We take a proactive – as opposed to a reactive – approach to Information Assurance and Cybersecurity (IA&C) to help our clients proactively prevent attacks and resolve potential threats before they become reality. This is accomplished by providing end-to-end IA&C services starting early in the solutions development lifecycle to secure deployment and operations.
The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that requires companies to establish protection plans for secure information and data. FISMA is part of the larger E-Government Act of 2002 designed to monitor and improve sensitive information managed by electronic government services and organizations.
The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for its information systems and data within to support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
Our security compliance services include:
- Coordinating with the client’s executive leadership to help define the information security program and framework
- Managing the development, implementation, and maintenance of the program
- Governance including security policies, procedures, and metrics
Security Assessment and Authorization
With a strong foundation in Security Assessment & Authorization and Risk Management, CSI offers Assessment & Authorization methodologies to strengthen your security posture while ensuring you’re compliant.
Given the very real and present nature of cybersecurity threats, organizations must consistently maintain heightened security awareness to protect their critical information and assets.
- Risk Management Framework (RMF)
- NIST SP 800-37
Information Systems Security Officer Support
CSI has highly skilled and experienced Information Systems Security Officers (ISSOs) available to provide support to organizations. CSI ISSOs have the technical expertise as well as the FISMA compliance expertise to successfully take a new system from Step 1 of the Risk Management Framework (RMF) to Step 6 of the RMF while ensuring that maintains a security posture that is acceptable by the organization. Our ISSOs have over 10 years experience providing ISSO duties such as:
- Categorizing systems
- Updating security plans
- Performing self assessments
- Drafting and maintaining privacy threshold analysis and privacy impact assessments
- Completing risk assessments
- Supporting audits
Cyber Security Innovations focuses on providing quality penetration testing services to federal and commercial customers. During the penetration testing stage, our experienced consultants provide ongoing updates to allow the costumer time to remediate findings while the assessment is in progress. Having assisted many companies through their first penetration testing experience, CSI provides comprehensive, understandable reports, and our consultants are available to discuss in depth and provide remediation advice.
- Penetration testing
- Internal network penetration tests
- External network penetration tests
- Web & mobile application penetration tests
- Wireless penetration tests
We are widely recognized for our cloud security services that includes a leading FedRAMP Advisory Service offering. Our team guides our clients through every step, from leveraging our proven methodology assessing cloud service providers (CSPs), supporting cloud PMOs in Federal Agencies, to developing system security plan documentation and performing readiness reviews.
We offer services such as:
- Cloud Security Evaluations
- Secure Cloud Integration
- FedRAMP Advisory Services
We will provide training to your staff, regardless of the size, at your desired location. We believe you are never too small to implement security awareness & training in your organization, as this is beneficial to you and your customers. Our training packages include information on regulatory requirements (FISMA, HIPPA, SOX, GLBA, etc.) to ensure your business has an adequate internal control framework in place. Our training focuses on, but is not limited to the following areas:
We offer services such as:
- CISSP boot camps
- Security+ boot camps
- Security Training for Non-Security Professionals
- Security Awareness
Training is available in Spanish. Contact us for more information on CSI’s training packages.