IT Security Solutions
Today’s emerging threat landscape and increasingly aggressive attacks present serious risk to an organization’s systems and information. As access to those systems and information moves beyond the desktop to remote and mobile endpoints, so does fraud. TWD security team professionals can help you identify your assets and secure their access by implementing an agile, adaptive IT security solution that incorporates policy, people, and technology.
Delivering Peace of Mind
The effectiveness of your IT security solution is based on three fundamental drivers: policy, people, and technology. TWD security professionals understand the interplay of these drivers, and can support you in your efforts to protect your organization, helping you:
- Write and implement sound security policies that document why and how to operate securely
- Train your users to be aware of the risks, their role in protecting assets, and to follow established policy
- Select and implement security technologies that aid in enforcing policy and automate defensive and forensic measures
TWD divides the security universe into two main areas:
Access control Because access control systems are integrated into the IP network, and because common solutions are used for identity management to grant access to systems, data, and other assets, the term “access control” relates to securing both your physical assets (hardware and facilities) and your logical assets (cyberspace: software and data).
TWD is an emerging provider of cost-effective, performance-focused IT security solutions within the area of Electronic Security Systems (ESS), including Physical Access Control Systems (PACS) and Logical Access Control Systems (LACS). Our ESS, PACS, and LACS solutions are engineered to enable the implementation and management of controlled access systems consistently at the enterprise level – rather than silo’d or one-off solutions – in order to minimize your maintenance costs and standardize your systems. We integrate your ESS, PACS, and/or LACS investment with your business strategy to ensure the solutions fit within your specific budget and needs, yet still enhance mission accomplishment.
TWD understands the applicable guidance, policies, and regulations related to access control including
- National Security Directive 42 (NSD-42)
- HSPD-12 Initiatives
- Homeland Security Presidential Directive No. 7
- National Strategy for Securing Cyberspace
Cybersecurity: Securing the logical world (cybersecurity) is a continuous cycle of detecting and deterring attacks and developing new responses to new attack vectors. Technology is the principal means of defending your network against an increasingly potent and persistent threat environment.
TWD designs and implements agile cybersecurity systems that cover these areas:
- Network Defense TWD IT security subject matter experts provide a full range of network defense tools and services to minimize risk and secure your network systems and information. Their experience encompasses a broad range of security areas, including security incidents response, forensic analysis, patch management, vulnerability assessment/testing/remediation, log analysis, and Enterprise Security Intelligence (ESI) which is comprised of security information management (SIM), and security information and event management (SIEM). TWD information systems professionals provide added network protection through the implementation of Virtual Private Networks (VPN) solutions. TWD IT technicians are proficient in the installation and configuration of servers, and in securing workstations and servers to your specifications.
- Governance, Risk, and Compliance (GRC) Today’s organizations must adhere to strict regulations aimed at protecting information. Government agencies are no exception, particularly due to the sensitive and/or proprietary nature of the data that they tend to hold in their systems. The highest-level formulation of information security policy, the Federal Information Security Management Act (FISMA) assigns responsibility to the National Institute of Standards and Technology (NIST) to strengthen information security for the federal government by developing standards, guidelines, and associated methods and techniques for providing adequate information security for all federal agency operations and assets. All GRC efforts are focused on ensuring that the application of security controls meets NIST standards and guidelines.
TWD has deep knowledge and experience implementing industry-leading innovative IT management services that automate the FISMA process. In addition, we embrace the paradigm of continuous compliance monitoring rather than the historically static “snapshot” process of certification and accreditation (C&A). TWD subject matter experts provide advisory services to assist you in the development of security programs, policies, and procedures to ensure that your systems and information remain protected from both internal and external threats. Our support covers the training, awareness, and education required to help you remain compliant with policies, guidance, directives, and law. Our security professionals are well-versed in the regulations requiring information assurance programs, policies, and audit, including:
- Federal Information Processing (FIP) Standards 199 and 200
- DoD Instruction 8510.01: DoD Information Assurance Certification and Accreditation Process (DIACAP)
- ISO/IEC 27001:2005 Information Security Management System (ISMS) Standard
TWD has more than 20 years of extensive, demonstrated experience in developing, deploying, and maintaining effective IT security solutions, and have assisted with the following security services and solutions for our customers:
- TWD has implemented the infrastructure to enable security, access control, and CCTV solutions for several clients including the Ft. Detrick Emergency Services Center, the National Archives, and the Walter Reed National Military Medical Center.
- TWD has provided GRC services since the early 1990s when we began supporting our Department of Defense (DoD) and Federal Civilian clients, as well as for the Department of Homeland Security since its inception in 2001.
- TWD has assisted in the C&A process for the Program Executive Office for Littoral Combat Systems (PEO LCS) and its predecessor organization (PEO LMW) to ensure that their IT systems, applications, and video teleconferencing (VTC) systems met FISMA requirements.
- TWD is responsible for the C&A of over 30 systems for the Naval Sea Systems Command (NAVSEA) CIO, including VTC, networks, applications, and computing systems.
- TWD provides complete GRC services to the DHS CWIN Network, including documents that make up the system C&A and the security policy.
- For the Treasury Department, TWD provides GRC services which involve both management and operational functions.
Management functions focus on the C&A documents for the system such as:
- Systems Security Plans – a comprehensive description of the system and the security controls in place
- Contingency Plans – a document that describes the process to recover systems following a disruption
- Patch and Configuration Management Plan – a document that describes the process of applying operational or application system level critical/mandatory patches and hot-fixes, and ensuring that our systems adhere to the Federal Desktop Core Configuration standards
- Vulnerability Management Plan – a document that describes the process of using IP scanning tools which provides vulnerability reports and provides findings for remediation of risks
- COOP Plan – a plan that details how the system will restore continue operations if the primary site is down
Operational functions have multiple facets and include:
- Day-to-day security measures
- System hardening
- Continuous monitoring – which includes periodically scanning the system with Treasury-approved vulnerability management and Security Content Automation Protocol (SCAP) scanning tools to find possible vulnerabilities and configuration management issues.
Securing independent government networks