Data Center Operations

data-center-operations

ICS has been delivering global-scale datacenter operations support services since 1998.  We have experience operating in a high-tempo combat support environment where the margin for error is nil.  Services delivered include:

•  Global Network Management:  DISA CSD Consolidated Communications Center
•  Desktop Seat Management (acquire; provision; secure; operate; maintain; dispose)
•  Systems Security (harden, patch, STIG, audit);
•  Systems Administration (windows; *nix, mainframe);
•  Application Support, Database Management (Oracle, SQL);
•  Storage Management (storage networks; virtualization; replication; fault tolerance; security)
•  Cable Plant Management (CAT-5/6; Fiber; backbone distribution; zoned datacenter design)
•  Other: IT Infrastructure Library (ITIL); IT Service Management (ITSM); ISO 20000; Quantitative and Qualitative data
visualization

Application Services

APPLICATION-SERVICES

ICS delivers high quality software development, sustainment and modernization services in a manner designed to minimize software development lifecycle times, manage schedule risk, and maximize savings to our clients.  With a heavy focus on Software maintenance, ICS has delivered annual savings  of 30%-70% by consolidating developer skills and tightly managing and reporting our maintenance activities and service levels.

•  Requirements analysis, architecture, design, development, test, deploy, transition.
•  Change management, change advisory board, change control board.
•  Support and modernization.   Maintenance: Adaptive, preventive/perfective, enhancements.
•  Tiered user support.

Information Assurance / CyberSecurity

Information-Assurance-CyberSecurity

ICS has been delivering information assurance, information protection and cyber-security services since 1997.  The service catalog was initially developed to support our Department of Defense clients and has evolved to provide a military-grade level of service to our commercial and public sector clients.

•  Programmatics (policy, planning, PMO support, risk based decision support);
•  Risk Assessment (NIST 800-30; ISO 17799 / 27001 / 27002);
•  Compliance (FISMA, COBIT, COSO, HIPAA, Governance, PCI DSS);
•  Business Continuity Planning (BS25999; NFPA 1600; plan lifecycle management)
•  Disaster Recovery (ISO/IEC 24762:2008;  full lifecycle management);
•  Technical Security (computer network defense / offense CND/CNO, attack & penetration; application security assessment; database security testing; system hardening);
•  Solutions Management & Integration (design, source, build, deploy, manage);
•  Incident Response (imaging, analysis, forensics, legal support).

 

Network Operations

NETWORK-OPERATIONS

ICS has experience operating and defending networks of a global scale.  We currently manage a global network infrastructure supporting 16 global datacenters and millions of connected users.  Managed environments include both classified and unclassified production, administrative, backup, and management networks as well as the Demilitarized Zones (DMZ).   Our managed network hosts over 1400 applications, 55 of which are mission critical.  Customers include Air Force, Army, Navy, Marines, Defense Logistics, Defense Finance, Medical Health Systems and others.

Our team members have broad and deep experience with cutting edge network technology including routers, firewalls, switches, load balancers, AAA devices, XML accelerators, Domain Name Services (DNS), email security devices and proxy servers.

 

Customer Value Proposition 

Continuity of Operations Plan Testing

COOP-TESTING

Continuity of Operations Plan (COOP) testing will help validate your existing BCP/COOP plan to ensure the security of your staff, visitors, and operations in the event of a crisis.

ICS’ certified business continuity planners will assess your organization’s resilience strategies, recovery objectives, business continuity, and crisis management plans. Consider it like a fire drill. Following the BCP/COOP test, you will have a clear understanding of your plans strengths and weaknesses, and will be able to make adjustments BEFORE an emotionally significant event occurs.

If you do not already have a Business Continuity or Continuity of Operations Plan, ICS can create one for you. Click here to learn more, or contact us today.

Business Continuity Plan Testing

BUSINESS-CONTINUITY-TESTING

Business Continuity Plan (BCP) testing will help validate your existing BCP/COOP plan to ensure the security of your staff, visitors, and operations in the event of a crisis.

ICS’ certified business continuity planners will assess your organization’s resilience strategies, recovery objectives, business continuity, and crisis management plans. Consider it like a fire drill. Following the BCP/COOP test, you will have a clear understanding of your plans strengths and weaknesses, and will be able to make adjustments BEFORE an emotionally significant event occurs.

If you do not already have a Business Continuity or Continuity of Operations Plan, ICS can create one for you. Click here to learn more, or contact us today.

