Home

Services

 

 

IAC provides the following information assurance services:

Our General IA Consulting for U.S. government and commercial entities includes:

bullet

Assisting US Army Program Executive Offices (PEOs) and Program Managers (PMs) with IA Policy & Procedure development.

bullet

Providing security architecture engineering analysis, especially in the areas of network security, access control, and cryptography.

bullet

Performing independent certification and accreditation (C&A) testing according to DITSCAP.

bullet

Performing risk assessments and providing accreditation advice.

Our Comprehensive C&A Services include:

bullet

Developing System Security Authorization Agreements (SSAAs).

bullet

Developing Security Policies (SSAA Appendix E).

bullet

Developing Security Requirements Traceability Matrixes (SSAA Appendix F).

bullet

Conducting Certification Requirements Reviews with Customers.

bullet

Developing Certification Test Plans and Procedures (SSAA Appendix G).

bullet

Performing Certification Tests and Evaluations (CT&Es) at Customer Sites.

bullet

Performing On-Site Verification of Security Accreditation Checklists.

bullet

Developing CT&E Reports (SSAA Appendix P).

bullet

Developing Residual Risk Assessment Reports (SSAA Appendix Q).

bullet

Developing Information Assurance Vulnerability Management (IAVM) Compliance Addenda to the SSAA.
Our Network Vulnerability Assessments provide an evaluation of an organization's existing security posture and make recommendations for improvement:
bulletIdentify Information Criticality
bulletIdentify System Configuration (Footprinting)
bulletIdentify Organization's Security Posture
bulletEvaluate Existing Practices, Policies and Procedures
bulletPerform Penetration Testing
bulletReport Findings and Recommend Action Plan

Our Network Assessment Methodology incorporates the National Security Agency (NSA) INFOSEC Assessment Methodology (IAM), which is a four-phase approach to INFOSEC Assessments:

bulletPre-Assessment Planning
bulletInformation Gathering
bulletInformation Analysis
bulletFindings & Recommendation Reporting

Our Network Assessment Methodology also incorporates the DoD "Red Team" Methodology.

We utilize "state-of -the-art" vulnerability scanning tools and penetration testing frameworks.
Our Security Policy & Procedure Development provides a framework for a successful security program:
bulletWe develop policies and procedures that address the confidentiality, integrity, and availability of critical information
bulletWe address areas to protect an organization's reputation, IT resources, and employees
Our Information Security Awareness Training ensures that your staff is not the weakest link in your security arsenal.

We offer training for all levels of an organization:

bulletSecurity and System Administrators
bulletUsers and Owners of IT Assets
bulletManagement

We offer off-the-shelf or tailored courses:

bulletInformation Protection
bulletSecurity Awareness

 

Home ]

Send mail to info@infoassurance.biz with questions or comments about this web site.
Copyright © 2005 Information Assurance Corporation
Last modified: 08/25/05