Cyber Security Approach
Cyber Tiger Technologies utilizes an approach to information security services which incorporates a continuum of integrated risk management framework. Our framework encompasses best practices, management, operational and technical security controls and solutions, ranging from passive protective measures to active defensive responses.
We bring to bear a set of methodologies that enable us to assess the situational security posture of sensitive information and information systems in a consistent and repeatable approach to determine what security measures to apply for securing the information assets.
A set of information security program management capabilities encompassing policy, compliance, security governance, capital planning and investment, and privacy requirements.
Security Architecture and Engineering
Capabilities include definition, design and implementation of security architecture models that support network, application, infrastructure, and data structure protection. A range of information security capabilities for supporting the system development lifecycle including planning, security requirements development, design, security control implementation, product integration, secure code practices and operational configuration support.
Cyber Tiger can provide technical expertise, support, and guidance in the establishment of the client’s enterprise security architecture and will assist the customer in the following:
- Security Engineering – including Sensor Networks, PKI, Web, OS, Database, SDLC support.
- System Level Implementation — Implement defined system‐ level security requirements and security specifications; specified component products; appropriate metrics for product/system testing, evaluation, and assessment; and comprehensive system security planning and life cycle management.
- Sensor Nodes – Deploy sensor nodes in the network, where appropriate, as determined by the network architecture and in compliance with all applicable Statutes, Acts, guidelines, and policies.
- Security Analysis, Options, and Procurement — Cyber Tiger can develop and analyze secure options for improved communication and collaboration between sites, headquarters, and trusted partners. This may include options for secure communication via intranet, extranet and other web based solutions; PKI; and VPN. JTek can procure suitable tools for implementation of the solutions and provide suitable training across the enterprise. We can also support the management and operation of these tools, including management of systems, certificate authorities for PKI, and key management for VPN.
Monitoring Tools and Training — Recommend and, with customer approval, procure suitable tools and training to
maintain a monitoring infrastructure that provides alerts upon security policy violations; and provides the ability to
audit, and remediate all network connected devices.
Participation in Security Related Forums — Participate in IT Governance and Change Control Boards (CCBs) to
provide a forum for issues such as vulnerability and patch management, configuration management, and major computer security related changes.
Design and Maintenance of System Design Lifecycle (SDLC) — Support includes: reviewing system architecture during the initial phases of system development; evaluating planned security controls; recommending approaches when appropriate; and providing technical guidance throughout all phases of SDLC .
Creation of Security Pilots — Creation and execution of security related hardware and software pilots to enhance the security posture associated with threats to information assets (e.g., adaptive threat mitigation and reduction across the entire infrastructure).
IT Governance, Security Component — Evaluate systems against the latest security architecture and technical security configuration requirements. Develop a repeatable process for implementing, and periodically assessing system status in consideration of new Federal security configuration requirements.
Security Software Product Reviews — Cyber Tiger remains up‐to‐date with state‐of‐the‐art tools and technologies in
order to recommend best practices to Customer. Cyber Tiger may utilize technical resources from organizations such
as Gartner, NIST, SANS (SysAdmin, Audit, Network, Security) Institute, ISO, ISACA (Information Systems Audit and Control Association), CCEVS (Common Criteria Evaluation Scheme), and others
New Security Product Research & Development, Evaluation & Testing — Select and test new security products to ascertain their strengths and weaknesses in light of customer requirements. Report results and make recommendations based on test results. Support of Internal, Non‐Standard Security Program Equipment – Support the use of non‐standard equipment used to support the strengthening of the customer’s security posture.
Guidance and Monitoring of Connections with Outside Partners —Evaluate requests and requirements for outside connections, and with Customer approval, assist in implementation
- To gain and maintain certification to an industry regulation.
- To adopt best practice by conforming to legal and industry regulations.