SRC defines complex operational and technological requirements by researching and identifying best-in-industry solutions and delivering unbiased and credible recommendations. We deliver information assurance support to our U.S. Government customers in the following areas: IA Policy and Program PlanningSRC seeks to ultimately enhance the customer's overall business processes through IA policy and program planning. This starts by defining an IA infrastructure and the roles and responsibilities. We then devise training standards, develop self-evaluation processes and identify existing or needed skill sets to implement an effective IA program. Information Risk AnalysisSRC helps determine the sensitivity, criticality and lifespan of corporate information, taking particular note of "crown jewels." We then profile the user base, looking at the information needs, access privileges and characteristics specific to its use. Our analysts then conduct assessments that identify and correlate threats to vulnerabilities. We conclude this study with an estimate of the organization's information risk. Protection EngineeringWe develop processes for network monitoring and computer defense metrics. SRC also institutes vulnerability scanning in support of reliable, patch-level situational awareness and management. Certification and AccreditationSRC works with SCOs, ISSMs, and directorate acquisition, development and operations managers to establish security requirements and the C&A boundary. We define accreditation criteria, review certification test results and recommendations, and prepare the CIO to make informed risk management decisions. |
Downloads
Contact UsFor more information about our capabilities with information assurance, please contact us today. |