02*/'+*)(+)*"%+,/+%-0'$-*"'% +"(,0&#&1-(/#%-00&;/8&0%/0.%2&'+"*'% "(&0&6-(%1*&7+,% % :;+<$%$ 54*"')0'(6)2'(#7(3&#8+#4( >0/3#"%(&6$/0-"'%+&%*/$-.#4%/.&$+% (&66"*(-/##4%/;/-#/3#"%(43"*'"()*-+4% +"(,0&#&1-"'%34%*".)(-01%+,"-*%+&+/#%(&'+%&2% &70"*',-$%% >/00/;3$ 3**','")2'(3&#8+#4(#7(9'*1"'(:'*;4#,#<%'0(?&##/3&*/+"%7-+,%-00&;/+&*'%+&%$*&;-."%%*"/#9 7&*#.%(43"*'"()*-+4%(/$/3-#-8"'%+,/+%/..*"''% 3)'-0"''%0"".'% :;+<$($ 3**','")2'(=>'*+$'(544#$)+#4( >6$&7"*%-00&;/+&*'%+&%(*"/8;"#4%/..*"''% 3)'-0"''"'@%6&'+%$*"''-01%(43"*'"()*-+4% (,/##"01"'%-0%/%'+/+"9&29+,"9/*+%(&##/3&*/8;"% "0;-*&06"0+% NCCoE! Strategic Plan! Foundations! Partnership! Goals! Business Model! 2!

3 Foundations! Welcome February 2013!!"#$%&#'%!"#$%&&'($)*$+,-.$'/$."#$%01!$02/'-3,4'2$!#5"2'6'78$9,:'-,.'-8$,2;$'+#-,.#*$)2$56'*#$ 5'66,:'-,4'2$<)."$."#$&'3+=.#-$1#5=-).8$ 5#2.#-$",*$,55#**$.'$,$/'=2;,4'2$'/$ (*.,:6)*"#;$)2$DEFD$."-'=7"$,$+,-.2#-*")+$ :#.<##2$%01!B$."#$1.,.#$'/$G,-86,2;$,2;$ G'2.7'3#-8$&'=2.8B$."#$%&&'($)*$ &#'%$/234/+%5-)6-*./01% &-8+.'7-,+"8$ 0;#24.8$G,2,7#3#2.$ I#8$G,2,7#3#2.$ J)*K$G,2,7#3#2.$ 1#5=-#$L)-.=,6)M,4'2$ 1'N<,-#$A**=-,25#$ 1#5=-).8$A=.'3,4'2$ 1#5=-).8$/'-$&6'=;$,2;$G':)6).8$!-=*.#;$J''.*$'/$O,-;<,-#$ L=62#-,:)6).8$G,2,7#3#2.$ 1#5=-#$%#.<'-K)27$ P*,:)6).8$,2;$1#5=-).8$ NCCoE! Strategic Plan! Foundations! Partnership! Goals! Business Model! 3!

4 Partnership with NCCoE Stakeholders! Welcome February 2013! J5$*&' K+"#&' MN!'!""#$% "&'(#)*+'% C&)5%+1+BA' D.,*%&,#' 6//$0+%.1' <I&)$.1$#*#' C&)5%+1+BA' I.,*%&,#'?%/"#*,A'I.,*%&,#' 6)./&4$.' 7+8&,%4&%*'!"#$%&##'('#&)*+,'+-'-+)"#'!"#$%&##'('.//$0+%.1'#&)*+,#'*+' 2&%&3*'-,+4'*5&'#+1"0+%' 6)./&4$.' 7+8&,%4&%*'9:&/&,.1;'<*.*&;' )+44"%$*A' <A#*&4#'$%*&B,.*+,#'' ' <*.*&'+-' N.,A1.%/' NCCoE! Strategic Plan! Foundations! Partnership! Goals! Business Model! 4!

5 Partnership Benefits to Stakeholders! Welcome February 2013!!!!"#$%&'()*+,(*,-$%./$0*%12($"*30*%(*4(3,$&0&$5(&)6',2'&+,.7)(2*5+0*%2(78$7($,'(+2$65'9(,'3'$7$65'($%"(2'&+,'(!!!&&'22(.%7'-,$7'"(&)6',2'&+,.7)(2*5+0*%2(78$7(:$7&8()*+,(.%"+27,)12(23'&.;&(6+2.%'22(%''"2(!! <'5)(*%(&)6',2'&+,.7)(2*5+0*%2(78$7($,'(6+.57(*%(&*::',&.$55)($#$.5$65'(7'&8%*5*-.'2(!! =%&,'$2'()*+,(*,-$%./$0*%12($6.5.7)(7*(.%%*#$7'(6)(6,."-.%-(7'&8%*5*-)(-$32(!! B''3'%()*+,(*,-$%./$0*%12(+%"',27$%".%-(*4(&)6',2'&+,.7)(&$3$6.5.0'29(,'5'#$%7(&*272($%"(.%7'-,$0*%($%"($"*30*%(:'78*"2(!! NCCoE! NCCoE! Agenda!! Strategic Plan!! Foundations! Partnership! Goals! Business Model! 5!

