Information Security & Threat Intelligence
Confidentiality. Accountability. Integrity.
Unlike many traditional Information Technology companies, Information International Associates’ (IIa) Information Security (InfoSec) and Threat Intelligence focuses on the most overlooked aspect of your company’s operations: Security. We are your trusted partner in secure design, configuration, operations, and management of secure technology solutions, where protection of sensitive business information is paramount to your success. Our critical infrastructure protection solutions and secure technology services portfolios aim to address critical operations, performance, and cost management objectives through application of proven methodologies and tested technologies to minimize risk to your bottom line.
Ransomware is the most recent game-changing form of malicious malware impacting businesses of all sizes and industries. Regardless of your investment in “Guns, Gates and Guards,” “Defense in Depth” with IDS and IPS, you will always have the "Human in the Loop". Security education and awareness training plays an integral role in your proactive defense strategy. Unfortunately, there is no 100%, fool-proof "fix" in existence that you can buy or install. If your business hasn’t experienced a compromise already, you or one of your business partners will likely experience ransomware at some point in 2017. Recovering from ransomware attacks hinge on establishing and deploying a resilient backup and recovery strategy before a compromise. It’s a key strategy that is often overlooked until after-the-fact. IIa can help you build a scalable, resilient, economic recovery strategy to ensure you are able to protect your critical information, minimizing your down time, deploying scalable solutions while being good stewards of your budget.
We want to empower CxOs with the knowledge and tools to succeed with a tailored, balanced approach in securing their enterprise and providing CxOs and their leadership teams with tools, tactics and processes to achieve a reasonable standard resulting in reduced liability for enterprise cyber security.
We embrace a "Crawl, Walk, Run" delivery strategy, recognizing the value of a phased, yet resilient assessment and operational models. It’s impossible to completely eliminate the threat. It is important however to understand the threats, and our commitment to help educate you about the ever evolving threats, their third-order-effects, and help build resilient recovery strategies to minimize down time should you be impacted directly or indirectly by today’s cyber threats. We also recognize you’ve likely not budgeted for the unintended consequences of a data breach and work directly with your leadership team to guide them through the cyber incident response planning process, development of your Cyber Incident Response Team (CIRT), and preparedness training, walking them through hands-on table-top exercises.
World Class Cyber Security Solutions
Our executives are on a relentless pursuit of world-class cyber security talent and solutions that are practical and scalable for all classes of business. We partner with trusted solutions-providers to ensure you are investing in scalable, viable solutions while being good stewards of your budget.
Our Private and Public Sector Experience represents 30+ years in the most diverse and sensitive areas of the United States government including The White House, the United States Intelligence Community and the Department of Defense. Our collective track record of successful performance in secure operations environment, including specific cost-reduction, facility optimization, and high-end technology performance & enhancement results at the most senior levels of the United States government, the intelligence community and private industry.
Our Strategic Focus
Critical Infrastructure Protection and secure technology services portfolios are aimed at addressing critical operational, performance, and cost management objectives through application of proven methodologies and tested technologies to minimize corporate risk management aperture.
Information International focuses on security as well as improving the efficiency and effectiveness of IT operations to handle today’s rapidly growing enterprise information. Professional security services help IT organizations plan strategic and tactical transitions, define service catalogs, rationalize and refine processes, and redesign it into a secure, streamlined, fully functional asset to enhance and compliment your organization’s overall mission.
Security Strategy & Governance
We will define an enterprise approach for assessing, prioritizing, managing, and monitoring security risks. Achieve senior executive and board awareness and buy-in. Establish a business-¬‐driven governance process for the information security program. Help define security risk tolerance posture for the organization and an approach for making cost-¬‐benefit decisions with respect to accepting security risk. Define the desired end-¬‐state for security and identifying gaps from the current state. Establish short and long-¬‐term plans for achieving the end-¬‐state.
Security Policy and Procedure Development
We will guide you through drafting a suite of security policies, procedures, and standards that are tailored to your specific needs and risk posture for your organization. Clarify roles and responsibilities for key security control requirements. Identify mechanisms to demonstrate compliance and measure/report violations.
Information Security Solutions
The emphasis of an effective cyber security program is, in part, to weave cyber security into the DNA of the company’s culture. The InfoSec industry exists because there is a breakdown between business, technology, and people. Security is no longer a technology issue. Security is a business issue. Companies are defined by their incredible talent, delivery on service offerings, and resiliency after a set-back. Security models need to evolve from the data center, to the board room, to the hallways and breakrooms. Today’s technology evolves rapidly and it’s nearly impossible to keep up. Our message needs to surround "Cyber Resilience". Businesses must be able to withstand an attack or outage, recover quickly while minimizing down time, all the while, continuing to grow at the pace of business.
Security Baseline Configuration Management & Compliance
We will assist you in defining your tailored security baselines based on published guidelines and our visibility into what actually works in industry for systems and devices at all architectural layers, including host operating systems, databases, firewalls and other network devices, web servers, application servers, directories, based on unique risk profiles, risk tolerance, and compensating controls. We will assist you with deployment and configuration of automated tools to detect and measure non‐compliance and configuration drift. We assess compliance with industry standard baselines or organization‐specific guidelines, while managing exceptions to ensure that all noncompliant configurations are effectively remediated or assessed and documented as authorized deviations.
