Mission Critical Global Technology Group nterprise Security Risk Management (ESRM)
MCGlobalTech Enterprise Risk Management Program
Aug 04, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Mission Critical Global Technology Group
Enterprise Security Risk Management (ESRM)
About Us
MCGlobalTech– Mission Critical Global Technology Group (MCGlobalTech) is
a minority owned, small business founded by industry leaders to provide strategic advisory and security consulting services to public and private sector business managers to better align technology and security programs with organizational mission and business goals.
– The Principals at MCGlobalTech have been providing Information Security services to the Federal Government and the private sector for over 25 years
Our Values
At MCGlobalTech, we believe that strong values create long term relationships with our customers, employees, partners and the communities we serve. At the heart of everything we do, our corporate values are:– Providing customer satisfaction– Delivering innovative solutions – Empowering staff for success– Promoting Entrepreneurial spirit – Maintaining technical excellence MCGlobalTech
Staff
SkillsSuccess
What we offer
MCGlobalTech is able to provide our customers with innovative, mission-critical solutions in a broad variety of technologies. We consider the following our core competencies:– Information Assurance (Security Authorization)– Vulnerability Management– Security Risk Management– Security Engineering– Penetration Testing– Network Security
Enterprise Security Risk Management
Our framework for providing our security services is encompassed in our Enterprise Security Risk Management solution (ESRM). The ESRM framework provides full life-cycle security support to ensure that federal agencies and commercial customers meet their regulatory and business security requirements.
ESRM Full Life-Cycle Security
Security Requirements
Definition
Security Design and Engineering
Security Test, Validation and
Reporting
Security Documentation and Response
ESRM Full Life-Cycle Security
Security Requirements Definition– This phase of the life cycle defines the security
management, operational and technical requirements for the system.
– The MCGlobalTech engineers will define the requirements of the system in accordance with the applicable government or commercial regulation (FISMA, ISO, CoBit, etc.). This is the foundation of the system and it will impact its design, hardware, software, performance, security and reliability.
ESRM Full Life-Cycle Security
Security Design and Engineering– Focusing on the security aspects in the design, the
system must be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts.
– The MCGlobalTech engineers will provide security support to include security architecture design, security control identification and implementation and security risk analysis and assessment.
ESRM Full Life-Cycle Security
Security Test, Validation and Reporting– MCGlobalTech offers a full range of system testing
to include security controls testing, application testing, vulnerability testing and penetration testing. These test are performed in accordance with government or commercial regulations and guidelines.
– MCGlobalTech also offers Independent Validation and Verification (IV&V) testing to ensure that the system meets the defined security requirements.
ESRM Full Life-Cycle Security
Security Documentation and Response– During the operational phase of the system the
MCGlobalTech consultants will create and/or finalize the system security documentation to include security design, security plans, risk assessments, etc.
– MCGlobalTech can provide support for forensic analysis and incident response in cases of system breach. MCGlobaltech can also implement its Security Continuous Monitoring program to ensure system confidentiality, reliability and security.
Security Continuous Monitoring
Our primary service offering within ESRM is our Security Continuous Monitoring (SCM) program. MCGlobalTech’s SCM program is designed to help federal agencies and commercial clients meet existing government regulations, respond to both internal and external audits and existing and new security threats and vulnerabilities.
SCM
Internal & External Audits
Federal Guidelines and
Directives
Threats and Vulnerabilities
Security Continuous Monitoring
The SCM program is designed to review the security of an organization’s IT infrastructure on a recurring basis. The program is intended to measure an organization’s security posture over time. This will allow management to understand whether the security of the network is improving or declining and
determine what areas to focus available resources.
Baseline Assessment
Monthly/Quarterly Checks
FullAssessment
Malicious Code Hackers
Security Continuous Monitoring
SCM Compliance ScopeMaintain security documentationPerform vulnerability assessmentPerform security controls testingEnforce policy through internal reportingTrack and update system weaknessesEducate and train users and system administratorsMonitor changes throughout environment
Security Continuous Monitoring
SCM Compliance ScheduleEnterprise Compliance Schedule
Monthly Conduct Security Controls Testing Ensure Patch Management Compliance Update Policies and Procedures Findings tracking and reporting
Quarterly Policy compliance auditing Incremental Vulnerability Assessments POA&M updating and reporting
Annually/Continuous
System Security Plan & Risk Assessment Update Perform Penetration Testing Providing Information Security Training Monitor Changes throughout the Environment
Past Performance
MCGlobalTech’s Principals have worked for and with large contracting and consulting firms. They have provided security expertise throughout the federal government including the Department of Defense, Intelligence and Federal Civilian Agencies. They have also provided security services to large financial, healthcare and various commercial organizations throughout the country. A list of federal and commercial clients along with the specific security services performed is listed in the following tables.
Past Performance (Federal)
Clients Information Assurance
Vulnerability Management
Security Risk Management Security Engineering Penetration Testing Network
Security
DHS ● ● ● ● ● ●
DOL ● ● ● ●
IRS ● ● ● ●
NASA ● ● ●
DOT ● ● ●
DOD ● ● ● ● ●
FBI ● ●
VA ● ●
USAID ● ● ●
Past Performance (Commercial)
Clients Security Program Management
Security Risk Management Security Engineering Penetration Testing Vulnerability
Management
FISERV ● ● ● ●
Verisign ● ●
CarMax ● ●
Freddie Mac ●
Booz Allen ● ● ● ● ●
Hawaiian Healthcare ● ●
Bancroft ● ●
Lydall ● ●
IBM ● ●
Walgreens ● ●
Contact Us
Mission Critical Global Technology Group1325 G Street, NW
Suite 500Washington, District of Columbia 20005
Phone: 202.355.9448Email: [email protected]
Eugene E. Dorns
Morris CodyManaging Principal
Managing [email protected]
[email protected] (202) 355-9448 x102
(202) 355-9448 x100(703) 868-1873 (cell)
(302) 740-2022 (cell)
Related Documents
