Information Assurance Program

Information assurance ensures the confidentiality, integrity, availability, possession, utility, authenticity, non-repudiation, authorized use, and privacy of information in all forms and during all exchanges. It defines and applies a collection of policies, standards, methodologies, services, and mechanisms to maintain mission integrity with respect to people, process, technology, information, and supporting infrastructure.

IA Core Principles

• Confidentiality - ensures that only authorized personnel can access information.
• Integrity - ensures that information remains unchanged and true to its original form.
• Availability - ensures that information or information resources are ready for use within specified operational parameters.
• Possession - ensures that only authorized personnel hold information or information resources.
• Authenticity - ensures that information or information resources conform to reality and are not misrepresented.
• Utility - ensures that information is usable and fit for purpose.
• Privacy - ensures the protection of personal information from observation or intrusion, as well as adherence to relevant privacy compliances.
• Authorized Use - ensures that only authorized personnel can use cost-incurring services.
• Non-repudiation - ensures that the originator of a message or transaction cannot deny the action later.
• Basic conceptual structure for defining and describing an information assurance architecture.
• isk (root driver) can be expressed in terms of business and technical drivers.
• Six architectural views: - people, policy, business process, system and application, information/data, and infrastructure.
• A single statement of risk can be expressed from the perspective of nine IA Core Principles, each from one of the six different IA2 views, or 54 perspectives on that single risk.
• Enumeration and classification of information assets, such as data/information technology and value.
• Risk assessment (vulnerabilities and threats).
• Risk analysis (probabilities/likelihood and impacts), risk management (treatment).
• Test and review.

Information Assurance program

• Form a cross-functional (technical, physical, personnel, and environmental) matrix team consisting of empowered management and staff, who have the responsibility to develop and manage the Netspective Communications LLC’s long-term strategic direction.
• Incorporate an Information Assurance Program that includes:
  • A Security Vision & Strategy
  • Senior Management Commitment
  • Training and Awareness Programs

• An Information Assurance Management Structure.

Assessment and Diagnostic service

• Conduct risk assessment that incorporates asset inventory, mission requirements-driven policies, threats, vulnerabilities, associated risks, countermeasures, and a strategic action implementation plan.
• Perform penetration testing and analysis.
• Assess the financial budget.
• Conduct diagnostic security review of specific platforms.
• Analyze asset inventory.
• Conduct security readiness reviews.
• Evaluate security testing.
• Implement the Government Information Security Reform Act.
• Analyze critical infrastructure protection.
• Certify and accredit the system’s security authorization agreement.
• Assess data/information integrity.
• Conduct site surveys and analysis.
• Utilize tools.

Management Services

• Policy Development
• Technical writing
• Standards
• Management Infrastructure
• Education Training and Awareness
• Business & Technical Disaster
• Recovery (documentation training and testing)
• Management Training
• Continuity of Operations Development
• Capacity Management
• Configuration Management
• IAP metrics
• Knowledge Management
• Economic security
• Strategic Management Consulting

Architecture Services

• Enterprise-wide architecture
• Network security architecture and Specialized architecture
• Security Product Review and Analysis
• Security program and Analysis
• Lifecycle Methodology Development
• Configuration
• Security Architecture and Design

Implementation Services

• Commercial Security products (COTS)
• Encryption
• Single Sign On
• Firewalls
• Servers
• Routers
• Web/Internet services
• VPN’s
• Public Key Infrastructure
• Secured Electronic Transaction
• Digital certificates
• Certificate Authority Design
• Authentication
• Directory Services
• Smart Cards
• Biometrics
• Wireless

Incident Investigation and Assurance Services

• Investigation and recovery from computer security incidents
• Data Forensics
• Incident Reporting and response services
• CERT/NOC capabilities
• Vulnerability Alerts
• Virus Alerts
• Unauthorized Intrusion detection