Today, civilian federal agencies operate in a rapidly changing and complex IS and PIT environment. Agencies are defending themselves against never-ending and aggressive cyber-attacks. These attacks are accelerating in frequency, scale, and sophistication. To meet this challenge organizations are adopting a variety of multifaceted and integrated security controls to protect their information, information systems, and networks. Security considerations are now being applied at all stages of the system life cycle. Security features are rapidly evolving to meet emerging threats and must be, by design, continually revised and updated to remain ahead of a long list of security challenges.
NIST Special Publication 800-18, Revision 1, Guide for Developing Security Plans for Federal Information Systems, Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, and the Federal Information Security Management Act (FISMA) mandate the application of secure system features and related operational practices to protect critical information assets from compromise. The importance of a comprehensive technical and operational security program has become increasingly obvious over the past decade as outside threats continue to assault the nation’s computing resources.
Keya personnel work closely with a variety of Federal Government agencies to strengthen their security of the IS, platform IT, networks, and information services and products. All these systems and system components must achieve compliance with a myriad of federal and agency regulatory mandates. Strick compliance dramatically improves an organization’s agility and strength in the deterrence of cyber threats. Keya areas of expertise in operational security include:
Continuous Monitoring: Keya personnel are skilled and highly experienced and provided NIST SP 800-53-compliant risk management support to civilian federal agencies. We are familiar with and have applied a variety of agency unique regulations. With DoD and intelligence community experience Keya personnel are a position to offer a wide array of procedural and product-driven security control solutions to meet every operational need.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 require all necessary administrative, technical, and physical controls be implemented to protect the privacy of sensitive patient information. Keya personnel understand HIPAA mandates and are skilled and experienced in meeting the unique needs of defense and civilian agencies providing medical services. With assignments within the DoD medical community and the civilian federal agencies as well Keya personnel have strong qualifications to deliver comprehensive risk management framework assessments and concurrent compliance with HIPAA and other special care mandates within the Federal Government’s medical communities including TRICARE, Department of Veteran Affairs, Department of Health and Human Services, The National Science Foundation, and the National Institutes for Health.
Business continuity planning and assurance:
Contingency plans define measures for recovering information system and services after disruption. Keya engineers work closely with clients to complete an eight-step process for information systems, platform information technology, information products and services, and telecommunications systems. These steps are:
Develop a contingency planning policy statement.
Conduct a business impact analysis to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, cyber-attack, accident or emergency).
Identify and prioritize the information systems and components that are critical to an agency’s mission and business processes.
Identify preventive controls to reduce the effects of system disruptions.
Create contingency strategies enabling systems to quickly and effectively recover following a disruption.
Develop and publish a comprehensive information system contingency plan.
Identify and implement testing, training, and exercises to validate recovery effectiveness.
Ensure the maintenance of contingency/recovery plans and procedures.
Business continuity and contingency planning deliverables include:
Business Continuity Plans (BCP),
Information System Continuity Plans (ISCP),
Continuity of Operations Plan (COOP),
Disaster Recovery Plans, and
Backup and Recovery Strategy Plans.
Network Security and Incident Management: Keya assists agencies in the development and implementation of policies and guidance to prevent and detect unauthorized access, prevent system misuse, and prevent the denial of services, ensure the integrity of agency computers, networks, and network-accessible information management resources and provides real-time analysis of security alerts, events and incidents; conduct root cause forensic analysis/cause determination; conduct a damage severity assessment, and prescribe effective corrective and future prevention measures.
Anti-Virus, Firewall and Intrusion Detection/Prevention Management: Keya works with agencies to design and implement anti-virus and local firewall strategies to protect information integrity, implements software applications that monitor systems for malicious activities and produce reports that describe suspicious network activity and traffic o protect information integrity and helps federal agencies develop and implement policies and procedures for preventing unauthorized interceptors from accessing government telecommunications systems while ensuring that authorized content reaches its intended recipients.