IT Security Consulting

As the quantity of cyber threats multiply exponentially each month and the complexity of attacks are enhanced almost daily, network security has become the #1 concern of a majority of CIOs and network administrators in all public and private sectors across the US.

Securing your information and protecting your company’s reputation isn’t just about technology.

• It’s about understanding your assets, weaknesses, and the threats towards your business in order to calculate true risk.
• It’s about mitigating that risk to an acceptable level.
• It’s about policies, procedures, and configuration guidelines.
• It’s about increasing the security awareness for your employees, and empowering them to stay ahead of the threats.

At SBS we understand the big picture and specialize in understanding the security needs of our customers in the context of their operational needs. We learn about the challenges you face and help you with assessments and services designed to achieve compliance and reduce risk. Our team of security professionals with deep technical expertise and specific industry knowledge assess your threats and vulnerabilities. The teams then work to mitigate risk while helping to achieve compliance with relevant standards such as HIPAA, FERPA, ARRA, GLBA, NERC/CIP, and SOX.

Based on the National Security Agency (NSA) Information Security (INFOSEC) Assessment Methodology (IAM), SBS consultants correlate and analyze vulnerabilities using manual testing, multiple tools, and proprietary processes for insight across applications, systems, and networks. The result is objective, strategic guidance for your security and compliance needs.
The NSA IAM is a detailed and systematic method for examining security vulnerabilities from an organizational perspective as opposed to a only a technical perspective. Often overlooked are the processes, procedures, documentation and informal activities that directly impact an organization’s overall security posture but that might not necessarily be technical in nature. The IAM was developed by experienced NSA and commercial INFOSEC assessors and has been in practice within the U.S. government since 1997. It was made available commercially in 2001.

NSA developed the IAM to give organizations that provide INFOSEC assessments a repeatable framework for conducting organizational types of assessments as well as provide assessment consumers appropriate information on what to look for in an assessment provider. The IAM is also intended to raise awareness of the need for organizational types of assessment versus the purely technical type of assessment. In addition to assisting the government and private sectors, an important result of supplying baseline standards for INFOSEC assessments is fostering a commitment to improve an organization’s security posture.

Our Partners
GE Energy                Autodesk                Safe Software                 MS                 Oracle