 |
|
Systems Security EngineeringToday’s challenge in systems security is to develop realistic security engineering alternatives as business enablers, instead of being viewed as a business obstruction. DAC’s security engineering services are driven by a risk-based approach to systems engineering, taking the business needs as a whole into consideration.We have assembled a team of respected information technology security experts, bringing a wealth of international experience to deal with the critical issues many organizations struggle with today. Our costeffective risk-reduction solutions address security and compliance problems by answering the questions: What are your security concerns and requirements? How close are you to meeting those requirements and how can progress be made to accomplish your security-related goals? We provide comprehensive Security Engineering across a full range of functional proficiency from deriving requirements during initial planning through assessing the performance of the final product. SECURITY PLANNING We assist clients with strategic security planning to develop overall security system requirements and with the planning associated with the implementation of a specific security product. Our plans address security program and policy establishment, risk management, contingency planning and also result in practical security policy and technical specifications for products or systems. We developed a cyber security strategic plan for a federal customer, assessed performance and made recommendations for prioritizing planned cyber security upgrades. We developed the first System Protection Profiles for critical infrastructure information technology process control systems. SECURITY TRAINING DAC develops and teaches security courses and workshops in the United States and in several other nations. Our training courses involve all aspects of security compliance and systems security engineering practices, for managers and technicians. INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION DAC is a principal developer of the information assurance standards in use today that form the technical underpinnings of the current Certification and Accreditation processes. We support government and commercial organizations in establishing programs to advance standards; implement them in specific environments; establishing laboratories and certification for products and systems. We are key contributors to the certification of several government systems to FIPS 199/200, DITSCAP, DIACAP, DoD 8500.1, and PRONAV. We have been central in the establishment and implementation of specialized certification processes for the Department of Energy and for establishing a framework for the Department of Homeland Security to measure critical infrastructure security posture. SECURITY ASSESSMENTS We regularly assess security performance and help our clients respond to any performance issues. We help our clients ensure that their security controls and infrastructure are effective in meeting established organizational needs. We offer complete support to organizations: for government and commercial assessments and certification against security technical and management criteria; or with procedures and tools for security posture self-assessment. DAC conducted cyber security assessments for a number of water and wastewater treatment facilities. We developed cyber security self-assessment tools deployed for use in critical national infrastructures. We developed the first System Protection Profiles for critical infrastructure information technology process control systems. SECURITY IMPLEMENTATION We are known for assisting organizations with technology- independent solutions to implement the appropriate security controls and architectures that are best for the client and not tied to a particular corporate offering. We help our federal clients apply IS15408 (Common Criteria), Federal Information Security Management Act (FISMA), and IS17799 (Security Management) standards to their core missions in critical infrastructure protection and national defense. We established complete information assurance frameworks for measuring and assessing products and systems security posture of organizations. COMPLIANCE We are widely recognized for our expertise in security compliance and our knowledge of regulations, guidelines and best practices that govern security products and systems. We help organizations navigate the diverse breadth of compliance issues and help develop strategies for costeffective measures to meet all requirements. We are central in the development and implementation for the Open Compliance and Ethics Group in the area of technical solutions to security-related compliance. We help government and industry organizations establish certification
|
||||||||||||||