6 Engagement and Business Model! Welcome February 2013! "#$%#!&!'()*+,-.#! A"*2-+("$36"$B)*+'"**$?-.(#"/$!"##$%"&'"%$()*+'"**$,-.(#"/$ 0'%$,-.1"23$%"*2-+,4.'$(-.0%#5$ 0'%$-"&'"$36"/$36-.)76$ *,"2+&2$)*"$20*"*$ /(0-%12#!&!3%0-0#!?0-3'"-$9+36$=''.<03.-*$$ 8.##0(.-03"$9+36$,0-3'"-*$:-./$ +'%)*3-5;$7.<"-'/"'3;$ 020%"/+0;$0'%$36"$=>$ 2.//)'+35$$ 456,#5#%.!&!7#8.! 0'%$*"2)-"$*.#)4.'$3603$ 0%%-"**"*$36"$()*+'"**$,-.(#"/$ +/,#"/"'3$0'%$"0*+#5$0%.,3$36"$ *"2)-"$*.#)4.'! NCCoE! Strategic Plan! Foundations! Partnership! Goals! Business Model! 6!

7 Engagement and Business Model! Welcome February 2013! Action! Outputs! Action! Outputs! Action! Outputs! Describe/ID Business Problem! Create Market Research! Vet Project & Use Case Descriptions! Describe + Articulate! Business Problem! Draft Problem Statement! Draft Project Description! Draft Use Cases! Stakeholder List! Threat Landscape! Industry Standards and Guidelines! Regulatory Requirements! Preliminary Metrics! Final Problem Statement and Project Description! Use Case requirements! Product Category(s) and security requirements! Publish Project/Use Cases and Solicit Responses! Select Partners and Collaborators! Sign CRADA! Organize + Engage! Partners and Collaborators! Process for Participation! Letter of Interest! Business Processes! Priority Responses! Stakeholder Analysis! Feasibility and Interoperability Analysis! Initial List of Collaborators! Signed CRADAs! Execution Plan with Roles and Responsibilities! Build Solution! Test Solution! Identify " Solution Gaps! Implement + Test! Solution Build! Use Case Validation! Technical Architecture! Building Block Interfaces! Integration Source Code! Test Harness! Security Interoperability! Security Standards Conformance! Final Metrics! Requirement Gaps! Technology Gaps! Standards and Guidelines Gaps! Mitigation Plan! ROI Business Case! Action! Collect Solution Documents! Tech Transfer! Document Lessons Learned and Archive! Transfer + Learn! Solution Adoption! Outputs! Problem + Use Case! Architecture! Reqts + Specs! Source Code! Test Environment! Lab notebooks and decision memos! Demonstrations! Interactive Media! User Guides! Templates! Blueprints! Toolkits! How Tos! Project Archive! Internal and External Lessons Learned! Recommended Practices! Lessons + Practices! Outcome! Outcome! Outcome! Outcome! Well defined business problem and project description broadly and refine them through specific use cases! Collaborate with partners from industry, government, academia, and the IT community to design one (or more) solutions! Practical, usable, repeatable, and secure solution that addresses the business problem! Set of all material necessary to implement and easily adopt the secure solution! NCCoE! NCCoE! Agenda!! Strategic Plan!! Foundations! Partnership! Goals! Business Model! 7!

