|
| |
 |
| |
 |
System Security Assessment |
| |
Information security has fast become a major element of any project today, and 3TI has continued to support our clients in the information technology security assessments. Federal Information Security Management Act (FISMA) requires that security be considered as part of the Initiation Phase of a project. Considering security early and building in the controls can avoid expensive retrofits. At the appropriate time prior to Implementation, the Technical Specialists most experienced in information security planning will develop system security plans, risk assessments, risk mitigation activities, contingency plans, and security test and evaluation requirements. These products will be compiled into a system certification package called Certification and Accreditation (C&A) that will be provided to the Information System Security Manager. Following approval of the certification, the Project Management Support Group will prepare an accreditation package to be sent to the CIO for review and approval. If appropriate, the Technical Specialists will prepare a Privacy Impact Assessment to be reviewed by the CIO as well.
3TI staff members have years of experience in planning, implementing and reviewing information technology security measures. The following paragraphs indicate several of the areas in which 3TI is prepared to support our customers who wish to strengthen their own information technology security environment. |
| |
 |
Conduct overall assessments of the security environment for information technology systems, evaluating the management, operational and technical controls in place. |
|
Develop security test and evaluation plans for information technology systems to insure that security measures are considered early in the software lifecycle. Establish criteria for conducting security testing of completed software products to validate that the intended security measures are present and effective. Provide results of security testing to management for acceptance of the final software products. |
|
Develop processes to review critical information resources with the system owner, to identify business impacts resulting from loss of or damage to these resources. Ensure that provisions exist in software contingency plans to insure that the business critical resources are adequately protected, or that alternate methods exist to maintain critical business processes. |
|
Conduct risk assessments for information technology systems, examining the criticality and sensitivity of the information resources. Review the threats and vulnerabilities present, and security countermeasures available. Provide results to management indicating potential risk present, and cost effective mitigation options. |
|
Develop system security plans for information technology specifying individuals and organizations responsible for the system, outlining the existing security environment, and discussing the countermeasures in place. Provide the plan to management to document the security status of the system. |
|
Develop a package for management to approve the operational implementation of a system. Operational approval will be based on review of risk assessment, security testing, contingency operations, and overall system security plans. Management approval of the system’s operation would constitute acceptance of residual risk, and represent a contract between management and the system owner that adequate security measures are in place. |
|
Conduct periodic reviews of overall information technology security environment, making appropriate recommendations for improvements based on changes in the software or the business environment. |
|
| |
|
| |
For More Information Contact: |
| |
3T International, Inc. (3TI)
1934 Old Gallows Road Suite 350
Tysons Corner, VA 22182
United States of America
Main:
(703) 255-4616
www.3ti.com |
|
| |
|
