Security Assessments
Independent third party assessments to validate and verify that your systems meet industry standards for security.

Today’s enterprise information systems are increasingly susceptible to threats from a variety of sources. These threats can be accidental such as environmental disruptions, human or machine errors; or they can be purposeful, such as hacking attempts to obtain personnel information.

With Federal agencies increasingly using cloud-based services where data could be exposed to the public via API’s, the threat to agency information and information systems increases. Such threats have far-reaching consequences for the agency by compromising the confidentiality, integrity, and availability of the systems that provide this information.

With this ever increasing threat, organizations must employ security measures to ensure that their systems are free of flaws that could be exploited by hackers and malicious individuals to the detriment of the organization.

But, managing information system-related security is a complex undertaking that requires the involvement of the entire organization — from senior leaders providing the strategic vision and top-level goals and objectives for the organization, to mid-level leaders planning and managing projects, to individuals on the front lines developing, implementing, and operating the systems that support the organization’s core missions and business processes.

We at Linear B work closely with our client to help combat security threats by conducting security assessments which address information security threat.

Our security assessments are more than just a checklist, simple pass-fail result, or the generation of paperwork to pass inspections or audits. We work closely with all levels of the organization to verify that the implementers and operators of information systems are meeting security goals and objectives.

Utilizing standards such as NIST 800-115, NIST 800-53 and NIST 800-37, our assessment teams focus on how well your information system and organization meets mandated security objectives.

In addition, our team of security experts will conduct vulnerability scans of your system to search for application backdoors, malicious code, and other threats that may exist in purchased software or applications developed internally.

Linear B security assessments are comprised of the following activities:

  • Categorization of the information system and the information processed, stored, and transmitted by that system. The results of the security categorization activity provide a foundation for the selection of security controls for the information system and also, where applicable, the minimum assurance requirements.
  • Selection of an initial set of baseline security controls which are based on the security categorization. The security control baseline may be tailoring and supplemented as needed.
  • Assessing the information system against baseline security controls to determine the extent to which the controls are implemented, operating as intended, and producing the desired outcome with respect to meeting the security requirements. Assessment methods such as testing, examination and interviewing are utilized as part of the assessment process.
  • RemediationThe results of the assessment activity are analyzed to determine the severity and seriousness of the findings. We will work closely with the customer to remediate these findings, providing additional guidance where needed and assisting in system updates.
  • Continuous Monitoring of security controls on an ongoing basis including assessing control effectiveness, documenting changes to the system or its environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to designated organizational officials.