8 Inventory of Montgomery County Cyber Security Companies Note: This list does not capture all cyber companies in the County as relevant NAICS codes have not yet been developed Provided by Montgomery County DED Client Name Cyber Security Activities Web Site Address Abacus Technologies Corporation Enterprise security and privacy ustech.com/ 3T Technologies International, Inc. (3TI) A&T Systems, Inc. Advanced Digital Forensic Abacus Technology delivers enterprise security and privacy. Their Information Assurance and Privacy Group identifies threats and vulnerabilities, and then designs a security and privacy architecture around clients' enterprise mission, goals, and values. 3TI supports its clients in the information technology security assessments. At the appropriate time prior to Implementation, the Technical Specialists most experienced in information security planning will develop system security plans, risk assessments, risk mitigation activities, contingency plans, and security test and evaluation requirements. These products will be compiled into a system certification package called Certification and Accreditation (C&A) that will be provided to the Information System Security Manager. A&T provides telecom infrastructure installation and upgrades, including secure networks/network monitoring and management. A&T's Health IT services include HIPAA security requirements. Additionally, their operations and maintenance includes security monitoring and management. ADF Solutions is the market leader in media exploitation and cyber forensic triage tools used for scanning computers and peripheral devices. Leveraging an innovative approach, these easy-to-use tools rapidly extract actionable intelligence to help identify and capture suspects who are a threat to public safety or national security, and accelerate prosecution of criminals. These proven tools are actively used by field operatives in defense, intelligence, law enforcement, border security, and other government agencies worldwide. Information technology security assessments Telecom infrastructure installation and upgrades, security monitoring, and management Media exploitation and cyber forensic triage tools m/ m/ utions.com/ 5454 Wisconsin Avenue, Suite 1100 Chevy Chase, MD Tech Road, Suite 100 Silver Spring, MD Woodmont Avenue, Suite 260 Bethesda, MD 20814

9 Aerstone Cyber security protection, digital forensics, incident response in the federal, financial services, legal, and healthcare markets Cyber security protection, digital forensics, incident response in the federal, financial services, legal, and healthcare markets om/ Nebel Street Rockville, MD Alion Science and Technologly Corp. Allied Technology Group, Inc. Arxan Technologies Alion designs, develops and integrates enterprise information systems to provide a reliable, secure and useful computing environment. Allied Technology Security Solutions help federal agencies protect their critical data and systems and comply with government security requirements. Their solutions address both internal and external threats whether intentional or unintentional. Allied offers a full range of security services from policy, training, and program development to deployment of secure systems. Allied builds systems that identify, isolate, and eliminate threats before they harm agency assets. Allied Technology has provided technology and security solutions worldwide. Arxan protects desktop, server and mobile and embedded software applications from attack. Particularly when apps are distributed and reside in untrusted environments, they are subject to attacks which seek to discover and exploit business and security protocols for any number of reasons, including unauthorized access, piracy, tampering, malicious code injection and intellectual property (IP) theft. Arxan hardens code and protects keys to maintain the integrity of one's apps and business models. And they do so within the code, so the protections go where one's applications go, and defend one's apps in real-time as they run. Develops and integrates enterprise information systems Policy, training, and program development to deployment of secure systems Protects desktop, server and mobile and embedded software applications cience.com/ ech.com/ Prosperity Drive, Suite 360 Silver Spring, MD Research Blvd, Suite Rockledge Drive, Suite 910 Bethesda, MD 20817

10 Aster Engineering, Inc. Aster Engineering examines technology solutions from various angles, including: security audits, performance/scalability audits, maintainability/total cost of ownership, and general usability. Their information assurance and security services include: Security Architecture Design, Product Selection and Integration, Critical Infrastructure Protection, Firewall Installation and Administration, Policies, Plans and Procedures, Risk and Vulnerability Assessments, Intrusion Detection and Penetration Testing, Anti-Virus Protection, Business Continuity of Operations, Certification and Accreditation, and Disaster Recovery Planning. Information assurance and security services engineering.com / 8403 Colesville Road, Suite 635 Silver Spring, MD Attronica Computers, Inc. BAE Systems Support Solutions Banyan Technology Solutions, Inc. Attronica s IT Security Lite Assessment provides careful scrutiny of an organization s documented, existing IT architecture/ component implementation status, which can identify vulnerabilities, allowing resources to stretch farther. The IT Security Lite Assessment is a consultative review, scaled to the size of one's IT structure, with often only one day on-site or with an organization s IT staff to verify information as necessary. BAE works with government and commercial clients to collect and manage information to provide intelligence, maintain security, manage risk and strengthen resilience. Worldwide estimates put the cost of cyber crime at a staggering $1 trillion annually. BAE works with its clients to manage risk by providing mission-critical cyber security solutions, information technology, intelligence and analytical tools, and support solutions. Banyan uses advanced technology solutions to improve information access, increase operational efficiencies, and reduce costs for its government customers. Banyan has expertise in information assurance including application and network security. IT Security assessment Provide intelligence, maintain security, manage risk and strengthen resilience Information assurance ica.com/ Gaither Drive Gaithersburg, MD Gaither Road Research Blvdd, Suite 320

