AGR’s Cyber and Institutional Security Services are broad and comprehensive.
We have developed these skills and approaches to be oriented to be practical and effective in complex data driven environments. We offer assessments and develop processes utilizing technology that is designed to prevent security breaches in both high volume commercial and secure governmental environments.Our approach and methodology is constructed to prevent and to identify data security incursions. In ongoing situations our approach allows our team to create short term patches and create long term permanent solutions in the holistic data protection of an organization. This involves a spectrum that ranges from end user behavior through systems development, database management, computer installations, and network operations.
We have proven our approach in major complex computing environments utilizing the following information integrity roadmap:
- Enterprise Level Information Integrity – In this area of activity we are concerned with information security across the entity or enterprise. We work with information security managers in support of a robust cyber security environment headed up by a Chief Cyber security Officer (CCO).
This an inclusive area that integrates and works with IS specialty auditors.
This component starts with the commitment and leadership team’s dedication to cyber security discipline that is exhibited by senior management in the enterprise.
This enterprise level can analyze an organization by a single legal entity or an operating department of government. Uniquely related entities may be grouped together for analysis and action or the enterprise may be the roll up of all entities in a company. This could also be reflected as multiple departments in a governmental entity.
- Functional System Users – This constituency will be the end users of business applications throughout a defined organization. Common end user applications and tools will also be included in this area. We work with multiple levels of supervision, subject matter experts, and professional positions in the end user community. This includes organizational security monitors and cross functional information assurance managers.
Ongoing programs and materials are analyzed and prepared utilizing our two tiered education and training approach. We incorporate fixed entity end user computing, remote end user computing, and mobile end user computing in this set of activities. The functional system users may be addressed by work cell, professional work group category, organizational department and/or unique business entity.
- Systems Development and Database Administration – In this section of information integrity we concentrate on units that develop and maintain application systems along with the supporting data bases. Our focus groups in this area include leadership of development projects/maintenance, systems architects, developers, DBAs and information assurance auditors.
We insure complete systems development and maintenance life cycle inclusion. We build in security practices from requirements generation, conceptual/detail design, development, and testing for applications and their supporting data bases. We divide this analysis and assurance into less than 80 hour and greater than 80 hour development projects. Assurance discipline is included for both in-house and outside developed systems. We also apply these standards to COTS and custom developed systems including all integration points throughout the development life cycle.
- Computer Operations and Installation – Our approach analyzes and assesses computer operations and installations that support one or more IT applications. The personnel involved in this area are management responsible for ownership of computer operations and installations as well as technical support personnel that are assigned to support an applications team. We identify risk areas and mitigations that should be addressed in both new and ongoing operational systems.
Our approach involves category analysis including process controls, transactional processing, funds transfer transactions, customer service interfaces, and end user computing applications.
- Mission Critical Functional Applications – This assessment and control area includes leadership and professional employees in charge of process integrity that are enabled by applications. Systems integration and technical support team personnel that provide the application services and functional leadership end users of the functional applications.
The security rules and requirements are analyzed and incorporated for the functional applications to achieve acceptable risk coefficients and metrics. We categorize these applications by mainframe, server based, shared work station, and cloud supported environments to segregate risk metric objectives.
- Network and Telecommunications Support – The areas of concentration are the networks that support one or more applications. The personnel in this section include network telecommunication managers, leadership of specialty network functions, outside network providers, and specialized network IT auditors.
Network requirement services are identified and analyzed including construction and maintenance of all network/telecommunications operations. Network security audits and tests are performed both internally and externally to maintain risk metrics. This network/telecommunications analysis includes WANS/LANS, internal/external VPNs and public access integration points. All voice, data, and integrated communications are included.