Additional Services
We provide Information Security Assessment services customized to a business’s needs. The staff consists of senior experts with experience in the commercial sector, the intelligence community, the Department of Defense, Homeland Security, and other government sectors.
​
The following list of services represent commonly requested capabilities, but CPVI also provides customized offerings.
Security Policy Development
-
Provide Contingency and Continuity of Operations (COOP) planning to minimize loss of data and infrastructure ensuring the availability of business functions
-
Perform gap analysis on the IT operational environment to identify compliance with established policies and guidelines
-
Identify and develop risk mitigations to support business decisions
Security Assessment and Authorization
-
Identify system categorization and applicable security controls
-
Implement and document security controls
-
Coordinate Security Assessment activities
-
Develop Security Test Procedures to ensure security controls are in place and functioning as intended
-
Perform Security Assessments
-
Identify continuous monitoring activities post authorization
Threat Assessment
-
Identify relevant internal and external vulnerabilities to an organization and the potential threats associated with them
-
Assess impact to the organization that may occur given the potential for threats that may exploit vulnerability
-
Assess risk based on the expected harm and likelihood of harm occurring from identified vulnerabilities and associated potential for exploitation
-
Provide recommendations for improving the security of an organization or IT system
Disaster Loss Prevention
-
Properly classify and understand the protection requirements of the business data
-
Help implement a security-aware culture where protecting data is critical to all employees
-
Provide the training that employees need to know in order to keep data secure
-
Help implement necessary technical controls to protect the data from potential threats
-
Monitor and audit both internal and external user activity to maintain a continuous awareness of the threat environment
-
Develop and help enforce security policies based on relevant threats and that are integrated with business processes and aligned with appropriate roles and responsibilities
-
Help ensure clear leadership through executive commitment and visibility
-
Develop an incident-handling process
Identity and Access Management
-
Define security policies and guidelines that establish processes for data access privileges
-
Deliver the necessary infrastructure components to support authentication
-
Assist with the development of processes and procedures for access control including establishing, modifying and revoking user accesses
-
Identify and help implement tools for auditing and monitoring access activity
-
Assist data owners in specifying the access control levels and permissions required to access data
CMMC Domains
​CPVI also provides services in the following areas: