INT’s collaborative Cybersecurity methodology empowers our highly credentialed Subject Matter Experts (SMEs) to operate with full trust, respect and cooperation with our clients. Our adaptable and innovative Information Technology (IT) Cybersecurity Services optimally address the ever-changing needs of information security and regulatory compliance. INT Cybersecurity SMEs proactively address risk from an enterprise, component, (mission/business process) and system level to enable smarter decision making, more cost-effective IT security operations.
Our Cybersecurity Services delivered ensure a “Build-it-in” vs “Bolt-it-on” Cybersecurity Strategy to enhance informed decision making, improve continuous monitoring, and enforce security engineering policies and standards and improve timely correction of deficiencies, vulnerabilities, and incidents.
INT Cybersecurity Services and SMEs manage IT risk and compliance on-premises, in cloud-based, and hybrid computing environments. Our team works to manage risk on a daily basis through continuous assessment and ongoing authorization in accordance with the leading government and commercial standards.
Our Cybersecurity Services
Risk Management Framework (RMF)
The goal of effective security risk management is to determine and articulate the likelihood and impact that threats may have on an organization’s assets and data. INT understands the importance of minimizing the likelihood and impact by assessing risk profiles. Our Risk Management support services help guard the mission and business of our clients by combining our industry expertise with a thorough understanding of our clients’ business processes and functions to effectively protect their information systems.
Our security risk management support services can help develop your Risk Management Program by:
- Identifying business needs and changes to requirements that may affect overall IT and security direction.
- Reviewing adequacy of existing security policies, standards, guidelines and procedures.
- Analyzing assets, threats and vulnerabilities, including their impacts and likelihood.
- Assessing physical protection applied to computing equipment and other network components.
- Reviewing logical access and authentication mechanisms.
- Developing technical recommendations to address the vulnerabilities identified and reduce the level of security risk.
Technical Risk, Analysis, Mitigation & Management
Risk mitigation is essential to IT security, yet the complexity of information risk management today makes the task of mitigating risk increasingly difficult for organizations of all sizes. The threat landscape continues to shift and evolve with alarming speed, and your risk management strategies must be informed by up-to-the-minute intelligence on the latest threats as well as the most effective ways to mitigate them.
INT’s team of experts have assisted many of organizations with regulatory compliance risk management and program integrity advisory services, including assessing and evaluating compliance high-risk areas.
Business Continuity & Disaster Recovery Planning
Our BCDR specialists provide on premise subject matter support by performing Business Impact Analyses and mapping interdependencies among business processes and information systems. We conduct a review of existing policies, including continuity and disaster recovery plans for adequacy to ensure that your business processes and systems are available when you need them most.
Audit Management
Security Technical Implementation Guides (STIGs) are the configuration standards for United States Department of Defense (DoD) Information Assurance (IA) and IA-enabled devices/systems published by the United States Defense Information Systems Agency (DISA). Since 1998, DISA has played a critical role enhancing the security posture of DoD’s security systems by providing the STIGs. The STIGs contain technical guidance to “lock down” information systems/software that might otherwise be vulnerable to a malicious computer attack.
There are three categories or levels of vulnerability that indicate the severity of the risk of failing to address a particular weakness.
- Category I - Any vulnerability, the exploitation of which will, directly and immediately result in loss of Confidentiality, Availability or Integrity.
- Category II - Any vulnerability, the exploitation of which has a potential to result in loss of Confidentiality, Availability, or Integrity.
- Category III - Any vulnerability, the existence of which degrades measures to protect against loss of Confidentiality, Availability, or Integrity.
Compliance can be fairly difficult because organizations must ensure that they are following DISA prescriptions at all times. This can be a bit like attempting to hit a moving target because STIGs are added and updated as new technology is developed. Additionally, software and hardware upgrades and replacements can cause required settings to be changed or overwritten. As a result, staying compliant means that systems need to be monitored and adjustments must be made on a continuous basis.
INT’s DISA Compliance auditing service includes the ability to validate DISA STIG compliance checks against switches, firewalls, applications (Oracle/SQL), RHEL, Solaris, and of course Windows systems.
Continuous Monitoring
The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. For cloud services, Federal agencies adhere by authorizing services that demonstrate their compliance with one of the FedRAMP security baselines.
To achieve a FedRAMP authorization, cloud service providers must undergo an independent security assessment conducted by a third-party assessment organization (3PAO) to ensure authorizations are compliant with FISMA and must maintain continuous monitoring requirements of FedRAMP. This is where having INT as your trusted partner will help ensure the continuation of your hard work in attaining and maintaining FedRAMP compliance.
Our services aim to help our clients by:
- Performing ongoing security assessments to ensure security controls continue to remain effective
- Identifying the latest security threats and offering expert mitigation strategies
- Enabling timely risk management decisions
- Minimizing the impact of unnoticed security vulnerabilities
- Identifying strategic security measures aimed at avoiding future costly breaches
Our team of experts will guide you through the ongoing FedRAMP continuous monitoring process to ensure compliance is maintained and most importantly, security implemented and treated as a priority.