As an authority on Information Assurance and Cybersecurity, ICS recognizes that each security engagement has different needs and so our systems engineering methodologies are highly customizable to individual program objectives.

ICS cyber experts are fluent using the most current cybersecurity techniques and technologies to help you understand risks and mitigate threats and vulnerabilities.

We can perform one-time services, help to augment your existing security operations staff, or provide fully managed security services.

Penetration Testing

ICS provides ethical penetration testing services to pinpoint security weaknesses and to assist with impact assessment and proactive mitigation. We will attempt exploitation, help identify vulnerabilities, report on findings, and assist with remediation. The goals of our pen test approach can vary depending on the type of approved activity for a specific engagement, from testing the security of a new software application to helping with audit preparation to specialized testing of mobile apps, wireless, social engineering, phishing, and more.

Risk and Vulnerability Assessment

Our Risk and Vulnerability Assessment (RVA) proactively assesses the existing environment, its vulnerabilities, and the implications of a breach. ICS provides comprehensive RVA reporting for your technical staff which details threats to your enterprise with recommended remediation. Our executive report communicates issues and helps prioritize risk management strategy, based on your resource constraints and goals.

Incident Response & Remediation

When a breach or attack occurs, your only concern is speed to insight and speed to remediation — how fast you can pinpoint the problem to minimize damage and how fast you can recover. Our Incident Response (IR) investigation and remediation services can help augment your security staff during times of IR crisis.

Cyber Hunt

Despite a large investment in security infrastructure, most organizations now operate under the assumption that intruders are present in their network. Our ethical hacking cyber hunt services provide a proactive and purposeful attack on your computer system to find Advanced Persistent Threats (APTs) and other unaddressed vulnerabilities. We provide a recommended plan for vulnerability remediation and, if desired, potential counterattack.

Training

ICS offers training for all skill levels from core essentials like online safety and social engineering awareness to cyber tools usage and certification boot camps for CISSP, CeH, Security+ and more. Classes can be held onsite at your facility or offsite at our facility in the DC metro area.

ICS provides the best Physical Security and Information Management (PSIM) solution with a true 3D model at its heart.

Our goal is to deliver our clients the best situational awareness when security incidents occur. We provide the visualization, tools, and decision-making methods to react quickly, accurately, and decisively. Our customer management team will interface with our clients to ensure that future PSIM needs are continuously incorporated into the solution.

Technical Solution and Design

Our Technical Solution practice focuses on defining the solution to exceed all of your requirements. We integrate Security Systems in the following areas:

  • Access control systems such as Software House, Lenel, and Hirsch
  • Video Management Systems (VMS) such as Genetec, Milestone, or Indigovision
  • Digital Video Recorders (DVR) such as American Dynamics, Pelco, Panasonic, and Multiplexers
  • Fire systems such as Siemens, GE, and Honeywell
  • IP-based intercom systems such as Zenitel or Aiphone
  • Voice over IP (VoIP) systems
  • GPS and radar systems
  • Computer-Aided Dispatch (CAD)
  • Building Management Systems (BMS)
  • Geographic Information Systems (GIS) such as ESRI ArcGIS and Google Maps
  • Perimeter/intrusion detection systems
  • Automated License Plate Recognition (ALPR) systems
  • Gunshot detection systems
  • Video analytics systems
  • UPS systems and energy management data
  • Biometric identification systems
  • Intelligent Transportation Systems (ITS)
  • Heating, Ventilation, and Air Conditioning (HVAC)
  • SNMP integrated systems

Turnkey Solution

Before a site implementation is handed over to the client, the following items are verified and documented:

  • Technical security
  • Device configuration validation
  • Geo-spatial coordinate accuracy (determines the accuracy of data recorded at the point of application)
  • Server stress and capacity tests
  • Server redundancy tests
  • Network latency tests
  • Network recovery tests
  • Active directory Integration
  • Access rights validation
  • Staff training validation
  • Standard Operating Procedures (SOP) Review
  • Verification

Verification activities will be applied to all aspects of the system in any of its intended environments, such as development, testing, or training where the intended solution and its components are in conformance with the requirements. For this process, Team ICS will ensure the Test Plan, corresponding business scenarios, and Test Cases (including the verification methods) are in complete alignment.

Reviews, Inspections and Follow-up

For the PSIM solution (PSIM server, PSIM client, TSS connectors, and software sub-system integration), a diligent Agile-based software development and test process is followed. Individual software modules go through unit test, module test, and system test cycles. Iterative testing is conducted with a standard test case library. The system performance tests includes load tests, endurance tests, reserve capacity tests, storage capacity tests, white-box tests, power recovery tests, and regression tests. The PSIM solution will be put through a series of formal test and verification methods when it is promoted from the development to test and, subsequently, to the production environment. FISMA-compliant documentation will be prepared including the changes to the solution from the previous release, release notes, test scripts, test results, performance metrics, risk assessments, and any other documentation necessary for the solution to achieve the authority to operate (ATO) status.

A detailed pre-deployment checklist is used to verify all the hardware, software, networking, redundancy, and integration-related components. Depending on the installation scenario, the software is pre-loaded on the servers, installed over the network, or installed using digital media.

In the post-installation testing, the following items are verified and documented:

  1. Device configuration validation
  2. Geo-spatial coordinate accuracy (determines the accuracy of data recorded at the point of application
  3. Server stress and capacity tests, as well as server redundancy tests
  4. Network latency tests and network recovery tests
  5. Regional/Global intervention on Alarms/Alerts and Incidents
  6. Active Directory Integration and Access Rights validation
  7. Staff training validation
  8. SOPs

This documentation forms the Operational Readiness Review package. It is verified against FISMA requirements before submission to the government.

Data Security

Special attention is paid to the sensitive data being processed by the PSIM system.

  1. Sensitive data is not stored unless necessary
  2. Sensitive data is not stored in software code
  3. If sensitive data must be stored, the design ensures they are stored securely
  4. The design identifies protection mechanisms for sensitive data that is sent over the network
  5. Sensitive data is not logged in clear text by the application

Requirement Management

Our Program Management Team will interface with clients to ensure all PSIM requirements at global, regional, and local levels are gathered, analyzed, catalogued, and addressed during the execution of the PSIM project.

Technical Solution and Design

The CMMI Technical Solution (TS) process area practiced by ICS focuses on defining the solution so to meet and exceed all the requirements. Different solution components, such as TSS and software sub-system integration, go through system integration (SI) management.

Security Risk Assessments and Design Reviews

We will perform security risk assessment on the PSIM solution prior to the Critical Design Review (CDR), and the System Security Plan (SSP) will be updated prior to Operational Readiness Review (ORR). We will identify design security risks and, by utilizing NIST 800-27 guidelines and lessons learned from other federal engagements, recommend mitigation strategies for the implementation of compensating controls.

Verification

Verification activities will be applied to all aspects of the system in any of its intended environments—such as development, testing, or training—where the intended solution and its components conform with their requirements. For this process, Team ICS will ensure the Test Plan, corresponding business scenarios, and Test Cases (including the verification methods) are in complete alignment.