Audit and Assessment

AUDIT-&-ASSESSMENT

Our IT Audit and Assessment services provide you with independent, unbiased assessment of your security program, policies,and controls. This provides your executive leadership and management team with the confidence that your organization is adequately mitigating risk in alignment with business objectives.

ICS utilizes the best tools available in the market and couples these tools with our proprietary software and processes to save our clients time and unnecessary expense. Because ICS serves hundreds of clients every year, you will benefit from our significant investment in industry-leading technologies.

 

Click the image to view a sample of the industry-leading tools and technologies utilized by ICS.

Click the image to view a sample of the industry-leading tools and technologies utilized by ICS.

 

Our consultants use some or all of the tools above to deliver the risk management & cyber assessment services such as:

Risk Assessment

Know where you stand with a detailed and comprehensive assessment of your organization’s security posture from ICS. Risk Assessments from ICS include invaluable strategies and recommendations to secure and protect your organization’s information and technology infrastructure. Learn more.

Vulnerability Assessment

A vulnerability assessment is an unobtrusive way to identify risks present within your systems. These risks may stem from unpatched or obsolete software, poorly configured systems, and inadequate security protocols. ICS will identify areas that are potentially exploitable by both authorized users and attackers, and guide you through the steps needed to secure those weak areas. Learn more.

Penetration Testing

A penetration test (pen test) takes the vulnerability assessment a step further, as an ICS certified ethical hacker attempts an actual attack on the points of weakness identified in the vulnerability assessment. If the attack is successful, ICS will then assess the impact an actual breach could have on your organization. The pen test will give you a clear understanding of how the weaknesses identified in the vulnerability assessment can undermine your organization. Learn more.

Web Application Assessment

Virtually all organizations today employ web-based applications for sales, marketing, accounting, and other standard business functions. While these applications have many benefits, including online accessibility and enhanced team collaboration, they may also expose your organization to unauthorized access to network resources or sensitive data. A Web Application Assessment will uncover vulnerabilities that exist in web-based applications and provide strategies to maximize your system security. Learn more.

Code Review

ICS is available for code review projects with the goal of identifying security issues and weaknesses in the applications’ coding. We are able to conduct a systematic review of applications, which can include in excess of 1,000,000 lines of code. Learn more.

Staff Augmentation

STAFF-AUGMENTATION

ICS supplies organizations with expert staff flexible to meet even the most complex project and business goals. Our information technology and security consultants offer practical and affordable staff augmentation for both long and short term assignments.

By providing specialized technical staff support and staff augmentation to meet changing business demands, ICS offers your organization the best of both worlds: dedicated support and flexible cost control.  Using dedicated resources from ICS to achieve defined objectives, in a sustained manner provides the momentum necessary to accomplish and maintain important strategic goals.

Your organization is always in control of the scope, timing, and cost of each project.  This gives you more flexibility in the timing of expenditures, resource availability, and balancing competing internal priorities.

Among the many benefits of this support model are:

  • Surge capacity for projects
  • Consistent focus on strategic initiatives
  • Flexible budgetary control
  • Adaptability to changes in priorities
  • Clear project plan and delivery milestones
  • Access to the virtual team of ICS consultants

Controlling costs and maximizing efficiency is critical to ensuring the success of your organization. ICS can lift the burdens associated with the recruiting and hiring process, and provide your organization with staff support with qualified candidates of the highest professional caliber. This will allow you the flexibility to take on complex assignments that may not have been feasible with existing organizational resources.

Staff Recruitment

STAFF-RECRUITMENT

Clients across the United States depend on Integrated Computer Solutions for information technology search services. ICS delivers only top-quality, highly-trained candidates to your organization in as little as ten business days.

ICS is a leader in the information technology field, and our recruiters are armed with an in-depth understanding of the complexities of the IT industry. We are equipped to provide you with expert IT professionals with key industry credentials, such as CISSP, CBCP, PMP, ITIL and CHS-III, who can quickly and effectively deliver technology solutions and support to your organization.

Our placement practices ensure a synergistic fit, saving both time and money by reducing turnover and additional recruiting efforts.

IT RECRUITMENT PROCESS

ICS follows a structured and proven recruitment process to ensure that candidates of the highest caliber with the greatest potential for a synergistic fit are delivered to your organization. We settle for nothing less.

