Information Security
At Guident, we believe responsible risk management requires quantifying the information assurance issues you're facing today, whether they are threat, regulatory or process driven. Our approach uses automation that leverages your existing investments in tools and infrastructure to bring situational awareness and analysis in reference to your agency's mission. Successful use of automation will reduce service delivery costs while increasing the security of services through continuous monitoring.
Organizations leveraging disparate vendor tools often ask the question, "How do you ensure compliance?" We provide baseline, real-time security and standards monitoring of cloud infrastructures and application services. Focusing on the overall business requirements, we offer a complete view into the security components across an agency, including policy, process and technology.
Guident takes a broader view of information assurance issues and is able to adapt to your agency's risk profile. We understand all agencies are different and we tailor solutions to meet your specific risk profile. Guident is the right size company to adapt to your needs - we are nimble and flexible enough to meet your organization's specific goals and objectives.
Providing Mission-Focused Security
Guident's Information Security derives solutions with the most value to you; we start by analyzing your environment from business, regulatory and technology perspectives. This data enables informed analysis of the threat and regulatory environment your organization resides in. Constrained by project scope and goals, the analysis output drives the solution implementation and vendor evaluation for COTS/GOTS products. We leverage our CMMI quality processes to deliver security services and solutions to ensure the highest quality deliverables for our customers.
Mature environments typically boast an array of point security solutions that address specific threats to an agency. These individual solutions create silos of security data each with their own rules regarding retention, access and value of data elements. Adopting an automated approach to data collection from these silos streamlines the risk management effort.
Manual analysis techniques traditionally fail due to limited accuracy, omissions and the costs involved with setup and upkeep. Automation allows the improvements to be tracked in real-time as they are applied to the environment, further bolstering the ability to quantify risk to the organization. Following the analysis and quantification of risk, we can assist with remediation actions prioritized by the benefit to your organization with respect to mandated controls.
Guident's Information Assurance Services
Many agencies seek to address information assurance problems using traditional methods. Guident maintains these traditional security service offerings, but is also experienced in new and emerging approaches. We understand that most agencies have mature information assurance processes that are strained by the dynamics of new data center solutions. Our certified experts understand these processes and can maintain their value while augmenting them by:
- Automating approaches to traditional security work flows
- Utilizing your existing technologies to automate processes and save time and money
- Leveraging our experienced business intelligence approach to manage risk
- Providing a total solution (not components) that you own after delivery
- Inserting sound information security practices into the full integration life cycle
- Conducting thorough market analysis and maintaining a deep knowledge of project trends and procurement processes
Guident is dedicated to improving our nation's information security posture. For agencies to be successful meeting information assurance requirements, they must creatively deal with mounting regulatory issues, static budgets and emerging technology mandates. We achieve results through our comprehensive and cost effective approach to protecting your information and systems.
Biometric Security
Guident has supported numerous high-volume Federal fingerprint and facial recognition data processing initiatives. This includes designing and delivering automated biometric identification solutions that have rapidly and uniformly provided matching and duplication detection for Federal organizations processing millions of records. Guident has provided services to develop robust front end and queue driven warehouse applications based on Oracle and Microsoft technologies - including application interfaces created to access matching results based on specific work flow processes - while minimizing training requirements.
Cloud Security
Cloud computing and virtualization technologies facilitate "elastic computing capabilities." Organizations leveraging elastic computing introduce compliance and management challenges that impact traditional processes used to govern data centers. Guident has provided best practice documentation and engineering services to secure multi-tenant virtualized Federal data centers.
Identity Management
Federal organizations must comply with Personal Identity Verification (PIV) requirements for Federal employees and contractors, successful integration requires highly integrated Logical Access Control systems (e.g. Microsoft Active Directory or Oracle Access Manager) and Physical Access Control systems (e.g. PIV Card and Common Access Cards (CAC)). Guident has assisted enabled multiple Federal agencies to establish a seamless union between PAC and LAC environments. This includes work flow integration that allows for traditionally separate entities and processes to work in collaboration.
Governance and Compliance
The expansion of Federal networks due to virtualization and cloud computing has highlighted the importance of securing information systems. Security is critical to how these organizations meet their mission objectives. In order to address the security challenge, Guident focuses on information assurance policy and incorporates it into holistic governance to ensure success.
