Information Assurance and Cyber Security
With the proliferation of vulnerabilities and threats to our data and infrastructure, critical information is potentially at risk. Military and national security, sensitive data, intellectual property, financial assets and IT infrastructure can be compromised by deliberate attacks, inadvertent security lapses, insider threats and system vulnerabilities. Working in partnership with Federal CIOs and CISOs, eGlobalTech’s Information Assurance & Cybersecurity (IA&C) practice helps organizations plan and execute an integrated approach that combines people, process and technology to protect sensitive data, secure priority assets and improve security program performance - without compromising the mission.
Security Program Management
eGlobalTech's expertise in Security Program Management helps to ensure that federal information security programs adhere to formal and established security requirements such as NIST, FISMA, DIACAP and DoDD 8570. We help security become an integral function within the overall program so that assets and data are secured in accordance with these mandates while accomplishing business objectives. eGlobalTech services in the area of Security Program Management include:
- Develop standardized security authorization policies and templates based on federal requirements
- Security Test & Evaluation (ST&E) of implemented security controls
- Assist with continuous monitoring and other security reporting requirements
- Independent Verification and Validation (IV&V)
- Develop and/or review security authorization (C&A) packages for compliance
- Develop Plan of Action & Milestones (POA&Ms)
- Development of security policies and processes for your agency or company
- Provide security authorization training
eGlobalTech's approach to Cyber Operations is to focus on minimizing risk in your daily operations. We know that resources are difficult to come by and that agencies cannot fix every single problem. eGlobalTech addresses this issue by working with agencies to first identify what it is you’re trying to protect, then perform thorough risk and vulnerability assessments that offer recommended corrective actions. These actions are then prioritized by severity level that, if executed, can effectively manage and reduce risk. This approach allows agencies to prioritize risk mitigation efforts and focus on extinguishing risk “hot zones” – solving the most critical problems first. eGlobalTech services in the area of Cyber Operations include:
- Perform Risk and vulnerability assessments
- Conduct Advanced Persistent Threat (APT) and malware defense analysis
- Perform Penetration Testing
- Develop Policies and procedures for detecting and mitigating security vulnerabilities
- Evaluate and test technical, management, and operational security controls for effectiveness
- Develop and conduct security awareness training and expected rules of behavior for end-users
- Develop and test Incident Response procedures
- Develop and test Disaster Recovery and Business Continuity procedures
- Perform Mobile Device Security and Management assessments
Cloud Security / FedRAMP Advisory
eGlobalTech’s Federal Risk Authorization Management Program (FedRAMP) Advisory service offering is designed to assist cloud service providers who are looking to become authorized through FedRAMP. FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and resources required to conduct security assessments and authorizations for cloud service providers. As part of this service offering, cloud service providers can request a FedRAMP Readiness Assessment that will help determine if a provider is prepared for the FedRAMP authorization process. eGlobalTech FedRAMP Advisory services include:
- Conduct FedRAMP Readiness Assessment - a four-step process that will provide cloud service providers a consistent assessment framework and facilitate a smooth project launch through the use of skilled assessors.
- Develop FedRAMP documents for the authorization package (e.g., SSP, CIS, CTW, FIPS-199, SAP, SAR, CP, POA&M)
- Recommend and/or implement corrective actions for non-compliant controls in NIST 800-53 control families (e.g, Access Control, Awareness and Training, Audit and Accountability, Security Assessment and Authorization, Configuration Management, Contingency Planning, Identification and Authentication, Incident Response, Maintenance, Media Protection, Physical and Environmental Protection, Planning, Personnel Security, Risk Assessment, System and Services Acquisition, System and Communications Protection, System and Information Integrity and Program Management)
Identity, Credentialing and Access Management (ICAM)
Federal agencies are struggling to implement a robust identity, credentialing and access management (ICAM) program that features interoperable credentials aligned with business rules and trust frameworks for identity verification, authentication, authorization and federation. eGlobalTech can assist agencies in this mission by developing and refining an ICAM solution architecture incorporating required technologies, standard processes, and interfaces to meet Federal information security requirements. We coordinate multiple on-going security initiatives within your agency to align with the overarching target architecture - leveraging investments already made in physical and logical security so agencies can eliminate redundancy and increase user satisfaction. Our solution offers a single service to manage identity attributes and credentials, enhanced authentication and authorization, and increased interoperability with customers. eGlobalTech ICAM services include:
- Strategy & Governance Support: Development of streamlined processes and minimization of duplicated efforts leading to reduced IT costs, enhanced asset visibility, and timely access to the information that users require, irrespective of time or place.
- ICAM Assessment: Assessment of ICAM needs and formulation of a high-quality, centralized role-based identity management solution.
- ICAM Architecture. Design and implementation of agency-specific segment architecture aligned with the Federal ICAM (FICAM) segment architecture.
- Trusted Credentialing: Development, testing accreditation of a PIV credentialing program, as well as programs that issue third party credentials such as one-time password devices, software certificates and other tokens.