Information Assurance

Information Assurance

Privacy protection

Contact Us

Achieving a Higher Level of Security

“History has taught us to never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It’s always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you’ll be glad you did.” — Bruce Schneier

Gormat’s IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation. These goals are relevant whether the information are in storage, processing, or transit, and whether threatened by malice or accident. This is accomplished by:

  • providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.
  • conducting security site surveys and reviewing and analyzing security documentation such as SSP, ISCPs, and SCD,
  • planning and conducting security testing on various sized networks and systems using automated tools
  • updating and maintaining information on accreditation boundary diagrams, hardware and software counts, ports protocols and services and cross domain solutions
  • performing a threat analysis and assessment of 8500.2 Information Assurance Controls and a POAM indicating when open items will be closed
  • working with IT Security consulting teams to compose requisite documentation (security categorizations, risk assessments, contingency plans, security test & evaluation reports, vulnerability assessment reports, etc.), and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices
  • analyzing business models, workflows, and organizational dimensions as they relate to the design, implementation and support of the information system


Click Here