Enterprise-Wide Information Assurance and Security

The risk to IT systems is growing daily and the costs to recover from a threat is growing exponentially. Static defenses to protect IT Systems are no longer adequate. Viruses are advancing by the day and raising threat vulnerabilities. The internet is riddled with weakness, which only increases the likelihood of an attack (BGP, DNS, Bodnets, denial of service attacks, etc.) Networks must have the capability to actively intercept and neutralize attackers. Providing the platforms to do this is paramount to protecting our systems and data assets. CCG has the skills, resources, and platforms to do just that. What separates CCG from our competition – both small and large alike – is that CCG remains the only firm with both the expertise to provide a broad spectrum of IA support in conjunction with a proprietary suite of custom IA software. The software and capabilities make the overall process more efficient, timely, and comprehensive. The software allows CCG to span across organization assets in large, heterogeneous environments and provide, create baselines and quickly expose organizational assets and vulnerabilities into CCG’s IA database. This can be used to do associative and discovery analyses, uncovering important relationships, omissions, and vulnerabilities. CCG’s approach includes the analysis of potential threats; countermeasures configured in conjunction with organizational constraints of a client’s physical, information, and software environments with sensitivity to budgetary constraints, tradeoffs, and Return on Investment (ROI.) CCG has an integrated approach that combines its Team of PMI certified Risk Management Professionals (PMP – RMP,) Information, Network, and Infrastructure experts and software to provide a synergistic and holistic approach to IA and Security. Proprietary CCG packages include:

  • Cognoscenti
  • NeTERS
  • CanSecure
  • SMART LogAnalyzer (SLA)
  • Incident Management and Tracking System (IMTS)

CCG’s Information Assurance Approach:

  • Classification and Enumeration of all Enterprise-wide IT Assets*
  • Assessment of Physical and Environmental Security
  • Assessment of Human Resource Security
  • Access Control, Authentication, and Authorization
  • Risk Management and Risk Mitigation Plans, including:
    • Risk Governance – Mapping Organizational / Business Objectives
    • Threat Assessment and Ranking of Vulnerabilities (Opportunities)
    • Compliance (FISMA, FIPS, ISO, etc.)
    • Organizational Tolerance – Tradeoffs, Max Tolerable Downtime
    • Risk – Assessment – Probability and Impact Analyses of Threats
      • Threats (Sources)* Vulnerabilities (Weaknesses)
      • Attack Trees to Detect or Mitigate Vulnerabilities
      • Business Impacts (Quantitative or Qualitative)
    • Countermeasures / Controls (Prevent / Detect / Respond)
      • Technical (Network Firewalls, Logging and Intrusion Detection / Prevention, and/or Endpoint Anti-malware, Firewalls and Access Controls)
      • Administrative (Policies, Standards, and Guidelines; Procedures, Training, Sanctions, and COOP)
      • Physical (Fences, Locks, Guards, Environmental Controls, COOP – Hot/Warm and Cold Sites)
    • Provide best practice recommendations on information security management in concert with ISO and IEC standards
      • Data Confidentiality / Accessibility
      • Data Integrity – Accuracy and Completeness
      • Availability – Where and When Required
    • Map IT Resources with Business Needs
    • Development of Security Plan for:
      • Access Control
      • Physical, Software and Data Assets Management
      • Human Resource Vulnerabilities
      • Acquisition, Development, Maintenance and Operations
    • Incident Management and Tracking Strategies (IMTS)*
    • Security Information and Event Management (SIEM) Associative Aggregation of Heterogeneous Sources (Logs) to Correlate, Alert and Prescribe Solutions (Risk Intelligence Analysis* – Correlation Engine Detects Patterns of Attack Sign
      ature or Anomaly)
    • Business Continuity Management – Safeguarding Business Systems and Processes
    • Gap and Overlap Assessment
    • Service Delivery
  • Cost and ROI – Threats / Mitigation / Implementation / Tradeoffs
  • Compliance Assessment Solutions – Organizational Policies, Standards, Laws and Regulations
  • IA Implementation Strategies
    • Network and Infrastructure Defenses
    • Safeguarding Data
    • Cross Domain Solutions
    • Future Integration with Trusted Platform Modules (TPM)
    • Continuity of Operations Solutions and Disaster Recovery Plans
    • Enhancing information Accessibility
    • Integrated Information Architectures
    • Implementing and Monitoring Risk and Performance Metrics
    • Development of Policy and Guidance Recommendations