Securing and Protecting Cyber Assets and Infrastructure

The technical and managerial measures designed to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.

The fundamental elements of our business are the applications of technologies, methodologies, and skilled staff to meet the requirements of our customers. iSYS has successfully applied these fundamental elements providing IT services to an ever growing list of satisfied customers to include Department of Defense (DoD), Federal Bureau of Investigation (FBI), and National Institute of Health (NIH). iSYS has a strong foundation in providing IT support services that are based upon the Carnegie Mellon’s Software Engineering Institute’s (SEI) Capability Maturity Model (CMM).

iSYS has experience in all aspects of lifecycle support of IT systems. The iSYS staff will leverage many years of experience in Information System Security Engineering and Information Assurance (IA) support. Our staff consists of both Certified Information System Security Professionals (CISSP) and Certified Information Security Managers (CISM). This puts us in a select group of contractors who can vie for business opportunities within the government sector.

iSYS addresses all aspects of information security concerns in DoD and non DoD environments. This includes; life-cycle support for both development and ongoing initiatives. For example, managing the information security efforts for a multi-million dollar DoD/Health Affairs mission critical contract, providing guidance and direction to other contractors whose products were integrated into the end product, evaluating and configuring a DoD Health Affairs standard VPN, and assessing the security posture of numerous DoD and Air Force specific systems. Additionally iSYS has vast experience in performing DoD Information Technology Security Certification and Accreditation Process (DITSCAP) and DoD Information Assurance and Certification Process (DIACAP) Certification and Accreditation activities and evaluating Certification and Accreditation activities, designing secure networks, performing and analyzing the results of penetration testing and security scans. iSYS is heavily involved with the creation of standards-based documentation for numerous systems under the guidance of DITSCAP and DIACAP documentation applying guidance from DoD 8510.1-M and DoDI 5200.40, DoDI 8500.2,and DoDI 8510.01. We also have experience certifying Department of Justice (DoJ) systems using DCID6/3, the MIOG and the FBI Certification and Accreditation guidelines. iSYS has experience in using NIACAP and NIST guidelines (i.e., NIST PUB 800-53). iSYS has supported the Defense Logistics Agency IA program and Computer Emergency Response Team (CERT) for over four years providing:

• Oversight and support
• Governance
• Development of policies and procedures
• Development of security awareness education and training
• Conducting compliance reviews
• Certification and accreditation
• Risk management
• Develop and tracking of Plans of Actions and Milestones
• Incident response
• Vulnerability assessments

iSYS personnel are experienced in the data collection, analysis and configuration of security relevant products. Our experience is based on similar activities performed as network and security engineers under contract to the Department of Defense (DoD) Health Affairs organization and as Security Engineers under contract to the Tri-Service Management Program Office, an operational entity of DoD. iSYS personnel have worked extensively with DoD Security Policies, and security product configuration documentation. iSYS security engineers have been a critical part of Government CERT activities. In this capacity, iSYS has performed configuration, operation for Network Intrusion Detection (NIDS), Network Intrusion Prevention (NIPS), Host Based Intrusion Detection (HIDS) using Internet Security Suite and McAfee products. We also support the management of these intrusion appliances using ISS SiteProtector and McAfee’s Service Manager Consoles. Additionally, we provide support for the ArcSight implementation as a standard correlation tool.

The creation, execution, and evaluation of security tests are strengths of iSYS. iSYS personnel have authored, executed and evaluated numerous security test suites in the Microsoft, Unix and mainframe environments, using various penetration and testing tools such as: Nessus, NeWT, eRetina, DISA provided STIGS and SRRs.

iSYS personnel have been responsible for composing written procedures for both the standardized and custom installation and configuration of Entrust TruePass. This expertise led to a series of internal seminars conducted by iSYS on the implementation of Entrust TruePass. For the US Immigration and Naturalization Services, we have drafted official policies, standards, and procedures for the implementation of 60 Internet Security Systems (ISS) RealSecure Server Sensor Intrusion Detection sensors throughout the organization’s national network, based on requirements outlined in Department of Justice order 2640.2D. Additionally, as part of the requirement for laptop encryption outlined in Department of Justice order 2640.2D, iSYS managed security testing and evaluation of proposed vendor products. These duties included the gathering of applicable requirements, in addition to authoring a detailed test plan for each evaluated product. We performed Certification and Accreditation (C&A) work for the US Department of the Interior’s Bureau of Indian Affairs as well as the Department of State. Our C&A work for both agencies identified requirements for evaluation of system security controls, in addition to authoring numerous System Security Plans (SSP), Contingency Plans (CP) and conducting NIST 800-26 Self-Assessments.

iSYS believes in a collaborative development work environment and has the experience and expertise to work with personnel from all skill types and levels to provide the security engineering support required to ensure projects are successful.