REVIEW . DEVELOPMENT . UPDATE
Given the very real and present nature cybersecurity threats, organizations must consistently maintain heightened security awareness to protect their critical information and assets.
Commercial QoS customizes Information Security Program reviews, development and updates specific to an organization’s need. Everyone should exercise good cyber hygiene in the management of information systems; however, a large-scale approach may not be suitable to small scale company with a modest InfoSec team. Using a tailored approach allows organizations to maintain compliance, leverage comprehensive security practices and avoid unnecessary overhead. Our tailored approach to aiding organizations in developing and improving their overall information security system management is scalable. Our consultants are knowledgeable across a variety of industries, including, but not limited to, financial, technological, healthcare, education, software and managed services. We leverage our experience, in conjunction with industry standard methodologies to deliver world-class services. The Commercial Information System Security services include:
Once we’ve determined the information being processed, stored, and transmitted by the system or program, QoS will determine an appropriate initial set of security controls based on the risk level and compliance requirements. The following phase includes:
Federal Government and Contractors QoS is intimately familiar with the associated Assessment & Authentication (A&A) process – sometimes still referred to as Certification and Accreditation (C&A) – and the relevant standards, frameworks, and regulations that organizations should employ, such as:
Ever since the A&A process was initially defined (FISMA, DOD RMF, DIACAP, etc.), QoS has been providing support and services to many of our Government and commercial clients. QoS has the experience (DoD, Civil, Intelligence, Commercial) and expertise to support your organization, department, or agency in gaining formal system approval/authority to operate at the appropriate security level. Stemming from a comprehensive risk management framework, QoS’ tactical approach allows us to:
As a client of QoS, a security assessment for your organization, department, or agency will be conducted by a team of experienced security engineers with strong backgrounds in cybersecurity, compliance, and specific systems experience. Employing the RMF A&A process as a baseline, we will collaborate with your associated security team, system owners, and department leads to thoroughly assess your IT environment while maintaining a strong line of communication. While providing associated ongoing walkthrough briefings for key stakeholders, QoS will initialize the process through:
Once we’ve determined the information being processed, stored, and transmitted by the system or program, QoS will determine an appropriate initial set of security controls based on the security categorization or conduct an analysis of existing security controls through:
Through the selection or evaluation of relevant security controls and safeguards based on mission/business impact, risk to operations and assets, and personnel, QoS will then determine the control documentation requirements, develop or review control-related artifacts, and reference the processes for applying industry best practices to reduce the overall level of risk. Following the implementation process, we will assess the security controls to ensure they were implemented correctly, operate as intended, and successfully meet the system or program security requirements. Our base testing process includes:
Concerning roles and responsibilities of key stakeholders, as they relate to the completion, submission, and approval of authorization packages, QoS will collaborate with you to:
As maintaining an effective security posture and accreditation status is of critical importance, QoS will conclude the security assessment with a deliverable package and a final briefing that overviews: