Security Services
Cyber security is one of the core service lines within e-lluminati and our company's security service portfolio covers the full landscape of information security needs of our clients. We have the very best information security resources in the business that have supported just about every industry imaginable. The support provided for some of our clients ranges from penetration testing; enterprise security architecture and implementation services; federated identity management and establishment of secure gateways to exchange information in this interconnected world we live in. In addition, we have supported these same client's with security policy development as well as certification and accreditation, and solutions to achieve security governance within a larger IT governance construct. Our primary cyber security services focus on the following areas, but can be tailored to meet the needs of a specific initiative: Security Architecture and Engineering
Our hallmark security service revolves around assisting our clients to design and implement cyber security architectures tailored for their specific need and regulatory landscape. This set of services is offered in various flavors that meet the objectives of securing service-oriented architectures (SOA), cloud deployments and all types of application-based systems. We have been on the ground for all sizes of engagements providing security architecture and engineering services and have demonstrated that we are a thought leader in this space.
Security Analytics
The next step in security is for people to be able to specify security policies at the management level and have those same policies run in their operational environments with the flexibility of changing the behavior of the security solution as the business policies and guidelines evolve. Oftentimes, information security architectures are product-based which results in limiting what you can do in the security space to the capabilities available in a COTS product. This is not always a bad thing but it does not usually offer flexibility in adapting the security architecture regardless which direction the organization would like to go in. Our security analytics offerings provide our clients with a means to approach automated policy enforcement the way it was meant to be, unconstrained and limitless. Our approaches are rule-based and allow for leveraging any data available to the solution contained within the enterprise data model. The sky is the limit!
Identity and Access Management
BI has successfully designed and implemented multiple identity and access management initiatives for our clients. We have implemented these solutions for both small and large scale environments and each time, we tailored a solution that factored in all of the important elements such as use cases, user experience, identity proofing, two-factor authentication, PKI and attribute-based access control (ABAC). Most recently we are implementing a federated identify management solution for a CMS program. Identity and access workflow development and role establishment are also key aspects of what e-lluminati brings to the table in this service area.
Certification and Accreditation (C&A) Services
Our Company has a wealth of experience successfully implementing C&A solutions and providing the associated support for our past and present clients, both on the federal civilian side using FISMA as well as the DoD community using DIACAP. e-lluminati also has extensive experience in creation of all required C&A artifacts as well as working knowledge of the automated and centralized C&A management tools in place at most agencies.
Penetration Testing
e-lluminati has a very mature methodology which we use to perform security assessments, which includes penetration testing. As part of planning for a penetration test, our resources gather all of the appropriate information that informs the testing plan and that will assist in executing the testing. Following the testing, we work with our clients to address all findings and achieve a more secure system every time.
Security Governance
e-lluminati has successfully developed information security governance frameworks that have significantly improved how security requirements and guidelines are disseminated throughout and organization and establishment - which influence the creation and implementation of the downstream technical guidelines, processes and procedures. This ensures that when management makes changes to the security approach for the organization, the stakeholders follow by being governed by a set of artifacts that are aligned with the top level policy change. The majority of our information security governance professionals possess the Certified in the Governance of Enterprise IT (CGEIT) credential and have several past years of experience implementing these frameworks.
IT Auditing
In order to establish compliance with the security requirements and guidelines that are in place, organizations have to proactively assess the security posture of their environments initially, and then periodically alter that. Assessing the security posture is not a check list that someone uses to say whether something meets the requirement. Auditing is an activity that uses requirements as a baseline, but seeks to identify any weaknesses/deficiencies/enhancements that would lead to strengthening the overall security posture of an organization. In order to do this successfully, you must have a repeatable auditing methodology and resources that can apply the appropriate context to both the requirements and how well the as-is system meets those requirements after they have been rationalized. This is where we can assist with our comprehensive auditing methodology and Certified Information Systems Auditor (CISA) certified resources.