Don’t Wait Until After You’ve Been Compromised…
We focus on the most overlooked aspect of your company’s operations: “SECURITY”. We are your trusted partner in secure design, configuration, operation, and monitoring of your secure technology solutions where protection of sensitive business information is key to your success. (FISMA | HIPAA & HITECH | PCI )
Our solutions empower CxOs with the knowledge and tools for a balanced approach to securing their enterprise and provided them tactics to achieve a reasonable standard with reduced liability for enterprise cyber security.
Public and Private Sector Experience IIa has 30+ years in the most diverse and secure areas of government including The White House, CIA, NSA and DoD. Our collective track record of successful performance in secure operations environment, including specific cost-reduction, facility optimization, and high-end technology performance & enhancement results at the most senior levels of the United States government and private industry is one of our top competitive strengths.
Strategic Focus We focus on the most overlooked aspect of your company’s operations: “SECURITY”. We are your trusted partner in secure design, configuration, operation, and monitoring of your secure technology solutions where protection of sensitive business information is key to your success. (FISMA | HIPAA & HITECH | PCI )
Balanced Approach Our solutions empower CxOs with the knowledge and tools for a balanced approach to securing their enterprise and provided them tactics to achieve a reasonable standard with reduced liability for enterprise cyber security.
Innovative Approach We embrace a “Crawl, Walk, Run” delivery strategy, recognizing the value of a phased, yet resilient assessment and operational models. It’s impossible to completely eliminate the threat. It is important however to understand the threats, and our commitment to help educate you about the ever evolving threats, their third-order-effects, and help build resilient recovery strategies to minimize down time should you be impacted directly or indirectly by today’s cyber threats. We also recognize you’ve likely not budgeted for the unintended consequences of a data breach and work directly with your leadership team to guide them through the cyber incident response planning process, development of your Cyber Incident Response Team (CIRT), and preparedness training, walking them through hands-on table-top exercises.
InfoSec & Threat Intelligence Core Offerings
Passive Network Assessments We engage new customers through approved Passive Network Assessments (PNAs), which we often offer as a low-cost alternative to penetration testing. Network assessments help evaluate the current state of an organization’s network security in its current environment. Through a methodical, Macro-to-Micro approach, we identify problem areas, misconfigurations, pinholes, vulnerabilities, gaps in their intended technology configuration, resource utilization; as well as evaluating the network’s ability to support the current and future requirements of the organization, identifying potential points of compromise. We work with your IT Staff to become a resource for them.
Penetration Testing & Vulnerability Assessments We assess systems with a combination of open source, commercial, and proprietary tools to identify security vulnerabilities of external-facing systems, internal networks, or both. We perform active-attacks to confirm the existence of vulnerabilities and reduce false positives. We actively exploit vulnerabilities to compromise systems and attempt to expand the attack through privilege escalation and launching attacks on other systems. We target systems at the network and/or application layers, as well as other external access points including modems and wireless LANs. We prioritize vulnerabilities and author detailed reports with specific remediation instructions.
Security Strategy & Governance We will define an enterprise approach for assessing, prioritizing, managing, and monitoring security risks. Achieve senior executive and board awareness and buy-in. Establish a business-driven governance process for the information security program. Help define security risk tolerance posture for the organization and an approach for making cost-benefit decisions with respect to accepting security risk. Define the desired end-state for security and identifying gaps from the current state. Establish short and long-term plans for achieving the end-state.
Security Policy and Procedure Development We will guide you through drafting a suite of security policies, procedures, and standards that are customized to the specific needs and risk posture of the organization. Clarify roles and responsibilities for key security control requirements. Identify mechanisms to demonstrate compliance and measure/report violations.