SiloSmashers ISSO service provides key functions, including representing each system as the security officer.
The Information Systems Security Officer (ISSO) plays a critical role in ensuring the confidentiality, integrity and availability of systems. An ISSO touches a wide range of IT security functions that requires a strong mix of technical and policy skills.
As the officially designated ISSO or providing ISSO support, SiloSmashers ISSO service provides key security functions, including representing each system through the system life and ensuring the implementation and maintenance of controls according to the security plan and agency policies. SiloSmashers also provides a liaison between stakeholders, including IT teams, business owners and auditors.
We understand the need to leverage scarce cyber security resources across multiple activities. Our unique ISSO-as-a-Service directly aligns with an organization’s information security requirements and vision. Using Agile tools such as Kanban boards, we efficiently deploy security personnel based on program priorities, providing the specialized support needed to complete security tasks on schedule.
SiloSmashers structured approach to the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), focusing on securing information and managing risks in access, processing, storage and transmission. Trusted advisor to our customers.
Our comprehensive approach to incorporate security controls in design, development, testing, and operations addresses:
- A well-defined systems description that can be managed effectively throughout the system lifecycle
- Tailoring of controls to align with operational requirements and risks
- Cost effective implementation of security features
- Strong collaboration by our certified experts with development teams to implement and evaluate alternatives for security design and implementation
Our approach enhances the Agile methodology by integrating Security Scrum Master responsibilities into DevOps. SiloSmashers unique Agile RMF approach results in:
- Definition of security coding standards and primary security features such as multi-factor authentication
- Selection, configuration and evaluation of automated testing tools
- Development of security stories and acceptance criteria
- Review and management of product backlog and Sprint planning
- Review and approval of all security features, including design and implementation
- Augmenting Sprint teams by supporting security design reviews and addressing control implementation. This includes development of design alternatives and compliance evaluations.
- Represent security in Sprint retrospectives
The Department of Homeland Security’s mandate for all agencies to implement CDM is forcing agencies to understand what’s on their network, who’s on their network, and what are they doing.
SiloSmashers has experience, lessons learned, and standard procedures for successful agency implementation. Our approach addresses the following:
- Assisting in the assessment of the readiness for the CDM technology insertion
- Getting organized and understanding what information needs to be collected and baselining existing policies and procedures
- Setting up a management structure at the agency to work with the DHS Program Office and CDM integrator
- Building and internal agency communications and change management plan
- Transitioning the operational capabilities from DHS to the agency and initiation of standard reporting
We can help you select and implement the best governance to ensure all security requirements are met at a competitive cost.
An effective security posture begins with sound governance. SiloSmashers security governance includes cybersecurity strategy development and implementation, and development of security policies, procedures, standards, guidelines and baselines. We also work with CISOs to institute security frameworks, including ISO 27000, ITIL, COBIT, COSO and NIST.
SiloSmashers understands governments and private sector organizations are obligated to protect information. Developing and maintaining a security architecture is critical for implementing a comprehensive security solution and making technology investments.
Our approach addresses the networks, applications and databases that enable an organization’s critical operations. Our core principles include:
- Foundational concepts of confidentiality, integrity and availability
- Defense in depth — enabling layers of defense, minimizing gaps and the impacts of a breached layer
- Least privilege — minimizing authorization of a person or a process to accomplish a task
- Data classification — determining the level of security controls needed to protect data
- Separation of duties — dividing a task and authority to minimize risk of a single point of failure
SiloSmashers understands that insider threats are one of the largest security concerns facing governments and corporations.
Insider threats include acts of sabotage, theft, espionage, and fraud. They are often carried out through abusing access rights, theft of materials, and mishandling physical devices. An insider threat can be a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally misuses that access to negatively affect the confidentiality, integrity, competitive advantage, trade secrets, or availability of the organization’s information or information systems.
Let SiloSmashers certified Insider Threat professionals help you detect insider threat behaviors and deter malicious activity.