Soft-Con IT Security Services has provided support to federal, state and county organizations and private sector businesses with a myriad of IT Security needs. This level of support has ranged from assisting these organizations getting their IT Security programs off the ground to providing ongoing support to a more robust and mature IT security focused organization. Our IT Services are structured in two main areas:
- Security Awareness Framework
- Security Compliance and Assessment
Security Awareness Framework
Soft-Con advo It is absolutely critical that the areas of emphasis be addressed separately and collectively to ensure that the workplace, and all who participate in the operation, have a knowledge and understanding of workplace security appropriate for their level in the organization. This approach, when properly implemented and consistently adhered to, creates a virtual “wall of security” within an organization.Senior management within an organization must be familiar with the four areas of emphasis in order to take the lead in creating an atmosphere of security sensitivity and awareness.Using this framework, Soft-Con provided their customer remediation recommendations across all areas of emphasis that addressed a need for:
cates a unique and effective approach to security awareness in the workplace. This approach features a four part framework that facilitates a non- intrusive implementation of a security awareness strategy and serves to institutionalize and reinforce a “security aware” environment.
Security Operations
Our approach to assessing a customer’s information system security posture and compliance to security requirements is centered on three main areas:
- Assessment and Authorization (A&A)
- Vulnerability Assessment
- Security Compliance
Our support in this area identifies required security controls and organizational (system owner) requirements needed based on organizational security policies, procedures and practices and the assurance that they ascribe to the internal guidance set forth in that organizations’ s governing security publications and with all Federal, State and Industry security compliance standards and publications.
Case Studies
Security Operations/Analysis
SCE led a Host-Based Intrusion Detection System (HIDS) Implementation effort in support of a General Support System comprising of over several hundred servers. This effort was initiated in response to identified weaknesses associated with WINDOWS Anti-Viral threats that could potentially transit through UNIX servers. SCE developed an implementation strategy grounded in the mitigation of risk to normal operations through the execution of a pilot prototyping phase for HIDS installation and verification. This very successful SCE approach afforded our customer the ability to address technical, procedural and operational concerns prior to full implementation into the production environment.
FISMA Security Compliance
SCE was tasked with ensuring the remediation of Federal Information Security Management Act (FISMA) related to audit findings closure of system security weaknesses within an aggressive timeline. The immediate challenge was to define an effective remediation framework for the government entity to foster appropriate solutions within various areas of IT operations. Activities were conducted to define action plans to foster needed improvements; conduct working sessions to define closure strategies; disseminate policies and standards to stakeholders and operational locations; conduct training sessions to improve security awareness and operational practices; and develop weekly dashboards to report the outcomes of corrective actions. The end result provided the customer with an effective process for directing audit closures; a system of management and accountability; and a method for documenting the outcomes of corrective actions.