Security engineering holistic approach seeks to first identify security gaps and potential scenarios by which those gaps could be exploited or otherwise cause harm. Using identified gaps, our subject matter experts build customized roadmaps with specific actions to be taken toward addressing the identified gaps and fully integrating security into the enterprise. Examples of roadmap items include:

CONTINUOUS MONITORING

Identification of continuous monitoring strategies aimed at wholly integrating security the enterprise in general and business processes in particular;

SEIM

Security Event and Incident Management (SEIM) design, procurement, deployment and maintenance;

VULNERABILITY SCANNING

Infrastructure and application vulnerability scanning;

CONFIGURATION

Tailored baseline configuration standards for all operating systems, including Windows, Linux and Mac;

SDLC

Implementation of change management/configuration control through the use of a tailored system development lifecycle (SDLC);

FISMA

FISMA security assessments (i.e., Security Assessment & Authorization (SA&A)) in accordance with the Risk Management Framework (NIST SP 800-37).