  • STEP 1: Needs Assessment
    Gaining a detailed understanding of your I.T. staffing needs
  • STEP 2: Candidate Identification
  • Selection of qualified candidates that meet the specific needs of your organization
  • STEP 3: Screening Process
  • Candidate Pre-Screening with extensive background checks
  • STEP 4: Candidate Presentation
  • Pre-qualified candidates presented to your organization for interview
  • STEP 5: Team Integration
  • Premium candidates introduced into your work environment

Average time for recruitment process: 10 business days

 

Legacy Modernization

Legacy-Modernization

Legacy modernization can be a very costly and time intensive process, but it doesn’t have to be. ICS understands the challenges that can come with taking old applications to new platforms, and we offer software automated solutions that can significantly reduce both the time and budget needed to achieve the results you expect.

ICS uses a technology suite that allows us to simplify modernization efforts in systems containing multiple applications and multiple languages, even when they are connected to multiple databases. Our turnkey modernization solution means your team doesn’t have to be bogged down for months updating business systems.

In addition, ICS utilizes a time-tested, proprietary project management methodology (based on PM-Bok) to deliver projects on-time, in-scope, and on-budget. In fact, ICS’ Forge.Mil program Forge.mil program and the Quality Management group at ICS have been appraised at Level 3 of the CMMI Institute’s Capability Maturity Model Integration (CMMI)®.

Primary modernization benefits include:

  • Rapid redevelopment of legacy code
  • Project scalability
  • Delivery of high quality code and SOA with clear documentation

We support the following legacy languages:

  • Powerbuilder
  • MAPPER
  • Cold Fusion
  • Oracle Forms
  • MUMPS
  • Perl
  • Oracle PL/SQL
  • Model 204
  • FORTRAN
  • ADABAS/Natural
  • DEC Forms
  • RPG
  • Visual Basic
  • Micro Focus Dialog System
  • REXX
  • ASP (Microsoft)
  • Forte
  • TCL
  • dBase
  • SilverStream
  • COBOL
  • Clipper
  • Java (Older Versions)
  • Visual Objects
  • FoxPro
  • HTML
  • Frontpage
  • ANSI COBOL
  • COBOL-68
  • COBOL-74
  • DEC COBOL
  • DG COBOL
  • HP COBOL II
  • Unisys COBOL
  • IBM VS COBOL
  • CICS COBOL
  • Realia COBOL
  • Wang COBOL
  • Accu-COBOL
  • Micro Focus COBOL
  • CDC COBOL
  • Burroughs COBOL
  • Pacbase
  • .NET
  • Browser-Accessible Languages

Application Maintenance and Support

Application-Maintenance-&-Support

Is your IT team bogged down with application sustainment activities, leaving little time for activities that drive the business forward? Do you lack the internal resources to efficiently implement changes to your custom apps? Or has your business need evolved beyond the functionality of your legacy applications? If you answered yes to any of these questions, it may be time to contact ICS.

ICS performs IT sustainment, integration, migration, and elements of Tiers 1, 2, and 3 support legacy and modernized systems. We also deliver application services integration and deployment activities in development, test, pre-production and production environments, execute regression testing and employ in-depth knowledge of security requirements.

We approach every project with information security in center focus. Experienced in all aspects of information security, infrastructure requirements, and development platforms, ICS is able to shore up areas of vulnerability within your standard and/or proprietary applications.

In addition, ICS utilizes a time-tested, proprietary project management methodology (based on PM-Bok) to deliver projects on-time, in-scope, and on-budget. In fact, ICS’ Forge.Mil program Forge.mil program and the Quality Management group at ICS have been appraised at Level 3 of the CMMI Institute’s Capability Maturity Model Integration (CMMI)®.

Through our collaborative approach to application sustainment, we will join forces with your staff to gain a thorough understanding of the application requirements, integration components, and compliance needs in order to optimize your application’s usefulness for your organization.

Application Development

APPLICATION-DEVELOPMENT

ICS has a wide range of experience in application development, sustainment, modernization and support. Not only can we design and implement custom applications to enhance business processes and increase operational efficiency, but we are often able to save our clients money by enhancing legacy applications–both standard and proprietary.

Our team of IT professionals are proficient in technologies such as Java, Oracle, J2EE, .asp, and more. In addition, ICS utilizes a time-tested, proprietary project management methodology (based on PM-Bok) to deliver projects on-time, in-scope, and on-budget. In fact, ICS’ Forge.Mil program Forge.mil program and the Quality Management group at ICS have been appraised at Level 3 of the CMMI Institute’s Capability Maturity Model Integration (CMMI)®.

