Information Assurance

Achieving a Higher Level of Security

Information Assurance

“History has taught us to never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It’s always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you’ll be glad you did.” — Bruce Schneier

Gormat’s IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation. These goals are relevant whether the information are in storage, processing, or transit, and whether threatened by malice or accident.

This is accomplished by:

  • providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.
  • conducting security site surveys and reviewing and analyzing security documentation such as SSP, ISCPs, and SCD,
  • planning and conducting security testing on various sized networks and systems using automated tools
  • updating and maintaining information on accreditation boundary diagrams, hardware and software counts, ports protocols and services and cross domain solutions
  • performing a threat analysis and assessment of 8500.2 Information Assurance Controls and a POAM indicating when open items will be closed
  • working with IT Security consulting teams to compose requisite documentation (security categorizations, risk assessments, contingency plans, security test & evaluation reports, vulnerability assessment reports, etc.), and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices
  • analyzing business models, workflows, and organizational dimensions as they relate to the design, implementation and support of the information system


Learn More


System Engineering

Safeguard your information from endpoint to email to servers to cloud

Keep track of your sensitive data in motion, at rest, or in use

Give access only to users who need it

Encrypt your data in case it falls into the wrong hands

Learn More

Software Engineering

Extend your team with our team, around the clock, around the world

Shorten the time between detection and response

Respond to incidents with speed and precision

Proactively counter emerging threats

Learn More


Program Management

Secures more than one million web servers worldwide

Protects your business with innovation that goes beyond SSL/TLS

Issues 7 out of 10 code signing certificates worldwide

Provides a safer way to buy online with Norton Secured Seal

Learn More

Acquisition Support

Protect against the most advanced threats with complete protection from endpoint to email to servers to cloud

Detect more threats with cross-control point visibility and remediation

Go beyond signatures to track indicators of attack as they emerge

Leverage everything that Symantec sees globally with one of the world’s largest cyber-intelligence networks


Learn More


Product Releases and Updates