11 Booz Allen Hamilton, Inc. Booz Allen's cyber security approach integrates cyber Cyber security technology with policy, operations, people and management solutions providing organizations with robust cybersecurity solutions, and enabling them to confidently pursue the opportunities offered by the digital revolution. Booz Allen's cybersecurity technology experts help organizations evaluate and prioritize emerging technologies, build secure cyber architectures, and develop and implement effective standards to ensure interoperability, integration, and innovation. Booz Allen's cyber professionals have unparalleled expertise in cyber assurance, engineering, solutions, IT management and mission assurance. CA Technologies Security solutions from CA Technologies enable and protect businesses, while leveraging key technologies such as cloud, mobile, and virtualization - securely - to provide the agility that businesses need to respond quickly to market and competitive events. CA can help enhance the security of information systems so that businesses can improve customer loyalty and growth. CA's "Value Roadmaps" help enable businesses while protecting critical applications and data. Caelum Research Corporation Catapult Technology, Ltd Security solutions for businesses (information systems security) allen.com/ IT security. IT security m.com/ Catapult's Security & Information Assurance Services manage information-related threats to keep unauthorized individuals whether internal or external from compromising company data. Services include: Certification & Accreditation, Disaster Recovery (DR) & Continuity of Operations (COOP), Enterprise Security Management (ESM), Firewall Administration, Incident Response, Network Security, Risk Analysis and Assessment, and Security Operations Center (SOC). IT security One Preserve Parkway, Suite 200 Rockville, MD Brewer House Rd ulttechnology.co m/ 1700 Research Blvd, Suite Old Georgetown Road, Suite 1100 Bethesda, MD 20814

12 Client Network Services Inc CNSI has built security into the Web solution development life Web solutions cycle, implementing a variety of single sign-on technologies to (security), fraud and provide better control of authentication and authorization abuse processes. Furthermore, CNSI solutions for fraud and abuse prevention prevention help agencies manage claim adjudication efficiencies to reduce and recover costs and wasteful spending - whether proactively by flagging patterns based on probability to suspend payment before it is made, or detecting errors after payment to help identify what needs to be recovered and from who Gaither Drive Rockville, MD Communication s Supply Corporation CSC's Secure(it) program is focused on providing innovative network infrastructure and physical security products and solutions for information assurance and network security. Secure(it) is closely aligned with the Department of Defense s Defense-in-Depth strategy with increased focus on network security and Information Assurance across the commercial and government IT communities. By combining physical security and network infrastructure products, Secure(it) provides a cohesive and layered approach to network security. Information assurance and network security Gateway Center Dr. Clarksburg, MD Comtech Mobile Datacom Corporation Corporate Network Services, Inc. CMDC is a leading worldwide provider of secure, satellite-enhanced on-the-move (OTM) tracking, messaging solutions, and network services to Military, Government, and Commercial customers. The CMDC mobile satellite network provides the ultimate in security and reliability to customers around the world. The CMDC network offers customers optimum reliability, security and unequalled value of any mobile satcom tracking and message service. Furthermore, CMDC employs end to end data and header encryption to protect customer information, and can perform over the air encryption re-keying at the customer s request. A Corporate Network Services team installs the meat of a company's network, such as business-critical systems and applications that keep a business running. Applications include: Network security and anti-virus software. OTM tracking, messaging echmobile.com/ solutions, and network services to military, government, and commercial customers Network security and anti-virus software tser.com/ Century Boulevard Germantown, MD Fisher Avenue Poolesville, MD 20837

13 CyVision Dataprise Inc. CyVision is dedicated to combating cyber terrorism and helping government and private enterprise improve their security posture. CyVision s partnership with GMU s Center for Secure Information Systems (CSIS) is a core element of the company s leadership position in enhanced cyber analytics. CyVision addresses the most pressing issues in cyber security: the need to recognize real threats, understand their potential impact on missions, and respond quickly and accurately for minimizing the impact. Solutions include: Topological Vulnerability Analysis, Modeling for Change Management, Defense in Depth, Optimizing Mitigation Strategies, and Mission Impact Analysis. Dataprise Inc. puts a comprehensive security plan in place and recommends the right technology tools and services to safeguard one's network. IT Security Consulting: from firewall installation to intrusion detection services. Dataprise Network Security Assessment: sophisticated on-site analysis of network s vulnerability to hackers, viruses and other threats. The report will include findings on any discovered security vulnerabilities, risks and implications, and recommendations for technical solutions, specific software, tools and implementation steps. Virtual Private Network (VPN): security experts will create and install secure-access Internet and network connections for branch offices, traveling staff and telecommuters. Firewall Installation: install and configure a secure SonicWALL or Cisco firewall to create a secure barrier between an organization s network and the Internet. Cyber terrorism and government and private enterprise security posturing IT security consulting, network security assessment, Virtual Private Network (VPN), firewall installation hnologies.com/ rise.com/ 8619 Irvington Ave Bethesda, MD Rockville Pike, Suite 208 Rockville, MD 20852