Guident works with Federal Program Management Offices and information assurance organizations to facilitate better understanding for of compliance objectives and mission requirements. Guident can assist your organization in developing structured information about operational activities; work flow and processes that are key information assurance governance factors which determine business mission effectiveness.
Virtualization, Control and Optimization Portal
Sound risk management requires appropriate intelligence on the factors associated with the risk. Much of an organization's security and operational data lacks value to decision makers due to the proliferation of point solutions generating data. Guident helps organizations protect their existing information security investments, develop a proactive risk management approach and enable continuous compliance by juxtaposing operational and assurance data to meet specific business and compliance objectives.
"
"
Secure Network Design Services
With proven expertise in developing and implementing comprehensive secure network infrastructures, Guident understands the inherit risks to associated with sharing information across organizational boundaries, and designs comprehensive network security infrastructure solutions for component, trust-level policy enforcement. Guident provides high speed, secure and load balanced highly available information systems for numerous Federal customers.
Guident specialized in implementing accredited networks designs that include three-tiered security enclaves designed around network perimeter architecture. Example architectures include:
- External screening router that provides initial access filtering against a variety of service disrupting attacks
- Redundant firewall system that utilizes stateful or proxy firewall designs to provide the backbone of the perimeter defense
- Internal screening routers offering tertiary layers of access control and providing internal network routing aggregation
We also recognize the delicate balance between executing a comprehensive security design and providing high availability with high throughput capable networks. We provide solutions suited to each client's environment, and incorporate adaptable and reproducible features.
Certification and Accreditation
Proper certification and accreditation (C&A) program execution promotes the understanding of agency-related mission objectives and risks resulting from the operation of information systems. The C&A process ensures authorizing officials are properly informed and can provide appropriate security accreditation decisions, often through the labor intensive generation of complete, reliable and trustworthy documentation. The multiple steps that comprise creating C&A packages are largely manual processes, and ever-changing mandates for the security of information systems only add to the time and costs associated with the process.
Guident has provided FISMA C&A services, information assurance governance and policy analysis for numerous Federal clients. We have staff assigned to government contracts at a large number of customer locations, providing the full spectrum of C&A services.
Secure Database Design
Protecting a database differs from other types of security (network, hardware, operating systems, application, etc.). While the security issues revolving around applying patches closely resemble operating system security, databases are vulnerable to unique attacks, such as SQL injection and DDA. Furthermore, the regulatory environment (SOX, HIPAA, Gramm-Leach-Bliley, PCI, ect.) place distinctive constraints on the database operational environment.
Guident has secured database systems (Oracle, Microsoft, IBM, open source, etc.) for a variety of Federal, commercial and financial organizations. We have extensive experience in resolving the complex issues associated with data sharing. Privacy concerns, secure network design, application security and complex business rules are just some of the elements our security staff review to ensure databases are securely designed, deployed and defended against costly compromise. Examples of our database security services include:
Configuration and Installation: Guident's consultants ensure seamless security between the RDBMS and the operating system, verifying implementation of best practices from both the vendors and security community, such as:
- Authentication rules (complexity, reuse)
- Network/Communications hardening
- Elimination of insecure default settings.
Design and Development: Guident's consultant work to ensure best practice security methods are "baked in" from the outset of a project, validating both the database development process and results. This prevents issues such as:
- Overly generous object grants
- SQL iInjection attacks
- Incorrect data access paths
At Guident we believe in the tents of a defense-in-depth strategy for protecting the enterprise; in that environment, securing the database becomes the last line of defense.
Application and System Development Security
Poorly implemented application and system development can increase an organization's agency's threat surface with respect to malicious attacks and data leakage. Abstractions presented by modern languages accelerate development timelines by reducing the number of implementation details a programmer must manage directly. These details are still relevant from a security perspective since incorrect use of the abstractions, such as failure to account for concurrency awareness, can result in data leakage and, potentially, circumvention oft he overall architectural security model.
In addition, translating many of the standards and policies described in the FIPS, NIST and the FISMA standards can seem daunting to a development team and threaten project timelines. Guident has a well established practice in assisting Federal agencies with solving their identity and information security needs, leveraging COTS and GOTS software development products, within the application and system development space.
