Security Engineering Capabilities
Whether you need someone to design, engineer and implement your company infrastructure, maintain your network, train staff, explain differences in vendor offers to help you compare “apples with apples” or upgrade your entire network WITS is your cost effective partner.
We perform detailed IA Risk Assessment, Analysis, and Mitigation in accordance with GAO, NIAP, DIACAP, DITSCAP, TEMPEST and HIPAA.
World IT Solutions can deliver!
WITS is dedicated to the implementation of secure, innovative IT solutions using best of breed products. Delivering superior support for every product to each customer is our only focus. The WITS IT and IA Network Services Team will position the client to profit because WITS continuously educates our staff using meticulous, cost-effective analysis of emerging technologies and their applications. The WITS IT and IA Network Team is visionary in its preparation and practical in its execution. WITS will help you invest your dollars wisely.
Your partner should be in a word, SECURE!
WITS holds DoD Top Secret Facilities Security Clearance. With cleared staff up to and including Top Secret/SCI and one of the largest percentages of TS cleared Registered Communications Distribution Designer’s (RCDD)s in the industry, we are ready to work with you to design, secure, and manage your voice, video, and data networks. WITS staff is certified in all major manufacturing leaders of the IA field, such as HP, IBM, Checkpoint, Cisco, Nortel, Symantec, Sun, and Microsoft.
There are three divisions of Information Assurance:
All of Security Engineering controls and safeguards, and all of the threats, vulnerabilities, and security processes are subject to the C.I.A. yardstick.
The primary objective of security controls is to reduce the affects of security threats and vulnerabilities to a level that is tolerable by an organization. The main purpose of performing a Risk Analysis is to quantify the impact of these potential threats; to put a price or value on the cost of lost business functionality.
The two main results you will get from a WITS Risk Analysis—”the identification of risks” and “the cost/benefit justification of the countermeasures”—are vitally important to the creation of a Risk Mitigation strategy.
There are several benefits to our meticulous approach of performing a Risk Analysis. We help you create a clear cost-to-value ratio for security protections by:
- Identifying your assets
- Identifying threats
- Establishing a clear value chart for each
By penetration testing and other methods, we identify vulnerabilities, which are the absence or weakness of a security safeguard deployed to protect against a threat.
Our Risk Analysis will also help influence the decision-making process dealing with hardware configuration and software systems design. In addition it also helps a company to focus its security resources where they are needed most. Furthermore, it can help influence planning and construction decisions, such as site selection and building design.
WITS Risk Analysis covers four basic elements:
- Quantitative Risk Analysis
- Qualitative Risk Analysis
- Asset Valuation Process
- Safeguard Selection
World IT Solutions has a broad knowledge of Common Criteria validated Products as listed on The National Information Assurance Partnership (NIAP) website NIAP WEBSITE and of ICSA approved ICSA WEBSITE technologies.
The National Institute of Standards and Testing (NIST) and National Security Agency (NSA) have recently announced a new collaborative effort to produce comprehensive security requirements and security specifications for key technologies that will be used to build more secure systems for our Federal Agencies. These security requirements and security specifications will be developed with significant industry involvement and employ the new international security standard known as the Common Criteria (ISO/IEC 15408). Protection profiles in key technology areas such as operating systems, firewalls, smart cards, biometrics devices, database systems, public key infrastructure components, network devices, virtual private networks, intrusion detection systems, and web browsers will be the primary focus of this high priority project. The National Information Assurance Partnership web site will be the primary distribution vehicle used to disseminate information on the status of all development efforts associated with this project.
Tool selection can be broken down into three broad categories:
- Vulnerability Assessment
- Passive – Typically used to look for security policy violations such as weak system passwords, unwise deployment of system files, and settings.
- Active – Usually employed after a passive check. This should be a network-based assessment that would deploy common intrusion scripts, recording system responses to the scripts. These cannot detect an attack in progress but are able to reliably predict if an attack is possible and in most instances if an attack has already occurred.
A barrier between the corporate (internal) networks, and the outside world, that filters incoming traffic according to a security policy. There are numerous ways to classify a firewall. Based on the clients’ needs, security strategy, and level of staff expertise we typically recommend a filtering firewall, stateful inspection firewall, or an application gateway firewall.
- Intrusion Detection
The ability to detect an intrusion before or as it happening and deploy a response in real time. They provide a greater degree of integrity as they can be used to monitor the operation of firewalls, encrypting routers, key management servers, and critical segments such as R&D or financial subnets.