14 DC Information Systems, Inc. DCIS offers certification and accreditation, system development life cycle management, and program management support. DCIS services include: management control services, risk management, system development life cycle, security program plan implementation, security self assessments: FISMA, FISCAM and COBiT, operational control services, personnel security, service continuity, IT security training, hardware and software maintenance, documentation controls, physical security controls, incident response capability, physical access controls technical controls services, identification and authentication, logical access controls, and audit trail controls. System development life cycle management and program management support Georgia Avenue, Suite 410 Silver Spring, MD Digital Infuzion, Inc. Digital Management, Inc. Digital Infuzion designs and implements enterprise-wide Enterprise-wide security solutions with a comprehensive goal in mind: to security solutions protect against the loss, misuse, and/or unauthorized modification of critical information. Services include: Comprehensive Information Security, Security Certification and Accreditation, Adverse Event Reporting and Disaster Recovery, Security Policy Development, and Training and Technical Support. Digital Management offers comprehensive services and solutions to measurably improve situational awareness and security posture. Their expertise encompasses: risk and security assessments, managed security operations with 24x7 continuous monitoring, compliance and C&A transition, critical security controls design and implementation, awareness and education, penetration testing and measurement, software security assurance, intrusion forensics, situational awareness solutions, trusted computing solutions, and IPv6 transition services. Improve situational awareness and security posture infuzion.com/ / 656 Quince Orchard Rd, Suite 300 Gaithersburg, MD Democracy Blvd, Suite 500 Bethesda, MD 20817

15 DRS Defense Solutions Headquarters Cyber security products include: Diamondback Guard (Cross Cyber security Domain Solution (CDS)), Diamondback Guard Plus (significant upgrades to CDS), Python Guard Tactical Cross Domain Solution (TCDS), and the Secure Core Module (SCM) which delivers an embeddable, high security, high performance System-on-Module. om/ 530 Gaither Road, Suite 900 DRS Signal Solutions Inc DRS Technical Services Inc. (TSI) is a recognized leader in full lifecycle telecommunication systems and delivers world-class communication solutions with a global reach. DRS TSI provides secure, persistent, and mission-assured global communications with unmatched reliability and support. Services include: Cyber-Security and Information Assurance Integration. Cyber security and information assurance integration om/ 700 Quince Orchard Road Gaithersburg, MD EADS Supply and Services EADS North America and its subsidiaries provide state-of-the-art solutions that meet the most demanding homeland security requirements from the rapid detection of explosives, chemicals, drugs and special nuclear materials to cyber threat training and secure radio networks. Homeland security solutions (including cyber security) northamerica.co m/ 1 Church Street, Suite 403 EMC Corporation- Rockville EMC's services provide a comprehensive approach to information protection by combining next generation backup technology with an unmatched portfolio of professional service offerings. Security services include: custom application development; enterprise governance, risk, and compliance; fraud mitigation and identity assurance; infrastructure and operations security; security standards and compliance; and virtualization and private cloud security. Information protection om/ 2600 Towers Oak Blvd Rockville, MD 20852

16 Energy Enterprise Solutions LLC Epok FCN Technology Solutions EES highly rated Cyber Security Operations help keep customers ahead of global security threats and in compliance with the Federal Information Security Management Act (FISMA) and NIST cyber security standards and guidelines (Special Publication 800 series). EES provides the analysis, policies, methods, and technologies for securing agency information against unauthorized access, manipulation, and service disruption. Urgent priorities are protected with: network security operations, cyber policy support, Federal Information Security Management Act (FISMA) support, Homeland Security Presidential Directive 12 (HSPD-12) support, risk and vulnerability assessments, computer forensics support, Certification and Accreditation (C&A), Disaster Recovery (DR) and contingency planning, Continuity of Operations Planning (COOP) and testing, Public Key Infrastructure (PKI), intrusion detection support, Virtual Private Networks (VPN), and Trusted Internet Connections (TIC). Epok has developed the industry s leading SharePoint extranet solution, with expert architects to design the correct network environment; security mechanisms, application and database architecture; workflow systems; user access management and system integration approach required to meet business, technical, and security needs. Epok projects, based on strong architecture foundation, will include a security infrastructure appropriate to the solution that aligns with corporate policy. Provides network security solutions. Cyber security operations to protect against global security threats (in compliance with FISMA & NIST) SharePoint extranet solution; security infrastructure Network security solutions net/ om/ Century Boulevard, Suite 150 Germantown, MD East West Highway, Suite 300 Bethesda, MD Wilkins Avenue Rockville, MD Federal IT Consultants (FEDITC) Security services include: network security and administration; and federal information security application. Network security and administration, federal information security application com/ 1700 Rockville Pike, Suite 400 Rockville, MD 20852

