IT/Cyber Security

CYBER SECURITY

Today, organizations face a wide variety of technological and strategic Cyber Security challenges in a complex and dynamic environment.  An effective Cyber Security response requires strategies, policies, plans, and technologies able to match these rapidly evolving security environments.   JME Cyber Security service portfolio provides both consulting and staffing services with experienced, credentialed staff. 

Our service delivery approach focuses on State and Federal Cyber Security risk management and compliance. Regulatory compliance includes the Federal Information Security Management Act (FISMA), Agency policies and directives. Frameworks used include National Institute of Standards and Technology (NIST) and Risk Management Framework (RMF), ISO 27001, and FedRamp Cloud frameworks.

Our Cyber Security services include:

Risk Management and Compliance Services

·         Provide security assessment and authorization (SA&A) – previously called certification and accreditation – using National Institute of Standards and Technology (NIST) special publications (SP) for the Risk Management Framework, including SP 800-37, SP 800-53, and SP 800-53A

·         Develop compliant security assessment documentation, security categorization reviews, system security plan analyses, and security plans

·         Develop and deliver targeted Risk Management Framework Training for various stakeholders

·         Provide governance, risk, and compliance (GRC) services through long-term staff such as an Information Systems Security Officer or Manager

·         Conduct risk assessments using NIST 800-30, 800-18 and 800-53A

·         Conduct vulnerability assessments for networks, systems, applications, and databases using Security Content Automation Protocol (SCAP)-validated tools that leverage the National Vulnerability Database (NVD) and configuration standards such as U.S. Government Configuration Baseline (USGCB), Federal Information Processing Standard (FIPS) 140, and Secure Technical Implementation Guides (STIGs)

·         Support organizations in performing their risk management tasks and activities, including preparing for audits by outside parties and training personnel

·         Design and manage the continuous risk management/continuous monitoring processes

·         Implement a high level approach to iterative risk assessment as part of a consistent and repeatable expertise-driven approach to risk management

Information Technology

JME works with customers to clarify and implement enterprise architectures appropriately aligned with their strategies and goals. Our team provides expertise in the implementation, transformation, organizational design, staffing models, people, business & IT strategy alignment. We bring tools and methodologies for IT talent selection and development, and performance management.

Our current areas of Information Technology support include:

·         Apply Information Technology governance processes, methodologies, and management to key enterprise decision making in support of compliance reporting, concept development and planning

·         Analyze and identify patterns and profiles with across stakeholders and Communities of Interest (COI) to ensure alignment within the IT infrastructure.

·         Provide IT guidance and to ensure compliance.

·         Manage IT governance and processes.

·         Lead the development of strategy, policy, and guidance to meet strategic objectives for sharing of data, information and Information Technology services

·         Develop and maintain a library of Reference Architectures as authoritative sources of architecture information to guide and constrain the instantiations of multiple architectures and solutions.