The Noblis Information Assurance Center of Excellence (IA COE) staff has broad experience in system security engineering for many clients, including significant experience in the areas of compliance, cyber security and computer network defense, secure configuration of web-based servers and in security product evaluation. The Center has skills in policy development, requirements definition, system analysis, product evaluation, as well as experience implementing and testing specific protection mechanisms, including firewalls, virus detectors, authentication mechanisms, and cryptographic products.
We have extensive experience solving complex problems in both classified and unclassified environments and have a long track record of assisting many Federal agencies with the design, implementation, and operation of successful IT security programs. For example, we have performed as Validators for the security certification of products submitted to government agencies for the last 20 years. We applied testing and deployment experience, sound testing methodology, oversight of the vendor participation in requirements analysis and testing, and oversight of test execution. Noblis also has experience providing product evaluation support to assist with security requirements specifications, helping incorporate high-end IT security into the system development lifecycle, and assisting clients establish sound evaluation methodologies to meet their unique needs.
In today's electronically interconnected world, organizations use the Internet to access information and to provide others access to their own information. However, the business opportunities provided by the Internet usually come bundled with significant security vulnerabilities. Left exposed, these vulnerabilities can have catastrophic consequences in the form of theft, unauthorized release of privileged information, modification of data, identity masquerading, introduction of computer viruses or other hostile code, and prolonged system downtime.
Proper implementation of information security practices enables an organization to balance new technology opportunities against the security risks of implementing those technologies. An effective security program addresses the risks inherent in the use of computer networks.
The Noblis IA COE has the experience and expertise in information security technologies, tools, and products to design and protect information networks while permitting innovation, evolution, and growth. Our information systems security team provides services that span the entire development and fielding life-cycle, with special emphasis on satisfying unique customer requirements.
Security Policy - A clear, well-defined security policy describing the security rules for the enterprise is critical to the secure operation of an organization. Noblis has extensive experience developing security policies for client organizations of all sizes and in documenting existing policies while finding opportunities for improvements.
Security Architecture - Noblis understands the multitude of threats to which an interconnected system is vulnerable and is experienced in the technologies critical to mitigating these threats. Areas of expertise include firewalls, digital signature and public key infrastructure (PKI), web server security, anti-virus software, authentication systems, cryptography, workstation security, and secure remote dial-in. Noblis advises on the selection of security products and on their effective use within different operational environments.
Security Integration - Noblis integrates security solutions into existing environments, including single computer systems, large interconnected networks, and web servers.
Security Awareness Training - The best security is useless if our clients cannot take full and effective advantage of it. Noblis trains end-user, operational, and administrative staff in all aspects of information security.
Security Management - Maintaining a secure enterprise requires ongoing and active management of the security of its information systems. Noblis provides support in maintaining a security baseline, in defining roles and responsibilities, and in fielding security administration tools for ongoing secure systems operations and maintenance.
Security Assessment - Noblis evaluates client systems and networks for security vulnerabilities using the automated and manual mechanisms as appropriate.
Noblis clients benefit from our broad experience in information and network security. Whatever the client's current life cycle phase, we can assess existing security vulnerabilities and develop solutions that maximize the client's operations and minimize the client's risk. Noblis clients add the newest technology with confidence that they fully understand their security risks and have chosen the optimum mitigation strategy.