ICS provides clients the assurance that the applications that we develop and manage will be built on state of the art platforms and secure from ever-evolving security threats.

Our expertise includes, but is not limited to, the following:

Application Development Services:

  • Continuous Integration/Delivery (CI/CD) and DevOps
  • Application Design, Integration, Migration
  • Application Sustainment, Maintenance and Support
  • Application Updates
  • Web Application Development
  • Legacy Application Enhancements and Support
  • eCommerce Application Development

Application Development Methodologies:

  • Agile (SCRUM)
  • Waterfall
  • Hybrid

Cloud Frameworks:

  • Amazon Web Services (AWS)
  • AWS GovCloud
  • Microsoft Azure
  • DISA milCloud
  • DISA milCloud+
  • vmWare

Operating Systems:

  • Windows 8, 10
  • Windows Server
  • Redhat Enterprise Linux (RHEL)

CI/CD & DevOps:

  • Jenkins/Hudson
  • Elastic Beanstalk
  • Docker

Application Platforms:

  • JBoss
  • Tomcat
  • Docker
  • Grunt
  • Apache HTTPD

Languages:

  • C/C++/C#
  • Java
  • JavaScript
  • AngularJS
  • Velocity
  • Node.js
  • PHP
  • Python
  • Asp.Net
  • Ajax
  • SharePoint
  • .Net
  • Ruby On Rails

Database Frameworks:

  • MySQL
  • Oracle
  • PostgreSQL
  • Amazon RDS
  • MongoDB
  • SQL Server

Cybersecurity:

  • Nessus (DISA ACAS)
  • W3AF
  • Sonarqube
  • HPE Fortify on Demand

 

Customer Value Proposition

Executive Strategic Support

Executive-strategic-support

An organization that is facing the departure of a top executive is vulnerable in many ways, but yours does not have to be. ICS offers strategic executive staffing that will give your organization the support it needs to help ensure a smooth transition.

With ICS executive staffing support, your organization has access to interim executive staffing for roles such as Chief Security Officer, Chief Information Officer, Chief Operations Officer, and other key positions. These roles can be filled on site or in a virtual capacity, providing your organization with the surge capacity for projects, a consistent focus on strategic initiatives, flexible budgetary control, and adaptability to changes in priorities.

Additionally, many organizations need the expertise of a CISO, CIO, or IT Security expert but may not need someone 40 hours a week.  ICS can help.  ICS’s experts will work with your organization to provide the level of support your organization needs from 10 hours to 40 hours a week.  This unique solution enables your organization to enjoy all the benefits of a highly qualified CISO, CIO, etc. without the expense of a full-time resource.

Vendor & Technology Evaluation

Vendor-&-technology-evaluation

 

ICS technology consultants conduct in-depth reviews, vendor evaluations and product testing to ensure that the hardware, software, and service-based solutions we recommended will perform to your specifications. ICS also saves you money by negotiating with vendors to get you the most competitive rates for the products and services your organization needs.

Vendor and Technology Evaluation Process

  • Requirements Definition Phase: During the first phase of the vendor and technology evaluation process, ICS will conduct an in-depth review of your organization’s needs, which will enable us to facilitate the most appropriate hardware, software, or service-based solutions.
  • Market Scan Phase: Phase two is the market scan phase. We will compile a list of available solutions/products that meet your needs and will begin pricing negotiation on your behalf. Once a vendor is chosen, we will begin the pilot test phase.
  • Pilot Test Phase: The pilot test phase allows us to test the most viable product(s) for your needs before they are implemented in the live environment. This helps ensure all potential problems or glitches are identified and resolved prior to deployment.
  • Implementation Phase: In the implementation phase, ICS is available to install and deploy the selected technologies into your network environment. We will conduct knowledge transfer, so your staff will have a full understanding of the products and any required maintenance plans.

ICS makes network security less complicated—and less expensive—by tailoring a program of security hardware and software solutions to meet the specific needs of your information infrastructure.

Network Design/Planning

NETWORK-DESIGN-PLANNING

Having a well-designed enterprise network architecture can greatly improve organizational workflow, while allowing for future growth. ICS can offer guidance in the Network Design and Planning phase that will help ensure your network is built to last.

