Securing and Protecting Cyber Assets and Infrastructure
The technical and managerial measures designed to ensure the confidentiality, possession
or control, integrity, authenticity, availability and utility of information and
The fundamental elements of our business are the applications of technologies, methodologies,
and skilled staff to meet the requirements of our customers. iSYS has successfully
applied these fundamental elements providing IT services to an ever growing list
of satisfied customers to include Department of Defense (DoD), Federal Bureau of
Investigation (FBI), and National Institute of Health (NIH). iSYS has a strong foundation
in providing IT support services that are based upon the Carnegie Mellon’s Software
Engineering Institute’s (SEI) Capability Maturity Model (CMM).
iSYS has experience in all aspects of lifecycle support of IT systems. The iSYS
staff will leverage many years of experience in Information System Security Engineering
and Information Assurance (IA) support. Our staff consists of both Certified Information
System Security Professionals (CISSP) and Certified Information Security Managers
(CISM). This puts us in a select group of contractors who can vie for business
opportunities within the government sector.
iSYS addresses all aspects of information security concerns in DoD and non DoD environments.
This includes; life-cycle support for both development and ongoing initiatives.
For example, managing the information security efforts for a multi-million dollar
DoD/Health Affairs mission critical contract, providing guidance and direction to
other contractors whose products were integrated into the end product, evaluating
and configuring a DoD Health Affairs standard VPN, and assessing the security posture
of numerous DoD and Air Force specific systems. Additionally iSYS has vast experience
in performing DoD Information Technology Security Certification and Accreditation
Process (DITSCAP) and DoD Information Assurance and Certification Process (DIACAP)
Certification and Accreditation activities and evaluating Certification and Accreditation
activities, designing secure networks, performing and analyzing the results of penetration
testing and security scans. iSYS is heavily involved with the creation of standards-based
documentation for numerous systems under the guidance of DITSCAP and DIACAP documentation
applying guidance from DoD 8510.1-M and DoDI 5200.40, DoDI 8500.2,and DoDI 8510.01.
We also have experience certifying Department of Justice (DoJ) systems using DCID6/3,
the MIOG and the FBI Certification and Accreditation guidelines. iSYS has experience
in using NIACAP and NIST guidelines (i.e., NIST PUB 800-53). iSYS has supported
the Defense Logistics Agency IA program and Computer Emergency Response Team (CERT)
for over four years providing:
- Oversight and support
- Development of policies and procedures
- Development of security awareness education and training
- Conducting compliance reviews
- Certification and accreditation
- Risk management
- Develop and tracking of Plans of Actions and Milestones
- Incident response
- Vulnerability assessments
iSYS personnel are experienced in the data collection, analysis and configuration
of security relevant products. Our experience is based on similar activities performed
as network and security engineers under contract to the Department of Defense (DoD)
Health Affairs organization and as Security Engineers under contract to the Tri-Service
Management Program Office, an operational entity of DoD. iSYS personnel have worked
extensively with DoD Security Policies, and security product configuration documentation.
iSYS security engineers have been a critical part of Government CERT activities.
In this capacity, iSYS has performed configuration, operation for Network Intrusion
Detection (NIDS), Network Intrusion Prevention (NIPS), Host Based Intrusion Detection
(HIDS) using Internet Security Suite and McAfee products. We also support the management
of these intrusion appliances using ISS SiteProtector and McAfee’s Service Manager
Consoles. Additionally, we provide support for the ArcSight implementation as a
standard correlation tool.
The creation, execution, and evaluation of security tests are strengths of iSYS.
iSYS personnel have authored, executed and evaluated numerous security test suites
in the Microsoft, Unix and mainframe environments, using various penetration and
testing tools such as: Nessus, NeWT, eRetina, DISA provided STIGS and SRRs.
iSYS personnel have been responsible for composing written procedures for both the
standardized and custom installation and configuration of Entrust TruePass. This
expertise led to a series of internal seminars conducted by iSYS on the implementation
of Entrust TruePass. For the US Immigration and Naturalization Services, we have
drafted official policies, standards, and procedures for the implementation of 60
Internet Security Systems (ISS) RealSecure Server Sensor Intrusion Detection sensors
throughout the organization’s national network, based on requirements outlined in
Department of Justice order 2640.2D. Additionally, as part of the requirement for
laptop encryption outlined in Department of Justice order 2640.2D, iSYS managed
security testing and evaluation of proposed vendor products. These duties included
the gathering of applicable requirements, in addition to authoring a detailed test
plan for each evaluated product. We performed Certification and Accreditation (C&A)
work for the US Department of the Interior’s Bureau of Indian Affairs as well as
the Department of State. Our C&A work for both agencies identified requirements
for evaluation of system security controls, in addition to authoring numerous System
Security Plans (SSP), Contingency Plans (CP) and conducting NIST 800-26 Self-Assessments.
iSYS believes in a collaborative development work environment and has the experience
and expertise to work with personnel from all skill types and levels to provide
the security engineering support required to ensure projects are successful.