Cloud and On-Premise Systems
System and Network C&A:
» Initial security assessment
» Post-accreditation maintenance
Security Test and Assessment:
» Vulnerability assessment
» Penetration testing
» Software application certification
» Risk assessment
Malicious Software Management/Analyses
Cybersecurity Assessment, Authorization and Compliance
Telos cybersecurity consultants use their expertise to analyze threats to cloud and on-premise systems based on their likelihood of occurrence. By combining known threats, architectural design, and the probability of occurrence with mitigation and risk transference strategies, we are able to provide a clear representation of an organization's risk posture.
We have performed assessments of complex multi-level secure systems, small, dedicated systems, cloud-based services, and e-commerce systems. Our consultants have assisted the FBI and the Army with a major insider incident investigation and with other security incidents.
Network Security Testing and Evaluation
Telos cybersecurity consultants use their extensive background in networking, systems deployment and support, architecture, and an extensive library of compliance and security test scripts to evaluate and test the security of your network. By using our experience, as well as in-house, commercial and open source tools, and penetration-testing techniques, we can evaluate the security of your system from multiple points of view to ensure that defense-in-depth security strategy is working properly.
Evaluations can be performed from multiple locations within and outside your network to thoroughly understand and explain the threats from each attack point to ensure the best return on investment for security and functionality.
When Telos IT security consultants analyze a system, they perform security assessments of system design, implementation, and configuration; determine the adequacy of security measures; and identify security deficiencies. Our consultants then develop and implement solutions for rectification/mitigation of the vulnerabilities.
We have led large-scale vulnerability assessments and network redesigns and chaired and participated in security working groups; researched, evaluated, and discovered vulnerabilities; and developed technical solutions to resolve them. We can also use our Xacta® IA Manager software to help accelerate vulnerability management and remediation business functions within and across and entire enterprise.
Assessment and Authorization / Compliance and C&A
Leveraging our Xacta® IA Manager software, Telos consultants provide turnkey cybersecurity assessment and authorization (certification and accreditation) support in accordance with the DIACAP, NIST, USGCB/SCAP, and DCID/ICD standards, as well as service- and agency-specific standards.
We have performed C&As on more than 350 systems across the government, and have developed a methodology that significantly reduces life-cycle accreditation costs while improving risk profiles. We have been instrumental in including vulnerability assessment and mitigation suggestions/security safeguard solutions as a portion of an accreditation’s certification efforts to ensure a proactive risk management profile.
In addition to addressing A&A/C&A mandates, Telos' comprehensive standards-based security programs enable organizations to evaluate their security in accordance with the Federal Information Security Management Act (FISMA) and defined in the five-level Security Assessment Framework (SAF). Telos also supports compliance with regulatory requirements in the commercial sector such as GLBA, HIPAA, Sarbanes-Oxley, international standards such as ISO-17799, and industry best practices.
Malicious Code Analysis
Telos has developed automated and manual processes and procedures to ensure consistency and completeness in analyzing software source code for malicious code. We will review software source code to check for Trojan Horses, time and logic bombs, and back doors, as well as software flaws such as inadequate bounds-definition and software race conditions that could allow the software to be exploited.