Network Security Assessments | C5i: Commanding Intelligent Security

With hackers and terrorists continuing to pose a threat to online systems and networks, you need to be sure that your IT security is as tight as possible. C5i can help you verify that your information assurance program is sufficiently protecting your network and systems. C5i testers and auditors can evaluate specific areas of your IT security program and identify any areas of weaknesses - before they're exploited.

As part of C5i's Network Security Assessments program, security experts can perform a certification and accreditation (C&A) or specific assessments/testing that focus on one particular area of need:

Certification and Accreditation

As Government-mandated IT security evaluations become a way of life, organizations and agencies are finding that they just don't have the manpower, expertise, or resources to perform every required task. Many of these organizations have turned to C5i for help. As IT security experts, C5i can help Government agencies and defense organizations with all phases of the C&A process. From planning and budgeting a new C&A initiative to performing certification reviews to packaging and presenting the results, C5i will be with you every step of the way.

C5i's Information Assurance experts ensure that your C&A effort complies with every applicable Government and military standard, including:

DoD standards, such as DOD 8510.1-M (DITSCAP), DODI 5200.4, and DOD 5200.28-STD
National security standards, such as NSTISSI 1000 (NIACAP), NSTISSI 4009, and DCID 6/3
NIST standards, such as SP 800-37 and 800-53
OMB A-130
Computer Security Act
FIPS Pubs, such as FIPS 199 and 200

Using a team of experts, industry best practices, and standardized processes and tools, C5i can deliver C&A results that ensure your IT assets and information are appropriately protected.

Ethical Hacking/Penetration Testing

To help organizations proactively manage risk in the context of their overall goals of protecting their information assets and reputation, C5i maintains a world-class Security Health Center focused on the development and delivery of network security assessment services. These services focus on identifying vulnerabilities throughout the organizations network, including servers, workstations, network devices, and software applications.

C5i's penetration testing is primarily concerned with infiltrating your network's defenses in order to meet a specific IT security goal, such as proving that your network perimeter is secure. Ethical hacking/ penetration tests usually focus on the primary methods used by hackers to gain access to your network, applications, and data. C5i's penetration tests are performed against your infrastructure in a non-destructive way to identify vulnerabilities in the configuration and architecture of these systems.

C5i offers three basic types of assessments/testing:

Application Security Assessment
Wireless Security Assessment
Physical Security Assessment

Application Security Assessment

C5i's Application Security Assessment can occur at any point in your application's life-cycle, and includes application design analysis, code review, and application security testing and analysis.

Wireless Security Assessment

C5i's Wireless Security Assessment includes the evaluation of your wireless network architecture, access point configuration (war-driving), and encryption technologies. It can also include an optional review of your wireless security policies to ensure that your wireless security program is on track.

Physical Security Assessment

C5i can help minimize your risks by assessing your infrastructure vulnerabilities and recommending solutions that will ensure the security and continuity of your mission. C5i's Physical Security Assessment team will critically examine your facilities, systems, and high-value assets; give you a detailed risk assessment based on your mission requirements; and provide recommendations for enhancing security and managing your risks.

Physical security assessments include evaluations of security requirements, including policies and procedures, personnel response, mechanical and electronic security measures, access control, use of video surveillance systems, alarm systems and other measures necessary to ensure detection, assessment, response, delay, and neutralization of potential adversaries. The physical security assessment then evaluates the actual physical controls in place, comparing them to your requirements and policies as well as Federal standards and industry best practices. Vulnerabilities and associated risks are identified, and countermeasures are recommended.

C5i can also assist property owners, property managers, and architectural and engineering firms in defining physical security requirements and specifying physical security solutions. Click here for more information about how C5i can provide a customized implementation plan to address physical security needs.

A Proactive Approach (the best defense is a good offense)
C5i's Vulnerability Assessments can also be provided as a managed service, giving you regular, frequent evaluations of your network to ensure that network configuration changes do not inadvertantly open up holes in your defense. Click here for more information about C5i's managed services.

Security Architecture Evaluations

The Security Architecture Review process focuses on reviewing the infrastructure and application security architecture, as well as testing and verifying application, network, and security system configurations.

C5i's security consultants will examine the design and architecture of the infrastructure in order to determine how it handles sensitive data and compare it to internal policies and enterprise architecture standards as well as NIST guidelines.