17 Fedstore Corporation Fedstore offers a wide range of both information and physical security products and services to large and small customers. These solutions protect data and critical internal assets, and safeguard remote users, customers and partners from malicious attacks. FedStore maintains key relationships with leading information and physical security manufacturers to provide products and services that address security management, anti-virus, intrusion detection and prevention, hacking and electronic theft attempts. Fedstore's network security solutions are designed to cost-effectively protect customer's assets against both internal and external threats. Security management, antivirus, intrusion detection and prevention, hacking and electronic theft ore.com/ 1 Research Court, Suite 450 Fidelis Security Systems, Inc. Fidelis XPS mitigates and prevents the risks of modern advanced and persistent threats, with real-time session-level visibility, analysis, and control for bi-directional communications. By examining all network traffic--at protocol, application, user and content level--either independently or together for context, Fidelis XPS robust controls enhance the network security architecture, allowing for: higher probability of detecting advanced threats with multi-dimensional visibility over the entire life cycle of the threat; faster and more efficient incident response with tightly integrated discovery, investigation, and remediation capabilities; and quick, easy setup and deployment. Bi-directional communications; network security security.com/ 4416 East West Highway, Suite 310 Bethesda, MD GMV Space Systems, Inc. GMV is qualified to cover the complete Information Security life-cycle in projects for large corporations: Information Security Auditing and Planning, Implementation of Information Security Management Systems, Platforms and Services Security, Security Systems Integration, and Digital Identity and Security Operations Center. GMV's Information Security Unit draws on the synergy connecting its technological divisions to prevent potential problems and to offer security solutions that cover all risk that each institution may face. Information security life-cycle om/en/ 2400 Research Boulevard, Suite 400

18 Hewlett Packard HP connects the science and technology of cybersecurity with practical services, products, and solutions. HP's comprehensive and integrated approach to cyber security: enables agility in command and control, provides end-to-end situational awareness, and helps one stay ahead of their adversaries. HP provides a continuum of services to meet the IT security needs of its public sector clients whether they want help in designing, implementing, or maintaining their own security environment; in out-tasking certain security management functions; or in full outsourcing of their IT environment. HP's focus on service excellence has enabled them to serve government clients and critical infrastructure industries with high security demands around the world. Integrated approach to cyber security; IT security for public sector m/ 6600 Rockledge Drive Bethesda, MD Infozen, Inc. International Business Machines (IBM) InfoZen's solutions are at the forefront of the automated screening and risk assessment of millions of people to protect critical infrastructure and support national security. InfoZen has been engaged by federal customers on pressing initiatives of national importance including: solving global counterterrorism through automated global platforms and case management solutions; enabling national and local law enforcement through biographic and biometric fusion solutions; and supporting fraud detection in the healthcare sector through advanced technologies and predictive models. IBM Data Security Services can help one cost-effectively identify and protect their organization's critical data from internal and external threats, providing both consulting services to establish data protection strategy and implementation / integration services of market-leading data loss prevention and encryption technologies to provide the optimal level of control. IBM Infrastructure Security Services provide IT and network security solutions to protect endpoints, applications, systems and networks. IBM's services leverage the latest vulnerability and threat intelligence from the IBM X- FORCE research and development team. And with a suite of services, IBM can deliver an end-to-end solution, from hardware to software to services. Protect critical infrastructure and support national security Protection from internal and external threats; IT and network security solutions n.com/ om/us/en/ 9420 Key West Avenue, Suite Rockledge Drive Bethesda, MD 20817

19 Ipx International Systems, Inc. IPX solutions strengthen data security. By centralizing the core software systems at bank headquarters and transmitting only screen pixels, keystrokes and mouse movements over the wire, no application data leaves the data center. All communications take place via an encrypted channel. The ability to centrally deliver software instead of installing it locally also ensures that PCs located at the branches are less vulnerable to IT threats such as viruses and illegal use of applications. Data security com/ 6213 Executive Boulevard Rockville, MD JackBe Corporation KoolSpan JackBe's Presto Real-Time Operational Intelligence solution, Presto, gives analysts access to live, secure information from authoritative sources to deliver a unified view of their operating environment, incorporating sources such as network and information security, all-source intelligence, COTS and GOTS ERP, and command and control systems. In the US Department of Defense, Presto applications currently provide capabilities for situational awareness, operational and mission readiness, real-time intelligence views, Common Operating Pictures (COP), and on-demand dashboards. KoolSpan, Inc. provides simple secure connectivity solutions that seamlessly unite mission-critical network devices. The KoolSpan TrustChip simply and intuitively transforms a standard smartphone, or any computing device, into a secure communication device. The Kool Span TrustChip delivers a full suite of security services including key management, authentication and encryption. These capabilities are leveraged by application developers and OEMs via the TrustChip Developer Kit. KoolSpan s high-performance TrustChip is insulated from threats that can reside in open platform and mobile host devices. This uniquely additive security processor provides a hardware-anchor to secure voice and other applications which harness the TrustChip s power. Provide analysts secure information in e.com/ delivering a comprehensive view of their operating environment; US DoD security solutions Simple, secure connectivity solutions for mission critical network devices through TrustChip pan.com/ 4600 North Park Avenue, Suite 200 Chevy Chase, MD Fairmont Ave, 2nd Floor Bethesda, MD 20814

