Information Assurance

Information Assurance

In order for any security program to achieve its mission, goals, and objectives HSC understands that effective leadership is required for success. We provide our clients with in depth Enterprise perspective to deficiencies, threats, and inefficiencies affecting their IT System Environments.

HSC helps our clients develop effective supporting business process, procedures, and technical policy to ensure the IT Security Program meets compliance mandate conformance requirements.

HSC provides the necessary skill sets to establish or refine functional operations within the Security Program. We have established Security Operations teams, implement comprehensive security monitoring solutions, and automate compliance reporting for our customers. In addition we provide guidance for Contingency and Disaster Recovery Planning and Incident Response.

Our qualified team of specialists is sought after by Fortune 500 companies and mission critical components of Federal and Defense Agencies to help guide their security programs to success.

Experience

The HSC Information Assurance (IA) team has extensive experience with Federal security compliance activities. Our IA SMEs work with senior level executives to establish priorities based on the compliance needs of the enterprise. We provide in depth risk analysis to determine the threat exposure affecting the enterprise. The HSC IA team establishes security requirements that meet pressing business needs. HSC has the experience to integrate compliant security architectures to remediate vulnerabilities affecting the enterprise.

HSC personnel have served as security lead over a $68.5 million dollar mission critical infrastructure upgrade consisting of 2500 servers. HSC was responsible for developing an enterprise wide threat analysis, which provided executive management with a clear view of vulnerabilities affecting the enterprise.

HSC and key stakeholders devised a plan to implement security infrastructure in order to remediate risks affecting the enterprise. HSC provided oversight of Identity and Access Management using two-factor (2F) authentication, Federal Information Processing Standard 140-2 compliant encrypted communications technologies, and Security Incident and Event Management (SIEM) for enterprise components. In addition, HSC conducted compliance audits during all phases of the Systems Development Life Cycle (SDLC) and authored Federal Information Security Management Act (FISMA) Certification and Accreditation documentation.

HSC has conducted Security Assessments for Federal and Commercial clients. These include:

  • Microsoft
  • Department of Defense
  • Department of Energy
  • Department of Homeland Security
  • Federal Bureau of Investigations
  • US Treasury

 

Commercial IA Performance:

  • HSC personnel have consulted and advised on the network assurance of large services like Microsoft’s MSN services, the IdenTrust PKI, ValiCert’s PKI Global Validation Authority Service as well as the network infrastructure of Global Scholar, the education group and Harland Clarke Holdings Corporation.
  • Incident analysis and handling was done by HSC personnel, formerly at Microsoft, for large and impactful products and services like the Microsoft Windows Networking stack and Microsoft’s Live ID authentication service.
  • Analysis of Malware trends, reporting and instigating discussion on these and instigating action was done in the Microsoft security business unit by HSC personnel. Microsoft anti-virus service, reputation service, and email security service were the grounds for this work.
  • Evaluation of implementations for compliance with standards was done for implementations of IPsec, SSL, XMLdsig, at a number of companies including ValiCert, Cavium Networks and Micrsoft by our personnel formerly employed at those corporations.
  • The definitive analysis of SAML performance as well as performance of other XML encoded authentication protocols, as compared with ASN.1 or JSON encoded protocols like PKIX and OpenID was done by HSC personnel.

Federal IA Performance

  • Provide detailed security artifacts for the DHS Accreditation Authority for various Security Authorization (SA) efforts for various releases throughout the System Development Lifecycle (SDLC). Artifacts include: FIPS-199, Requirements Traceability Matrix, System Security Plan, Risk Assessment, Standard Assessment Plan and Procedures, Security Assessment Report, System Description Document, Version Description Document, and Installation Guides.
  • Assess Enterprise security posture to identify threat vectors in association with existing vulnerabilities and identify cyber security solutions to aid in the remediation of such vulnerabilities while meeting compliance objectives. Worked closely with DHS Security personnel (Information System Security Manager and Information System Security Officer) to develop the Enterprise Threat Assessment, which was then used to develop the fiscal year 2009 Security Performance Plan. The assessment included: two data centers, four facilities, two major applications, and 4 four subsystems. The ideas presented in these documents gave rise to the following security programs/activities:
  • Establishment of Security Infrastructure Roadmap to implement Security Identification and Event Management (SIEM), Centralized Account Management, Database Monitoring, and FIPS 140-2 level 3/4 remote access capabilities.
  • Establishment of a Security Operations team,
  • Development effort to create component wide policies per DHS 4300a requirements,
  • Development effort to create US-VISIT security training initiatives, and
  • Allocation of designated team to perform component Contingency Planning activities.