Capabilities
Information Assurance
Achieving a Higher Level of Security
Information Assurance
“History has taught us to never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It’s always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you’ll be glad you did.” — Bruce Schneier
Gormat’s IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation. These goals are relevant whether the information are in storage, processing, or transit, and whether threatened by malice or accident.
This is accomplished by:
- providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.
- conducting security site surveys and reviewing and analyzing security documentation such as SSP, ISCPs, and SCD,
- planning and conducting security testing on various sized networks and systems using automated tools
- updating and maintaining information on accreditation boundary diagrams, hardware and software counts, ports protocols and services and cross domain solutions
- performing a threat analysis and assessment of 8500.2 Information Assurance Controls and a POAM indicating when open items will be closed
- working with IT Security consulting teams to compose requisite documentation (security categorizations, risk assessments, contingency plans, security test & evaluation reports, vulnerability assessment reports, etc.), and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices
- analyzing business models, workflows, and organizational dimensions as they relate to the design, implementation and support of the information system
System Engineering
Safeguard your information from endpoint to email to servers to cloud
Keep track of your sensitive data in motion, at rest, or in use
Give access only to users who need it
Encrypt your data in case it falls into the wrong hands
Software Engineering
Extend your team with our team, around the clock, around the world
Shorten the time between detection and response
Respond to incidents with speed and precision
Proactively counter emerging threats
Program Management
Secures more than one million web servers worldwide
Protects your business with innovation that goes beyond SSL/TLS
Issues 7 out of 10 code signing certificates worldwide
Provides a safer way to buy online with Norton Secured Seal
Acquisition Support
Protect against the most advanced threats with complete protection from endpoint to email to servers to cloud
Detect more threats with cross-control point visibility and remediation
Go beyond signatures to track indicators of attack as they emerge
Leverage everything that Symantec sees globally with one of the world’s largest cyber-intelligence networks