Service-Disabled
Veteran-Owned Small Business
Service-Disabled
Veteran-Owned Small Business |
||||||
|
||||||
|
Information Security Services |
|
||||||||||||||||||
| Atlantic
Systems Group (ASG) only employs seasoned security professionals specializing
in network security architecture, design, implementation, and management.
Instead of being limited to the assets of one on-staff individual, our
clients leverage the technical knowledge and experience across our entire
consultant team. ASG offers integrated security solutions, deliver doorway to desktop solutions, including information security, physical security, and secure application development. |
||||||||||||||||||||
|
Security
Engineering Services ASG Engineering services address design, selection, installation, configuration and implementation of security technologies. Service offerings include: • Requirement Analysis & Design • Solution Selection/Acquisition • Network Architecture/Design Review • Security Architecture Design • Implementation Product Based Services Product based services include the implementation, configuration, troubleshooting, maintenance, and support of specific industry-leading products. Based on the company skill sets ASG has developed these premier services: • Firewall implementation and management/monitoring • Intrusion Detection System implementation and management/monitoring (IDS or IPS) • Security Information Management System implementation and management/monitoring • Vulnerability Assessment • Load Balancing & High Availability Solutions • User Authentication • Remote Access Control • Anti-Virus/Anti-Spam • Content Filtering and URL Filtering • E-mail Security Security & Risk Assessment Offerings ASG Security and Risk Assessment offerings provide the client with an evaluation of their security controls and an analysis of their overall risk posture. Our assessment services include: • Technical Vulnerability Assessment • Penetration Test • Perimeter Security Assessment • Enterprise Technical Security Assessment • Comprehensive Risk Assessment • Application Security Design Review • Application Security Assessment • Regulatory Compliance Assessment (ISO 17799, HIPAA, GLBA) • Certification and Accreditation Technical Vulnerability Assessment The ASG Technical Vulnerability Assessment identifies weaknesses in technical security controls. It is predominantly an evaluation of technology security controls using automated vulnerability scanning tools. The scope of the assessment is determined by the client and is usually based on the number of devices to be scanned. The assessment can be aimed at systems from the outside (looking in at the network perimeter and systems that are exposed to the Internet), at internal systems or both. Penetration Test Penetration tests attempt to exploit weaknesses in network and system security controls. They are used to validate the existence and seriousness of vulnerabilities identified during a Technical Vulnerability Assessment. A Penetration Test is conducted in order to model specific threat scenarios against a network or system and its supported services. ASG performs this test to model the behavior of a malicious attacker with a specific purpose. Penetration Tests may be performed from the internal or external perspective and are always tightly controlled and carefully coordinated with our clients. Perimeter Security Assessment The Perimeter Security Assessment identifies security risks that exist at the client’s border to the Internet or other non-company network interfaces such as vendor or partner connections. It includes an evaluation of all technologies that have an interface with the Internet including the border routers, firewalls, mail gateways, remote access solutions, VPN devices, and other devices that may reside in the DMZ. The Perimeter Security Assessment looks at the client’s perimeter from both outside and inside. A traditional vulnerability assessment or penetration test from the outside may reveal weaknesses but the Perimeter Security Assessment goes deeper and can help uncover potential security flaws in the way systems are implemented in the DMZ – flaws that might not be identified in a penetration test or vulnerability assessment. The assessment results are presented in a written report that identifies all security issues found along with specific recommendations for mitigating the risks posed by those issues. |
|||||||||||||||||||
| Enterprise
Technical Security Assessment The Enterprise Technical Security Assessment is the most comprehensive technical assessment ASG offers. It includes an evaluation of all the technical security controls in place throughout the client’s information systems and network infrastructure. The Enterprise Technical Security Assessment includes a detailed review of installed security technologies. The focus is exclusively on technical security controls and does not include an evaluation of physical, environmental or administrative (policy and procedure) controls. Comprehensive Risk Assessment The Comprehensive Risk Assessment evaluates the entire security program including policies, procedures, physical, environment and technical security controls. The process is one of the best assessments for clients who have never had a full review of their security program or have not had one performed in over a year. The final report includes all findings, recommendations for mitigating any risks identified, and a prioritized list of risks and strategies to mitigate them in a phased approach. Information Assurance ASG Security Engineers are experienced in performing Certification and Accreditation (C&A) as well as providing the required certification documentation in support of the DOD IT Security Certification and Accreditation Process (DITSCAP), National Institute of Standards and Technology (NIST) and other formal standards for unclassified and classified systems. We support both the initial certification as well as the required re-certification process. Since most other Departmental guidelines follow the intent of DITSCAP, we have successfully adapted our C&A process to meet the needs of all of our customers. The C& A Process is a structured approach to assure that all aspects of security are addressed throughout the life cycle of a system. ASG’s Security Engineering team can provide full support for your C&A process or can assist by delivering any of the specific documents required to support certification. In our complete support for the C&A process, our staff will perform each of the detailed tasks and assemble the complete Certification document package and provide the risk analysis to permit an accrediting authority to grant approval to operate. Atlantic Systems Group offers Certification and Accreditation Management tools which help to automate the process. ASG tool set provides a C&A team with the ability to manage records and develop C&A documentation that is DITSCAP/DIACAP and FISMA compliant. This tool set automates the process of configuring and capturing C&A data resulting from a full C&A, Security Testing and Evaluation (ST/E) effort. ASG also provides a repository for the collection of C&A result data and then provides for a single reporting and aggregation point for all vulnerability data analysis that supports the remediation phase requirements of a C&A process. |