A well-designed network optimizes CapEx, OpEx and security tradeoffs to align with your risk appetite. ICS can create templates based on network design best practices that will increase efficiency, reduce errors and improve compliance standards for your organization. We will ensure your Network Design architecture allows for security, expansion and future overlay of new assets and applications. Contact us today.

Business Continuity Planning

BUSINESS-CONTINUITY

Effective Business Continuity Planning will help ensure the security of your staff, visitors, and operations in the event of a crisis. In just 60 days, ICS will have your organization prepared to continue operations in virtually any unplanned event – from a minor interruption to a major disaster.

ICS’ certified business continuity planners will help your organization develop appropriate resilience strategies, recovery objectives, business continuity, and crisis management plans. These plans can be implemented in collaboration with an integrated and comprehensive risk management initiative for maximum efficacy.

ICS Business Continuity:

  • Federal Emergency Management Agency (FEMA) and US Guidelines (FCD-1 and CGC1)
  • ISO 22301 Business Continuity Management Systems
  • ISO 27031 Information Technology (Business Continuity)
  • National Fire Protection Standard (NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs)

Services include:

  • Plan Development
  • Business Impact Assessment (BIA)
  • Gap Analysis Studies
  • Hazard Analysis Studies
  • Plan Testing
  • Alternate Site Operations Planning
  • Knowledge Transfer/Staff Training

Let ICS prepare your organization with a comprehensive Business Continuity Program that integrates all of the necessary procedures required to execute contingency operations. Contact us today.

Disaster Recovery Plan Testing

Disaster-Recovery-Plan-Testing

Today’s political and environmental climate requires that an organization be prepared for just about anything.

ICS offers disaster recovery plan testing to evaluate an organization’s disaster recovery plan in advance of an event.

We can also evaluate actual disaster response and operations following an unplanned service outage or crisis in order to better position your organization the next time.

Both pre- and post- event evaluations will allow your organization to examine its response and document opportunities for improvement based on time tested Disaster Recovery Planning methods and standards established by the Disaster Recovery Institute International. Contact us today to get started.

Forensics

Forensics

ICS offers forensic services to discover, analyze and document information in both proactive and reactive forensic circumstances. Many of our clients have found this service to be vital during personnel action, court order, civil action, and incident response situations.

Evidentiary Integrity

ICS has the knowledge and experience needed to achieve successful electronic evidence and data collection, protect evidentiary integrity, and provide factually accurate supporting documentation. As a technology security firm, we are well-qualified in this field and often provide supporting forensics documentation for clients to present to agencies such as the Department of Homeland Security, the Federal Bureau of Investigation, and state investigation agencies.

Litigation Support and Expert Testimony

ICS also provides litigation support with expert testimony in the event of court proceedings or prosecution.

Forensic Process

  1. Define Requirements: During the first phase of the forensics process, ICS will assess the situation and define the requirements of the project. This process often begins with a phone call in the middle of the night; the ICS team is available 24/7/365.
  2. Data Collection: ICS will begin data acquisition, obtaining log files, imaging hard drives,  and other data collection processes as soon as possible. In many cases we are on-site almost immediately; in other cases a court order must be obtained before data collection can begin.
  3. Data Analysis: During the data analysis phase, ICS will sift through the data and process it in forensically sound manner. Thorough reports with supporting documentation are prepared.
  4. Data Sharing: The data sharing phase is the time when all of the findings are presented to the client in a detailed and clear presentation that can be used to prepare for legal proceedings, if necessary.

It is our hope that your organization will never require ICS forensics services; however, should the need arise, we are prepared to act as your primary response team. Click here to contact us.

Incident Response (Post-Event)

Incident-Response

In the event of an information security emergency, the ICS Incident Response team will step in to help your organization identify the source of the compromise, preserve critical information, and prevent the spread of contamination or unauthorized access to other systems and networks. Our on-site emergency response efforts will not cease until the incident has been eradicated and the systems and networks have been restored to normal operation.

ICS will provide knowledge transfer and reporting so your internal personnel are equipped to maintain protection of your information assets after the event.

Let ICS’ Emergency Response Consultants act as your primary response team. Click here to contact us.

Code Review

Code-review

ICS is available for code review projects with the goal of identifying security issues and weaknesses in the applications’ coding. We are able to conduct a systematic review of applications in scope for code review, which can include in excess of 1,000,000 lines of code.

