Our offerings include:
Cyber Security Subject Matter Experts
Our experts help organizations like yours gain an understanding of critical security risks and develop a practical security strategy and plan aligning people, processes, and technology to meet mission goals.
Cyber Security Professionals
We guard against rapidly changing threats, collect and analyze data, and investigate events and/or crimes, applying lessons learned to strengthen the security of critical systems and data. Our resources carry some of the most respected certifications in the industry including: CISSP, CISM, IAM, GIAC, and SANS. We are engaged in and provide support to the Cyber Security profession through our support of organizations at the national level with: ISSA, ISACA, (ISC)2, and AFCEA.
We ensure your policy complies with cyber security regulations such as NIST, NERC CIP, FISMA, and other security policies and best practices. We create cyber security awareness programs that go beyond compliance to change behaviors.
Information Assurance: Development of information assurance strategic plans, concept of operations, documenting, implementing, and monitoring IA processes, System Security Authorization Agreements (SSAA) and System Security Plan (SSP) in accordance with NIST and DoD Information Assurance standards and Risk Management Frameworks.
Secure Network Design: Designing and implementing secure networks including perimeter security, network segmentation to ensure security, resiliency and survivability of devices, and Network policy enforcement. Our secure network design includes the implementation of monitoring tools, encryption, and logging to ensure a successful Security Incident Event Management (SIEM) program.
Vulnerability Assessment: Vulnerability Assessment using various tools and review of the network architecture to identify and quantify security vulnerabilities in an environment. We perform an in-depth evaluation of the enterprise information security posture, document weaknesses and provide appropriate mitigation procedures to either eliminate those weaknesses or reduce them to an acceptable level of risk.
Penetration Testing: We perform penetration testing using various reconnaissance and exploitation to simulate both external and internal cyber attackers to look for security weaknesses and gain access and escalate of accesses to systems and networks. We document attack vectors to provide insight into infrastructure weaknesses and allow for quick corrective action.
Security Assessment and Authorization: We provide SA&A support to test and evaluate security controls in accordance with NIST and DoD standards to achieve a FISMA compliant SA&A of systems, applications, or environments. We provide experienced Information System Security Officers(ISSO), and other Cyber Security risk management and compliance professionals to support our customers’ needs.
Continuous Monitoring: We provide ongoing monitoring and awareness of information security, vulnerabilities, and threats and provide an accurate real-time picture of our customer’s security posture and support organizational risk management decisions.
Network Defense: Our experienced credentialed resources work with customers to create the appropriate solutions based on the infrastructure, the environment and the business needs for network security. This effort includes the evaluation of internal and external network components and current configuration of existing networks and network design. The evaluation is utilized to identify potential risks, gaps and vulnerabilities that could affect the customer’s overall security and ultimate break risk.
Network Penetration Testing: We exercise various tools to attempt to gain access and penetrate the customer infrastructure similar to an attack a customer might experience. Our resources use industry accepted methodologies and tools (both open source and vendor offered) to perform attacks as agreed to by the customer – the goal is to gain access and determine where security gaps exist. Our offerings include, External and Internal penetration testing (Red and Blue Team) as well as Social Engineering manipulation to gain additional traction on penetration.
Security Awareness Training: We utilize our certified resources to: evaluate, develop, recommend, or test a customer’s internal security awareness program. We work with the customer to perform surveys, “phish” employees, reinforce behavior and support ongoing education efforts. We are experienced providers of security training and have partnerships with various industry leaders in content development and flexible architecture. We work with the customer to provide the right awareness tools on the right framework.
Cyber Security Resources: We provide the appropriate skilled operational resources at the right time within a value based model. We leverage our talent Operations Center to attract certified and experienced resources with the required experience to support the customer’s needs. All proposed resources are evaluated by Lords subject matter experts to insure the skillsets needed are not “paper based” and meet our high standards for customer support.
Analytical Support and Data Analytics: Lords has been a leader in Analytical Support and Data Analytics from the introduction of the tool. We are experienced in Big Data and the ability to identify raw data and interrogate that data to identify trends and develop intelligent conclusions based on business models and theory. We take our experience and utilize these same methodologies for identifying Cyber Security trends and potential threats to our customer’s environments based on co-developed models that address unique needs and challenges to increase the level of protection or address the risk tolerance of the customer.
Secure Network Design: Our design approach is based on identifying existing vulnerabilities in the environment, review of the identified network components and the current state of the infrastructure. When all vulnerabilities and requirements are identified, the business objective and data protection and connection sensitivity are incorporated to identify the network protocols and port selections needed to provide an effective business solution in line with the risk appetite of the business.
Information Assurance: Our Certification and Accreditation activities supporting agency mission success have been developed with many years of experience supporting the C&A needs of information systems and data of federal agencies. We research the assurance needs of the organization prior to any activity taking place. This approach insures that we are providing the level of assurance needed based on controls the customer is expected to adhere to. The goal is to identify the controls needed to insure Confidentiality, Integrity and Availability of the data while in-use, in transit or in storage, and to evaluate those controls as being appropriate and successful for those authorized to access those systems or data.
Threat Analytics: Lords offers a holistic approach to Cyber Security by anticipating future threats and incorporating them into our customer and internal action plans. Threat Intelligence is a service that provides analytic metrics of current and future vulnerabilities. This service provides information to predict emerging threats and future vulnerabilities, and prioritize actionable mitigation steps. We expand on our experience and utilize these same methodologies for identifying Cyber Security trends and potential threats to our customer’s environments based on co-developed models that address unique needs and challenges to increase the level of protection or address the risk tolerance. Identifying trends through analysis ensures that your unique Plan of Action will include program details and operational changes are tailored specifically for your programs’ security needs.
Privileges to Customers
- Improved overall security compliance with information security policies, procedures, standards, and checklists
- Enhanced communications of rapidly changing threats
- Aligned risk management framework
- Mitigated pressing cyber security challenges through approaches designed by thought leaders
- Reduced number and extent of information security breaches
- Reduced systems’ costs by designing control measures into your systems, rather than adding to installed systems
- Improved savings through coordination and measurement of security