20 Lockheed Martin-Lockheed Martin's cyber security products include: Information Systems & Global Services (IS&GS) Longview International Technology Solutions, Inc. Department of Defense Cyber Crime Center (world's largest accredited digital forensics lab), Geospatial Intelligence, Intelligence Systems and Services, Palisade - Cyber Security Operations Solution, and Trusted Manager (TMAN - Accredited by both the Defense Intelligence Agency and the National Security Agency, Lockheed Martin's TMAN fosters secure data sharing by bridging the gaps between information assets of dissimilar classification or ownership). Lockheed is also home to the NexGen Center (world-class center designed for cyber research and development, customer and partner collaboration, and innovation), Wireless Cyber Security Laboratory (one of only a handful of technology labs capable of testing wireless communications systems in a classified environment), and the Security Intelligence Center for Network Defense (enterprise security center which serves as the company s detection, identification, and response center for all security incidents). Cyber security products; cyber research and development; wireless communications systems; enterprise security center Services: Secure Electronic Medical Records System Secure systems (secure web-based platform designed to transition medical practices and healthcare organizations from managing hard copy paper records to an electronic medical records system), Secure Coding and Auditing Task Management System (webbased application that provides an on-site or remote coding and auditing platform), Secure Electronic Document Management System (web-based, electronic document management solution that works in concert with virtually any IT system, allowing quick, seamless integration), and Secure Web Enabled Archive Retrieval (secure web-based, repository that provides global access via a web browser for the storage, management, retrieval, and delivery of virtually any document) North Frederick Ave eedmartin.com/u Gaithersburg, MD s/isgs.html ew-inc.com/ Rockville Pike North Bethesda, MD LORE Systems Lore provides complete management of IT and telecommunications infrastructures including: IT staff augmentation for network support, help desk & technical support, network security and security penetration testing. Network security and security penetration testing et/ 801 Roeder Road, Suite 425 Silver Spring, MD 20910

21 National Geospatial- Intelligence Agency (Part of DoD) NGA supports multiple mission areas, including military and intelligence operations, intelligence analysis, homeland defense, and humanitarian and disaster relief. Furthermore, they focus on DNI and USD(I) priorities, including counterterrorism, counterproliferation, cyber, anti-access/area denial, and global coverage. Military and intelligence operations, intelligence analysis, homeland defense, humanitarian and disaster relief, counterterrorism, counterproliferation, cyber security Sangamore Road a.mil/pages/defa Bethesda, MD ult.aspx National Institute of Standards and Technology (NIST)- Headquarters Advancing the state-of-the-art in IT in such applications as cyber security and biometrics, NIST accelerates the development and deployment of systems that are reliable, usable, interoperable, and secure; advances measurement science through innovations in mathematics, statistics, and computer science; and conducts research to develop the measurements and standards infrastructure for emerging information technologies and applications. Cyber security, biometrics, measurement science, research (emerging information technologies and applications) ov/ 100 Bureau Drive, Suite 2200 Gaithersburg, MD Opnet Technologies, Inc. Cybersecurity Services enable planning, analysis, and performance optimization of critical IT infrastructure and mission-critical enterprise services to ensure network health, integrity, and security. Capabilities include: Cleared staff for National Security and Intelligence Community consulting, Cyber effects modeling and simulation for Computer Network Attack and Defense (CNA and CND) scenario analysis, Network security configuration audits and change validation, Application performance impact analysis of cyber attacks, Security rule development for network configuration audits, and Situational awareness and pre-planned course of action studies. Planning analysis and performance optimization of critical IT infrastructure of networks Woodmont Avenue Bethesda, MD 20814

