Security Assessment
Our Methods
Our security assessment services are based on decades of solid experience in the Federal and Commercial spaces, utilizing our mature processes. Our owners were part of the creation and development of the original NSA Information Assurance Training and Rating Program (IATRP), which broke the assessment process into core areas based on the Software Engineering Capability Maturity Model (SE-CMM). Our assessments are broken out into two distinct halves, programmatic and technical.
Programmatic Assessments
Programmatic assessments take a hard look at the core of your security program; the policies and procedures that define how the program functions. If you’re in a regulated industry, such as the Federal government, Department of Defense, Healthcare, Utilities, Financial, or Educational, it’s important to review the foundation of your security program to ensure those documents are up-to-date, relevant, known, and utilized. Additonally, we’ll help you identify and prioritize your critical information, so you know what needs to be protected, and how many resources should be allocated to each piece of critical information.
Technical Assessments
Technical assessments dig into the network and server components that store, transmit, and process your critical information assets. Whether you’re in research and development, or you’re working in healthcare with thousands of customers’ private information to protect, you’ll need the best, in-depth look at your technology; by people that have experience, not just certifications. Yes, we’ll use state-of-the-art software tools to help automate the discovery of potential vulnerabilities, but we don’t stop there. Our security experts analyze every bit of information we collect, both automatically and manually, to ensure we’re providing you with only the most relevant information for your organization. We pride ourselves on the removal and elimination of false-positives from our customer reports.