Examples of programming languages involved are:

  • .NET 3.5 framework
  • VB.net
  • ASP.NET
  • C#
  • Javascript

By conducting a static review of application code as it exists at the time of the assessment, we are able to provide an assessment of each application’s architecture from a security perspective as well as remediation recommendations.

Web Application Assessment

Web-Application-Assessment

How many web-based applications do you expose to internal and external users? Chances are good that just about every department within your organization is using web apps daily for standard business functions. While the benefits of these apps are many, they also bring with them hazards for which you should be prepared.

A web application assessment is a specific test designed to identify threats of unauthorized access, so you can keep your sensitive information safe and secure no matter how many web-based applications your organization is using.

The goal of the web application security assessment is to identify security issues and weaknesses in the web-based application as installed, configured, maintained, and used in the production environment.  Examples of the types of security issues assessed include:

  • Input/Output validation (e.g., cross site scripting, SQL Injection)
  • Application logic flaws (e.g., authentication bypass)
  • Server configuration errors/versions (e.g., directory traversal, missing patches)

The assessment is a dynamic review of the state of the application and infrastructure security at a point in time.  Findings will be reflective of the current state of security. The deliverable will contain detailed information based on NIST 800-53, and will include the vulnerabilities discovered, the number of vulnerabilities, and detailed remediation recommendations.

At ICS, we utilize constantly updated, state-of-the-art tools operated by trained professionals to ensure the security of your web apps, and our highly trained experts possess a wide breadth of knowledge and maintain key security certifications. You don’t have to stay on top of the ever-changing world of network security; we do it for you. Contact us today.

Penetration Testing (Pen Testing)

Penetration-Testing

 

Penetration Testing Overview

The practice of technical security assessment has long been recognized as a standard best practice across all business and industry segments. It is a crucial component in a well-managed information and technology security strategy, and in today’s fast-paced e-commerce society, it has become more important than ever.

A qualified technical security firm can provide your business or organization with a comprehensive technical security assessment to identify weaknesses and potential risks that could compromise the enterprise network and systems. This assessment should include the following security components: vulnerability assessment, web application assessment, and penetration testing,

A vulnerability assessment is the process of identifying, quantifying and prioritizing weaknesses and potential risks that could compromise the enterprise network and systems. These vulnerabilities may be caused by unpatched or obsolete software or poorly configured systems. A vulnerability assessment will provide insight into areas that are exploitable by both authorized users and attackers.

Today more than ever, businesses use web-based applications for sales, marketing, accounting and other applications. While these applications have many benefits, including the convenience of online accessibility and enhanced team collaboration; they can also expose an organization to vulnerabilities that could be leveraged to gain unauthorized access to network resources and sensitive data. An effective web application assessment allows for the discovery of vulnerabilities that exist in web-based applications, and provides strategies to protect the organization from breach.

Penetration Testing Demystified

A Penetration Test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious user.

During a penetration test, the technical security firm is challenged with taking the position of an attacker to attempt
a penetration via previously identified points of weakness. The potential entry points may have been identified either by the organization or through a previously completed vulnerability assessment. The penetration test will confirm the legitimacy of the potential weaknesses. If the attack is successful, the consultant will assess the impact an information security breach could have on the organization, and will present the findings along with a detailed proposal for mitigation.

Internal vs. External Penetration Testing

When considering a penetration test, an organization must decide whether to conduct internal testing, external testing, or a combination of both.

An external penetration test is commonly referred to as “ethical hacking”. The external pen test is performed from “outside”
the organization, in a manner similar to the approach that would be used by an actual hacker. Having limited information regarding the network infrastructure, the ethical hacker will garner information from public web pages and attempt to break through any security vulnerabilities that might exist in the IT infrastructure.

Many threats come from within the organization’s firewall – from employees or partners with access to privileged information. These threats, (while often not malicious in their intent,) can have the same damaging results as an external attack from a malevolent hacker. In an internal penetration test, the ethical hacker is given network authorization equivalent to that of an employee or guest user, and will conduct the penetration test from the vantage point of users within the organization’s own network.

Results of the Penetration Test

Following the penetration test, the organization will have a much clearer understanding of the weak areas within the IT infrastructure, as well as how to shore up defenses to protect the organization from a costly, potentially devastating security breach. This thorough test provides answers to the questions raised by the vulnerability assessment, and is an invaluable component of a comprehensive technical security assessment.

