Today, civilian federal agencies operate in a rapidly changing and complex IS and PIT environment. Agencies are defending themselves against never-ending and aggressive cyber-attacks. These attacks are accelerating in frequency, scale, and sophistication. To meet this challenge organizations are adopting a variety of multifaceted and integrated security controls to protect their information, information systems, and networks. Security considerations are now being applied at all stages of the system life cycle. Security features are rapidly evolving to meet emerging threats and must be, by design, continually revised and updated to remain ahead of a long list of security challenges.
NIST Special Publication 800-18, Revision 1, Guide for Developing Security Plans for Federal Information Systems, Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, and the Federal Information Security Management Act (FISMA) mandate the application of secure system features and related operational practices to protect critical information assets from compromise. The importance of a comprehensive technical and operational security program has become increasingly obvious over the past decade as outside threats continue to assault the nation’s computing resources.
Keya personnel work closely with a variety of Federal Government agencies to strengthen their security of the IS, platform IT, networks, and information services and products. All these systems and system components must achieve compliance with a myriad of federal and agency regulatory mandates. Strick compliance dramatically improves an organization’s agility and strength in the deterrence of cyber threats. Keya areas of expertise in operational security include:
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 require all necessary administrative, technical, and physical controls be implemented to protect the privacy of sensitive patient information. Keya personnel understand HIPAA mandates and are skilled and experienced in meeting the unique needs of defense and civilian agencies providing medical services. With assignments within the DoD medical community and the civilian federal agencies as well Keya personnel have strong qualifications to deliver comprehensive risk management framework assessments and concurrent compliance with HIPAA and other special care mandates within the Federal Government’s medical communities including TRICARE, Department of Veteran Affairs, Department of Health and Human Services, The National Science Foundation, and the National Institutes for Health.
Contingency plans define measures for recovering information system and services after disruption. Keya engineers work closely with clients to complete an eight-step process for information systems, platform information technology, information products and services, and telecommunications systems. These steps are:
Develop a contingency planning policy statement.
Conduct a business impact analysis to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, cyber-attack, accident or emergency).
Identify and prioritize the information systems and components that are critical to an agency’s mission and business processes.
Identify preventive controls to reduce the effects of system disruptions.
Create contingency strategies enabling systems to quickly and effectively recover following a disruption.
Develop and publish a comprehensive information system contingency plan.
Identify and implement testing, training, and exercises to validate recovery effectiveness.
Ensure the maintenance of contingency/recovery plans and procedures.
Business continuity and contingency planning deliverables include:
Business Continuity Plans (BCP),
Information System Continuity Plans (ISCP),
Continuity of Operations Plan (COOP),
Disaster Recovery Plans, and
Backup and Recovery Strategy Plans.