Program Management

i-Secure’s program management expertise is targeted at improving its client’s security posture by improving performance in regards to implementation of policy and compliance requirements.  i-Secure works hand-in-hand with its clients to provide:
  • Project planning
    • Schedule management
    • Budget management
  • Security documentation management
    • System Security Plans
    • Contingency Plans
    • Risk Assessments
    • Security Assessment Reporting
  • Policy management
  • Government and Commercial regulatory requirements analysis

Certification & Accreditation

i-Secure’s Certification & Accreditation (C&A) expertise includes all aspects of the C&A lifecycle based on NIST recommendations.  i-Secure’s personnel are well versed in all aspects of compiling and delivering a complete ready-to-sign C&A package for our client’s Authorizing Official.  We excel at working with System Owners to develop:
  • FIPS 199 and e-Authentication worksheets
  • System Security Plans
  • Contingency Plans
  • Applicable Interconnection Security Agreements
  • Security Testing and Evaluation (ST&E) Plans
  • Security Assessment Reports
  • Risk Acceptance Letters for inclusion into an Authorization To Operate memorandum

Further i-Secure works hand-in-hand with its clients to

  • Coordinate Contingency Testing scenarios
  • Execute ST&E activities
    • Interview system personnel
    • System documentation review
    • Verify system hardening implementation
    • Initiate automated vulnerability scans
    • Penetration testing
    • Vulnerability analysis
    • Remediation suggestion
  • Manage vulnerability remediation via Plan of Action and Milestone (POA&M) lifecycle
  • Perform Annual Self-Assessments

Enterprise Architecture & Standards

i-Secure’s Enterprise Architecture & Standards expertise includes helping clients design secure and cost-effective systems in a timely manner.  i-Secure’s personnel are experienced in deploying a vast array of systems and applications.  i-Secure’s methodology calls for security to be built into the system design early in the design phases of a project.  i-Secure personnel have extensive experience deploying security devices to monitor the infrastructure, prevent unauthorized access, and alert to suspicious activity.  i-Secure bases any hardening suggestions on that of industry best practice and personal experiences to make sure that our clients assets are protected.

Threat Assessment & Mitigation

i-Secure’s Threat Assessment & Mitigation expertise involves an in-depth review of our client’s organization which identifies any possible threats to the personnel, infrastructure, data, and other assets.  i-Secure can then equate those threats with any known enterprises risks and provide a detailed cost-effective mitigation strategy to reduce weaknesses which make the enterprise vulnerable.  i-Secure’s techniques for determining threat assessments include:
  • Vulnerability scanning of
    • Operating System platforms
    • Web applications
    • Databases
    • Network devices
  • Verifying system hardening guidelines, policies, and implementations
  • Penetration testing
  • Incident response testing

Policy Guidance

i-Secure’s Policy Guidance expertise is aimed at helping our client’s develop and manage their enterprise-wide IT security policy.  Policy guidelines involve developing rules which provide protection of critical assets.  i-Secure’s policy experts are experienced in assisting organizations define security roles and responsibilities.  i-Secure has experience with authoring comprehensive policy statements which provide the foundation for system developers to secure their systems.  i-Secure continues this by offering to manage our client’s policies and procedures to make certain that they meet best practices for securing the enterprise.

Regulatory Compliance

i-Secure’s Regulatory Compliance expertise involve getting our clients to conform 100% to all requirements set forth by laws, governing bodies, security standards bodies, and their own internal policies, procedures, and hardening requirements.  i-Secure’s staff is well-versed in the requirements set forth by:
  • Federal Information Security Management Act (FISMA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • National Institute of Standards and Technology (NIST)
  • Homeland Security Presidential Directives (HSPD)
  • Office of Management and Budget (OBM) Circulars
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Sarbanes-Oxley (SOX) Act