Benefits of Effective Penetration Testing

Penetration Testing should be performed bi-annually as a part of a comprehensive technical security assessment. The benefits of this act of corporate due diligence include: protection of the organization’s reputation; protection of data and assets; third party verification; cost justification; customer/client assurance; and validation of existing security measures. A comprehensive technical security assessment, which includes web application assessment and vulnerability assessment in addition to penetration testing, will also help ensure legislative and regulatory mandates are met while risk exposure is reduced.

When to Perform Penetration Testing

Penetration Testing should be performed bi-annually as a
part of a comprehensive technical security assessment. As changes in the network environment occur, the potential for new weaknesses develops. The testing schedule should be planned with your technology security firm around vulnerability assessments (quarterly) and web application assessments (at least bi-annually, or as new applications are added.)

How ICS can help:

The ICS Technical Security Team is a recognized leader in both external, internal, and web application aspects of information security testing. At ICS, we offer a range of security services and are able to create a customized solution to meet the unique and specific needs of your business. From periodic vulnerability assessments and penetration tests to mitigation practices including full data encryption, ICS can provide solutions that are customized for your organization. Contact us to get started.

 


 

Pen Test Resources


Whitepaper: The Technical Security Assessment – Penetration Testing

A Penetration Test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious user. Following a pen test, your organization will have a much clearer understanding of the weak areas within the IT infrastructure, as well as how to shore up defenses. This whitepaper provides an overview of penetration testing.

 

 


Sales Sheet: Penetration Testing

Penetration Testing should be performed bi-annually as a part of a comprehensive technical security assessment. The benefits of this act of corporate due diligence include: protection of the organization’s reputation; protection of data and assets; third party verification; cost justification; customer/client assurance; and validation of existing security measure. Learn more with this Penetration Test sales sheet.

 

 

 

Vulnerability Assessment

Vulnerability-Assessment

You can’t fix what you don’t know is broken, and it is impossible to ensure the security of your network without a clear picture of its strengths and its weaknesses. Regularly scheduled vulnerability assessments are an uncomplicated way to uncover potential hazards.

There are countless individuals and entities intent on accessing other organizations’ network resources and data for myriad reasons, and they’re using the latest technology and techniques to accomplish this goal. Without adequate protection, your organization can be easily compromised, resulting in anything from a minor inconvenience to a breach that seriously harms your operations and your bottom line. ICS can guide you through the process to properly safeguard any weak or exposed areas with an internal or external vulnerability assessment.

By working with ICS you:

  • Catalog and prioritize vulnerabilities within your infrastructure.
  • Implement quick, efficient and cost effective remediation solutions, created for your specific needs.
  • Give your customers confidence by ensuring their information is secure.
  • Satisfy regulatory compliance requirements.

Risk Assessment

RISK-ASSESSMENT

A Risk Assessment from a qualified IT security firm is like checking the doors and windows on your network. With all of the confidential corporate and customer information in your database, you would never consider leaving those doors and windows open. But beyond the entryways that are easy to see, are there other access points that are not so obvious? Is your network at risk of experiencing a devastating breach?

Our Risk Assessment model delivers both quantitative and qualitative measures of organizational risk, allowing you to optimize your security spend and efficiently allocate resources to maximize business value.  We have a 20-year history of delivering Risk Assessments against all major standards including NIST 800-series, ISO, Octave, COBIT, COSO and others.

An Information Security Risk Assessment is a means of examining your organization’s information security infrastructure to identify vulnerable areas in the network and provide steps to secure those weaknesses. Only then will your organization be able to prioritize which areas need to be addressed immediately, which are less urgent, and which ones are not urgent at all.

A Risk Assessment will provide your organization with an objective evaluation of the security of your information infrastructure.

Policy Development

Policy-development

Well-established IT policies can help ensure an optimal network environment in which data is stable, secure, and available. Effective IT policies can also help ensure operations continue under adverse situations, such as a natural disaster or other unplanned event.

ICS can work with your organization to create clearly defined IT policies and procedures that provide a framework for treating information as real property to be protected from unauthorized access, modification, intrusion and destruction.

