Cyber Security

AMG understands that security threats and vulnerabilities continue to evolve across enterprise data, applications, operations, networks, and personnel. To manage and maintain an effective security posture, all customer management, operational, and technical security controls whether employed within, or inherited, must be included to identify the underlying challenges associated with weaknesses or deficiencies and to pinpoint and address identified vulnerabilities. Our seasoned professionals take an all-inclusive approach when performing security assessments, scanning and analysis activities, and life-cycle management services to optimize overall effectiveness.

Our Cyber Security service offerings include:

  • Technical Reference Model (TRM) & Vulnerability Assessment

    • Manage Technical Reference Model (TRM) development and maintenance to support enterprise-wide hardware and software, as well as support business and infrastructure applications and services

    • Conduct Products List Assessment Task (PLAT) analysis and cyber security breach vulnerability assessments across Enterprise TRM

    • Establish best practices for evaluating security compliance for non standard products in the TRM such as mobile applications and open source

  • Application Scanning and Analytics

    • Leverage best of breed Cyber Security tools such as Nessus, Splunk, Fortify, ArcSight CyberArk, SailPoint and McAfee to validate systems and applications against security requirements and identify potential risks and vulnerabilities.

    • Leverage tools such as Kryptowire to analyze mobile applications against security requirements and priorities

    • Support discovery and audit solutions to help organizations identify security risks by scanning and analyzing privileged accounts across their networks

  • Life-cycle Security Management

    • Provide security advisory and cyber security best practices to integrate key security design principles, review of new systems, software, networks for potential security risks; updates to security plans

    • Ensure enterprise and system level compliance to industry standards such as NIST, FISMA, FIPS, NIACAP, DIACAP, DHS 4300 as well as other agency level security requirements. This also includes Presidential mandates and federal cyber security initiatives and alerts

    • Provide end to end life-cycle security program support to include the development and updates to security plans, security gate reviews and Authority to Operate (ATO) requirements, POA&M management, readiness assessments, maintaining system authorization status and continuous monitoring