Business Continuity and Contingency Planning
We perform business impact assessment to identify disruption impacts and allowable outage times based on your unique business model. We assess system redundancy, high‐availability, and other preventive and avoidance controls to develop backup and recovery strategies, including offsite and cloud deployments, including step‐by‐step contingency and recovery plans. Additionally, we evaluate recovery plans to validate effectiveness and can assist in exercising your recovery strategy.
Cyber Security Training, Education and Awareness
We develop robust, relevant and realistic cyber security training, tailored to your organizational needs and industry segment. We develop and present solutions-based training with realistic outcomes, preparing attendees to prepare for, respond to, triage and mitigate pending technical threats and user-instigated vulnerabilities. We utilize case-study driven scenarios and table-top exercises designed to push IT Staff and Leadership Teams out of their comfort zones, and into the haste of catastrophic, breakdowns of technical backbone. We are available to present tailored Keynotes, education and Tech-Talks with inspirational messaging as they relate to current-day threats.
Security Program Execution and Assistance
Identify the people, process, and technologies required for effective security management. Implement action plans to develop or enhance security services and processes. Assist in the deployment of security-enabling tools and technologies. Define metrics and tools to measure and report progress.
Critical Infrastructure Protection (CIP) Consulting
Our CIP Certified consultants take a methodical, intelligence community-proven approach to meticulously assess your critical infrastructure "requirements" through a full-scope evaluation process which assesses not only your physical and technical operating requirements, but also takes into consideration your surrounding environment for which you may or may not be able to inspect or control. Those components, combined with your personnel security posture help you define your essential elements of friendly information (EEFI). (These are your "Crown Jewels") what are those elements of your EEFI, that if your competitor were to control, would give them a strategic advantage in your particular market place.
IIa’s security and technical professionals can walk you through the decision-making-process on a new infrastructure design from the on‐set of an idea scribbled on a dinner napkin, to a rough design sketch or architectural drawings, working with you through technical planning, design, construction, deployment and commissioning. We are able to provide technical oversight and will assist you with accreditation of your infrastructure.
Incident Response Planning, Disaster Recovery & Digital Forensics
While it’s difficult to fully prepare a business for the unexpected data breach or cyber-attacks, having a trained Cyber Incident Response Team (CIRT) and incident response plans can be the difference between business success and failure to fully recover. We help companies build their business continuity plans from the ground up, many times with little or NO starting point of a base document. It’s not a matter of "IF" a company will be breached or lose data… it’s "WHEN". …and when that day happens, the successful companies are the ones with a recovery plan to protect their Intellectual Property (IP). ...or "Crown Jewels".
Data Breaches and incident response is one of the most crucial, emotionally-driven times organizations experience, particularly when they are ill-prepared. We help organizations prepare in advance for unfortunate incidents by working directly with leadership teams and engineers to define their response procedures, clarifying roles and responsibilities. We investigate security breaches and anomalous events to help determine the impact on the organization’s operations and technical infrastructure. We can preserve admissible electronic evidence of an incident and assist local, state and federal law enforcement agencies in their investigative analysis of evidence relevant to their investigations.
We engage new customers through approved Passive Network Assessments, which we often offer at no-cost as a cursory service in a limited capacity. Network assessments help evaluate the current state of an organization’s network security in its current environment. We help clients identify problem areas, vulnerabilities, gaps in their intended technology configuration, resource utilization; as well as, evaluating the network’s ability to support the current and future requirements of the organization, while identifying potential points of compromise. A network assessment provides a baseline for all future changes or implementation of new technology within the network. Based on the findings during the assessment, recommendations will be made to help optimize, reduce the cost, and better meet the custom needs of that particular business.
Penetration Testing & Vulnerability Assessments
We assess systems with a combination of open source, commercial, and proprietary tools and methodologies to identify security vulnerabilities of external-facing systems, internal networks, and business processes. We perform limited procedures to confirm and deny the existence of vulnerabilities to reduce false positives, targeting networked and/or application layers as well as other external access points including networked and wireless LANs. We prioritize identified vulnerabilities, relevance, and develop specific remediation strategies.
Measures of Success
To claim success, you need to achieve a unique balance of risks associated with protecting your critical infrastructure, coupled with technical solutions for automation improvements. In many instances, these solutions, stifled by a lack of risk management control measures, or in many cases, not managed at all; cause increased risk and irrecoverable damage to your corporate enterprise and ultimately, your bottom line.
Information International Associates understands the critical services your organization provides are ultimately about your customers’ experience. Risk management is more than just protecting your physical infrastructure with the traditional IT deployment. We deliver a full spectrum, end‐to-end analysis of your day-to-day operations, providing advice, assistance and a mitigation strategy to remediate the vulnerabilities which limit your ability to deliver to your customers, on time, as promised.
Data Breaches will happen… How well you recover, defines your company.