Policy and/or standards development can include items such as the following:

  • Information Security and Privacy
  • Information Classification
  • Information Security Infrastructure
  • Acceptable Use
  • Security Awareness and Training
  • Access Control
  • Password and Authentication
  • Compliance
  • Personnel Security
  • Risk Management
  • Physical and Environmental Security
  • Third Party & Business Associates Security
  • Network & Systems Operational Security
  • Mobile Computing and Telecommuting
  • Incident Response and Reporting
  • Intrusion Detection and Prevention
  • Malicious Software
  • Information Systems Acquisition Development and Maintenance
  • Internet and Email Security
  • Contingency Planning
  • Retention Archiving and Disposition
  • Business Continuity Planning (BCP) Security
  • Remote Access – Mobile Computing
  • Removable Media

A well-written IT Policy will serve as a best practices handbook for all employees within the organization and encourage their participation in preventing information breaches. These policies will help ensure controls are in place to protect information and will set the tone both internally and externally with regards to the importance of protecting your organization’s information.

Incident Response Planning

Incident-Response-Planning

Organizations that are dependent on information systems are challenged by serious threats that can exploit both known and unknown vulnerabilities in systems. ICS offers incident response and forensics planning services that will allow your organization to have a clearly defined response plan with policies in place should a cyber incident occur.

A cyber incident can compromise the confidentiality, integrity, or availability of information being processed, stored, or transmitted by information systems, resulting in adverse impacts on the organization, its operations, assets, and people. The average cost of a data breach increases by 35% each year, costing unprepared organizations untold millions. A strategic incident response plan can give your organization the policies needed to ensure that an unexpected breach is handled properly and swiftly, while minimizing the potential harm.

A forensics response plan is a traditional component of an effective business continuity /continuity of operations plan. Contact us to learn more.

Disaster Recovery Planning

DISASTER-RECOVERY-PLANNING

Would your organization be able to continue critical business functions following a significant unplanned disaster? Or would an unexpected natural disaster or political event shut down operations entirely? Disaster Recovery Planning allows an organization to establish steps to continue operation at planned levels of service, despite events or interruptions.

Today’s political and environmental climate requires that an organization be prepared for just about anything. ICS utilizes time tested Disaster Recovery Planning methods based on the standards established by the Disaster Recovery Institute International. We combine these industry standard best practices with our own proven proprietary processes in Disaster Recovery Planning to allow business operations to resume following virtually any unplanned event, whether natural or man-caused.

Services Include:

  • Strategic Recovery Planning/Development
  • Backup and Recovery Strategy
  • Selection of Alternate Facilities
  • Alternate Site Operations Planning
  • Vendor Alignment
  • Knowledge Transfer/Staff Training

Let ICS help your organization mitigate financial, physical and operational risk through the development of a comprehensive Disaster Recovery Plan. For organizations with existing BC and DR plans, experts recommend that an organization test their plans every year and update them every three years. ICS will save you time and money by  reviewing your organization’s current strategies, documentation and plan readiness. We evaluate these based on industry standards and best practices and recommend improvements to help ensure successful continued operations in the face of an unexpected crisis. Contact us today to get started.

Continuity of Operations Planning

COOP

Effective Continuity of Operations Planning (COOP) will help ensure the security of your staff, visitors, and operations in the event of a crisis. In just 60 days, ICS will have your organization prepared to continue operations in virtually any unplanned event – from a minor interruption to a major disaster.

ICS’ certified business continuity planners will help your organization develop appropriate resilience strategies, recovery objectives, business continuity, and crisis management plans. These plans can be implemented in collaboration with an integrated and comprehensive risk management initiative for maximum efficacy.

ICS Continuity of Operations Standards include:

  • Federal Emergency Management Agency (FEMA) and US Guidelines (FCD-1 and CGC1)
  • ISO 22301 Business Continuity Management Systems
  • ISO 27031 Information Technology (Business Continuity)
  • National Fire Protection Standard (NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs)

Services include:

  • Plan Development
  • Business Impact Assessment (BIA)
  • Gap Analysis Studies
  • Hazard Analysis Studies
  • Plan Testing
  • Alternate Site Operations Planning
  • Knowledge Transfer/Staff Training

Let ICS prepare your organization with a comprehensive Business Continuity Program that integrates all of the necessary procedures required to execute contingency operations. Contact us today.

ISO 9001 2015Technology Industry InnovatorsVeteran Owned Small BusinessCMMI Maturity Level 3CISSP® - Certified Information Systems Security ProfessionalCertified Penetration TesterITIL IT Service ManagementCertified Ethical HackerProject Management Institute CertifiedUS Department of Homeland SecurityDisaster Recovery Institute CertifiedCertified Information Systems Auditor