i-Secure’s program management expertise is targeted at improving its client’s security posture by improving performance in regards to implementation of policy and compliance requirements.  i-Secure works hand-in-hand with its clients to provide:

• Project planning
• Schedule management
• Budget management
• Security documentation management
• System Security Plans
• Contingency Plans
• Risk Assessments
• Security Assessment Reporting
• Policy management
• Government and Commercial regulatory requirements analysis

i-Secure’s Certification & Accreditation (C&A) expertise includes all aspects of the C&A lifecycle based on NIST recommendations.  i-Secure’s personnel are well versed in all aspects of compiling and delivering a complete ready-to-sign C&A package for our client’s Authorizing Official.  We excel at working with System Owners to develop:

• FIPS 199 and e-Authentication worksheets
• System Security Plans
• Contingency Plans
• Applicable Interconnection Security Agreements
• Security Testing and Evaluation (ST&E) Plans
• Security Assessment Reports
• Risk Acceptance Letters for inclusion into an Authorization To Operate memorandum

Further i-Secure works hand-in-hand with its clients to

• Coordinate Contingency Testing scenarios
• Execute ST&E activities
• Interview system personnel
• System documentation review
• Verify system hardening implementation
• Initiate automated vulnerability scans
• Penetration testing
• Vulnerability analysis
• Remediation suggestion
• Manage vulnerability remediation via Plan of Action and Milestone (POA&M) lifecycle
• Perform Annual Self-Assessments

i-Secure’s Enterprise Architecture & Standards expertise includes helping clients design secure and cost-effective systems in a timely manner.  i-Secure’s personnel are experienced in deploying a vast array of systems and applications.  i-Secure’s methodology calls for security to be built into the system design early in the design phases of a project.  i-Secure personnel have extensive experience deploying security devices to monitor the infrastructure, prevent unauthorized access, and alert to suspicious activity.  i-Secure bases any hardening suggestions on that of industry best practice and personal experiences to make sure that our clients assets are protected.

i-Secure’s Threat Assessment & Mitigation expertise involves an in-depth review of our client’s organization which identifies any possible threats to the personnel, infrastructure, data, and other assets.  i-Secure can then equate those threats with any known enterprises risks and provide a detailed cost-effective mitigation strategy to reduce weaknesses which make the enterprise vulnerable.  i-Secure’s techniques for determining threat assessments include:

• Vulnerability scanning of
• Operating System platforms
• Web applications
• Databases
• Network devices
• Verifying system hardening guidelines, policies, and implementations
• Penetration testing
• Incident response testing

i-Secure’s Policy Guidance expertise is aimed at helping our client’s develop and manage their enterprise-wide IT security policy.  Policy guidelines involve developing rules which provide protection of critical assets.  i-Secure’s policy experts are experienced in assisting organizations define security roles and responsibilities.  i-Secure has experience with authoring comprehensive policy statements which provide the foundation for system developers to secure their systems.  i-Secure continues this by offering to manage our client’s policies and procedures to make certain that they meet best practices for securing the enterprise.