Modern networks open up vast opportunities for individuals and organizations, but also introduce new risks through cyber-attacks that can originate from anywhere around the world.
LTS helps clients manage cyber risk with a comprehensive suite of cybersecurity service offerings to protect information assets and data from cyber-attacks. We have highly skilled, experienced consultants who provide clients with cyber risk management consulting, engineering, operations, and compliance management support. We tailor solutions to specific client needs for system protections to ensure the proper functioning of network, server, application, and database technical security controls.
Cyber Security Service Offerings:
Security Operations Center Management
Our Information System Continuous Monitoring (ISCSM) approach helps more closely align compliance needs with security gaps that in turn helps mature our client’s cybersecurity posture to be ready for ever evolving threats and changing system operational environments. Specific activities include:
- Manage security event log aggregation tools that collect network and syslog data from security devices including routers, switches, firewalls, IDS, web and email gateways.
- Develop cyber analytic dashboards to increase security posture visibility and actionable data on the highest priority threats. Perform continuous monitoring activities to remediate and mitigate server, endpoint, network, application and database vulnerabilities with automated vulnerability scan tools.
- Build and implement an ISCM strategy aligned with the Risk Management Framework (RMF) and automation of security controls.
- Establish an ISCM program to supports the collection, analysis, development, and detection of security risk-related information.
Our Active Response Solutions benefit organizations by stopping suspicious activity in real time, initiating forensic analysis and information security process improvements, and providing an additional protective layer to secure sensitive data. Specific activities include:
- Secure and harden systems at appropriate assurance levels through vulnerability identification and reduction following the National Checklist Program (NCP), DISA STIGs and NIST SP 800-53 Rev. 4 security control guidelines.
- Implement application and database security solutions to uncover information system configuration weaknesses, identification and access control issues, missing patches, or any toxic combination of settings that could lead to escalation of privileges attacks, data leakage, denial-of-service (DoS), or unauthorized modification of information systems.
- Define and implement automatic responses to specific types of suspicious and unauthorized behavior. Types of responses include: alerting IT, alerting SIEM systems, opening trouble tickets, initiating malware scans, and blocking activity or closing sessions
Our Software Assurance Support provides a more secure software product at release which, in turn, creates a reduction in compliance findings, lowering the cost of fixing and maintaining application security risks. Specific activities include:
- Develop secure coding quality practices as part of web and mobile application approach throughout the Software Development Life Cycle that covers design phase, code base, and the entire information system as a whole.
- Perform manual and automated vulnerability scans for custom and open source code that are both static and dynamic using a variety of industry leading tools to make sure vulnerabilities are found and fixed well in advance of a compliance assessment.
Governance, Risk, and Compliance Management
Our Governance, Risk and Compliance Support services enable customer readiness and efficient delivery, minimizing impact to your technology support teams and supporting efficient deployment and maintenance of information technology resources. Specific activities include:
- Prepare Information Assurance (IA) compliance documentation for Assessment and Authorization (A&A) activities to address DoD, Risk Management Framework (RMF), FISMA, and FedRAMP accreditation requirements; perform IA policy and technical security control risk assessments based on NIST SP 800-53 Rev. 4 security controls; and mitigate residual risks through Plan of Action & Milestones (POA&M) management.
- Develop, update and review of all required security documentation, services are implemented in accordance with the guidelines specified within NIST SP 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems.
- Advise clients on their overall cyber risk posture in terms of a Cybersecurity Maturity Model to help visualize the effectiveness of current and desired protections in terms of people, process, and technology.
Clients Supported by LTS Cybersecurity Offerings
- Defense Health Agency (DHA) / Joint Medical Logistics Functional Development Center
- DHA / Pacific Joint Information Technology Center
- Department of Commerce / National Security Program Support
- Department of Energy / Office of Corporate Information Systems CF-40
- United States Air Force / Air Mobility Command
- Veterans Administration / Interagency Program Office
- Veterans Health Administration (VHA) / VA Mobile Application Framework
- VHA / Telepathology Application Innovation