Additional Services
We provide Information Security Assessment services customized to a business’s needs. The staff consists of senior experts with experience in the commercial sector, the intelligence community, the Department of Defense, Homeland Security, and other government sectors.
The following list of services represent commonly requested capabilities, but CPVI also provides customized offerings.
Security Policy Development
-
Provide Contingency and Continuity of Operations (COOP) planning to minimize loss of data and infrastructure ensuring the availability of business functions
-
Perform gap analysis on the IT operational environment to identify compliance with established policies and guidelines
-
Identify and develop risk mitigations to support business decisions
Security Assessment and Authorization
-
Identify system categorization and applicable security controls
-
Implement and document security controls
-
Coordinate Security Assessment activities
-
Develop Security Test Procedures to ensure security controls are in place and functioning as intended
-
Perform Security Assessments
-
Identify continuous monitoring activities post authorization
Threat Assessment
-
Identify relevant internal and external vulnerabilities to an organization and the potential threats associated with them
-
Assess impact to the organization that may occur given the potential for threats that may exploit vulnerability
-
Assess risk based on the expected harm and likelihood of harm occurring from identified vulnerabilities and associated potential for exploitation
-
Provide recommendations for improving the security of an organization or IT system
Disaster Loss Prevention
-
Properly classify and understand the protection requirements of the business data
-
Help implement a security-aware culture where protecting data is critical to all employees
-
Provide the training that employees need to know in order to keep data secure
-
Help implement necessary technical controls to protect the data from potential threats
-
Monitor and audit both internal and external user activity to maintain a continuous awareness of the threat environment
-
Develop and help enforce security policies based on relevant threats and that are integrated with business processes and aligned with appropriate roles and responsibilities
-
Help ensure clear leadership through executive commitment and visibility
-
Develop an incident-handling process
Identity and Access Management
-
Define security policies and guidelines that establish processes for data access privileges
-
Deliver the necessary infrastructure components to support authentication
-
Assist with the development of processes and procedures for access control including establishing, modifying and revoking user accesses
-
Identify and help implement tools for auditing and monitoring access activity
-
Assist data owners in specifying the access control levels and permissions required to access data
CMMC Domains
CPVI also provides services in the following areas: