Information Security

SPS assists Chief Information Officers (CIO) and Chief Information Security Officers in developing a risk-based information security program that enables CIO organizations to provide the technologies and tools required to effectively carry out the organization’s mission objectives with the assurance that security risks are optimally mitigated. We develop sound security policy and effective security training to fit your organization’s challenges. We implement the best tools available to automate risk management.

SPS computer security experts develop innovative and secured business-enabling technologies for today’s dynamic business environment and mobile workforce. We support the secure use of cloud-based computing technologies, wireless access options, tablet-based computers, and other technologies to help our customers more efficiently and securely accomplish their goals.

Information Security Services include:

FISMA Compliance Support

SPS helps your organization adapt and implement NIST procedures to meet FISMA compliance requirements. SPS consultants work with agency stakeholders to implement controls and ensure compliance without restricting the agency’s ability to accomplish its goals. We help organization meet FISMA reporting requirements including the transmission of security data feeds, such as vulnerability management and inventory data, directly to the U.S. Department of Homeland Security (DHS). We help organizations establish a practical implementation of automated tools for risk management that de-emphasizes the old ineffective paper-based approach to FISMA compliance.

Certification and Accreditation

SPS develops C&A packages for your organization’s mission critical systems according to NIST and agency-specific guidance. We examine the security measures and controls used by a system and identify the threats, vulnerabilities, and risks affecting the system. We measure and evaluate the risks on a relative scale to support the accreditation decision. We develop plans to help our customers mitigate those risks.

Vulnerability Management and Penetration Testing

SPS implements a comprehensive enterprise vulnerability management program that measures vulnerability as often as possible. We implement tools that optimize the accuracy of vulnerability monitoring, and report actionable vulnerability data in a language you can understand.
SPS performs penetration testing that rapidly identifies vulnerabilities that may be exploited by external attackers. We test without access to the source code, eliminating false positives. SPS delivers a comprehensive assessment report that details the findings including vulnerability descriptions, exploit walkthroughs, business impact, and detailed remediation guidance. We also offer our customers training in secure code techniques and secure configuration.

SPS provides assessment of:

  • Potential threats and vulnerabilities facing the external network perimeter
  • Potential threats and vulnerabilities facing the internal network infrastructure
  • System configuration policy vulnerabilities
  • Denial of services (DOS) vulnerabilities

Intrusion Detection and Incident Response

SPS employs a comprehensive intrusion detection and incident response program using a four-phase process: Preparation; Detection and Analysis; Containment, Eradication, Recovery; and Post-Incident Assessment. We use tools designed to maximize visibility, enable the most accurate picture of network activity, and provide the most complete incident analysis. We perform Post-Incident Assessment as feed back into the preparation phase to ensure continual policy and procedure updates and process improvements. The SPS process protects systems by implementing appropriate countermeasures to known and unknown threats and minimizing downtime and loss when incidents occur. We implement the right tools for your organization’s environment to detect, respond, and report computer security incidents.

Forensics Investigation

SPS manages and implements a defined forensic analysis process using proven tools. Our certified forensic experts collect and analyze electronic evidence in cases supporting policy violations, e-discovery, counter-intelligence, and fraud. Our defined forensics analysis process, modeled on law enforcement standards, reduces the risk of improper evidence handling and the presentation of erroneous findings. Our process maintains chain of custody, so evidence is handled and protected appropriately to ensure accurate analysis throughout the life of the case.

Security Solution Engineering

SPS follows an established repeatable process to identify, test and deploy business-enabling security solutions. SPS provides full engineering lifecycle support and helps CIO organizations evaluate business and technical requirements, identify potential technologies, test the technologies against the requirements, recommend the solution, design the solution and implement the solution.

Privacy Impact Assessments

SPS conducts Privacy Impact Assessments (PIAs) using a structured process to determine if your system contains privacy information. PIAs include the project description, the risk assessment, a list of privacy-protected data, and the mitigation steps required to manage any risks associated with collecting such information.
 

 
Information Technology Services