Information Systems Security (InfoSec) protects information systems, and the data that resides on them, from unauthorized access and disruption of access to authorized users. The triad of InfoSec contains three fundamental components: Confidentiality, Integrity, and Availability (CIA).
Applying solid and proven InfoSec protections with continuous review for effectiveness is the first defensive measure considered by FWG. FWG's Information Assurance team uses tools with the ability to detect anomalous activities outside a known state, analyze (may be nothing or a big something) the activity and then, if necessary, respond to the activity which may include shutting a communication pathway off for a period of time or to effect removal of an infected system (quarantine) etc. FWG has developed a continuous circle of protect, detect, respond that has proven effective to our clients.
The A&A process is an independent verification & validation (IV&V) of a systems adherence to recognized information assurance security controls. FWG firmly understands and has successfully helped clients go through the four steps to C&A and A&A: Planning, Certification, Accreditation, and Continuous Monitoring.
Our team of InfoSec Subject Matter Experts (SME) can perform vulnerability scans to verify that patches and other security controls are current, review security settings on devices such as firewalls and servers/workstations to validate that security settings meet expected settings, assist Certifying Authority in reviewing all documentation and determining if identified risks are acceptable, and assist the clients to successfully achieve a formal Authority to Operate.
Federal government agencies have begun to transition to a replacement for the legacy DIACAP Certification and Accreditation (C&A) processes with the Risk Management Framework (RMF) model. RMF is a unified information security framework that the entire federal government is moving towards. WIth the approved DoDI 8510.01 by the DoD CIO, the Department of Defense (DOD) has essentially started the transition from DIACAP to RMF, an opportunity that will enable DoD to improve and enhance its information security posture.
Guided by NIST publications on Security Controls, the highly experienced information assurance subject matter experts at FWG Solutions currently support the U.S Air Force's migration from the DIACAP Certification & Accreditation (C&A) process to the new Risk Management Framework Assessment & Authorization (A&A) process.
Our team assists our customers with the human resource talent, technological tools and Enterprise Project Management to successfully package our customer system documentation to seamlessly undergo A&A under RMF.
Information security can be daunting for companies that lack capital and human resources. FWG Solutions removes organizational management constraints that are typically overburdened by day-to-day IT chores. We offer Security-as-a-Service using the most up-to-date cloud management and application security tools that balances business needs and security risk.
Threat modeling, active security tool use and IT security compliance, maintenance and governance are paramount for hardware, software, and data protection.
Inter-corporate Messaging Security, vulnerability management, and anti-malware Security-as-a-Service are among the security services that FWG Solutions prides itself upon as we provide enterprises and small organizations the opportunity to offload their commodity security solutions to a cloud-based provider.
Penetration Testing validates the state of security controls on a system. Four major areas are executed but the very first and most important is to get authorization from the most senior leader of the organization to perform the testing. FWG performs penetration testing for its clients using the most up to date sophisticated tools and methodologies that captures elements such as the request for authorization explaining the reason for the testing, the parameters and how the results will be reported.