22 Sonatype, Inc. Sra International Inc Sonatype analyzes the composition of company applications and identifies security vulnerabilities or unwanted license types. Sonatype also helps improve company processes to catch issues earlier in the process and avoid costly rework. Sonatype performs a thorough component review that includes: An assessment of overall component usage; License, version, and security details for all open source components; A scorecard highlighting potential risk areas; and Technical and business recommendations for follow-on actions. SRA offers a comprehensive range of services from digital forensic analysis and security architecture development to cyber security operations center management and design. Service offerings include: Technical Security Architectural Design and Development, Computer Network Operations Support, Information Operations Test Range, Red Team / Blue Team Operations, Software Reverse Engineering (Malcode), Computer Forensics and Digital Media Analysis, Security Assessments (Security Testing and Evaluation), Full-Scale Information Assurance Laboratory Support, Security Program Planning and Management Support, Total Human Capital Management of Cyber Workforce, Security Certification and Accreditation, Disaster Recovery and COOP, and Cyber Security Operations Center (CSOC) Management and Design. Identification of security vulnerabilities or unwanted license types Digital forensic analysis, security architecture development, cyber security operations, etc. ype.com/ om/ Prosperity Drive, Suite 350 Silver Spring, MD Executive Boulevard, Suite 400 Rockville, MD Systalex Corporation Terrapin Systems, Inc. Database and application security. Network support services include: network administration (24 x 7 Network monitoring: firewall intrusion, server logs, space allocation, availability) and network engineering (security analysis and patching, web application support, virtual infrastructure management, infrastructure and server installation, monitoring, and maintenance). Database and application security Network support services ex.com/ ys.com/ 1901 Research Boulevard, Suite Seven Locks Road, Suite 300

23 The SANS Institute TISTA Science and Technology Corporation Triumfant, Inc. SANS is the largest source for information security training in the world. Their computer security courses are developed by industry leaders in numerous fields including network security, forensics, audit, security leadership, and application security. In addition to top-notch training, they offer certification via the ANSI accredited GIAC security certification program as well as numerous free security resources including newsletters, whitepapers and webcasts. TISTA provides complete and comprehensive information assurance programs that assess integrated security solutions for physical, technical, operations, personnel, computer and communication security requirements, including disaster recovery assessment. TISTA's services include: systems security architecture development, test and evaluation, certification and accreditation (C&A) support, compliance audits and inspections for client-server or web-based environments. TISTA's work includes review of applicable security disciplines and controls to identify systems requirements and ensure system/data availability, integrity and confidentiality. Cyber Security services include: vulnerability management tools, remediation tools (automated patching), Host Intrusion Protection Systems (HIPS), and applying security checklists (NIST standards, Gold Disk, etc.). Triumfant provides a revolutionary alternative to traditional endpoint security products through one-of-a-kind software that detects and remediates malware without signatures or any other form of prior knowledge. Triumfant continuously monitors endpoint machines and leverages patented analytics to detect, catalog, correlate, analyze and assess changes to those machines to identify and remediate anomalous, exceptional and potentially malicious activity. This unique approach enables Triumfant to see the malicious activity that evades other defense, continuously enforce security configurations and policies, and provide the deepest repository of endpoint state information available. Information security training, certification, free security resources Information assurance programs that assess integrated security solutions org/ ch.com/ Endpoint security products through ant.com/ one-of-a-kind software that detects and remediates malware without signatures or any other form of prior knowledge 8120 Woodmont Avenue, Suite 205 Bethesda, MD King Farm Boulevard, Suite 220

24 URS Corporation URS provides a full life cycle of complex information Information technology technology services services to federal and other public sector customers. With to the federal the recent acquisition of Apptis, Inc., URS' core capabilities and public sector. include secure cloud computing, integrated cyber and Secure cloud Information Assurance (IA) services, network and unified computing communications engineering, software and systems engineering, enterprise management, and program and project management. rp.com/ 900 Clopper Road, Suite 200 Gaithersburg, MD VariQ VariQ provides managing security needs for organizations looking to secure their endpoints, monitor for security threats, or keep information from leaving their network. Services include: endpoint security, antivirus/malware, data loss prevention, cyber threat analysis / monitoring, intrusion detection / prevention, compliance and accreditation, vulnerability / risk assessments, and z/os Mainframe Assessments. Verizon Terremark, a Verizon company, offers a full line of security Communications solutions that can be delivered as managed or professional services. With expertise in governance and security compliance, identity and access management, investigative response, data protection and threat and vulnerability management, they help clients understand, identify, and effectively manage security issues before and after they occur. Managing security needs com/ Twinbrook Parkway, Suite 155 Rockville, MD Security solutions Columbia Pike delivered as managed or professional services n.com/ Silver Spring, MD ViaSat ViaSat offers Cybersecurity and Information Assurance for military networking and encrypted data storage. Cyber security and information assurance Seneca Meadows Parkway Germantown, MD 20876