Information Security and Assurance

Through its Global Security and Assurance (GSAS) practice, GAITS provides a comprehensive range of Information Assurance services to assist our clients in assuring the Integrity, Availability and Confidentiality of their information. We assess and mitigate internal and external cyber-security threats, and provide best practices to optimize and integrate cyber security solutions throughout our customers' enterprise architecture and infrastructure.

We firmly believe standardization is the best approach in optimizing all Information Technology related practices, and to this end we have pursued and achieved SEI-CMMI, ISO 9001:2000, ISO 20000-1:2005 certifications, and we have also initiated the process to achieve ISO 27000 certification (Information Assurance ISO standard).

Our Information Assurance service offerings include solutions for IT networks and systems to ensure their confidentiality, integrity and availability, and we conduct enterprise information assurance and cyber security assessments and audits to determine compliance with security guidelines and potential intrusion risks and vulnerability. We also develop, deploy and maintain information security and business continuity plans, policies and procedures, including disaster recovery plans, and provide raining, certification and regulatory compliance services.

Our GSAS practice provides services the cover the entire spectrum of Information Security and Assurance. Specifically, our service offering cover the following domains:

• Systems Inventory
  • We implement standardized and repeatable lifecycle processes for defining, identifying and inventorying the systems architecture and perform configuration management to improve the security of data collection tools
  • We work in partnership with customers to develop a target security architecture and measure its operation and migration
  • We leverage GAITS Standardized Information Assurance Model (SIAM) to manage the migration of security architectures with automated inventory and asset control tools such as CA's Unicenter, NetEISS and vulnerability assessment tools such as Foundstone and eEye Retina
  • Our Information Assurance experts follow all inventory and categorization federal standards
  • We Comply with FIPS 199, NIST SP 800-60, SP 800-53(A), 800-30, 800-37, FIPS 200, and DITSCAP/DIACAP publications to conduct system inventory and categorization activities
• Risk Management and Threat Analysis
  • We strive to achieve and deliver security architectures with low residual risk and with increased capabilities for improved threat warning, pattern recognition, trend identification, and behavior analysis. Our Information Assurance engagements result in delivering systems that promptly identify external/internal malicious behavior and potential data loss, and leverage our established security processes, procedures and guidelines to mitigate any and all possible respective threats.
  • We are currently providing information assurance services to the Department of Defense (DoD)
  • We leverage our standardized enterprise-wide approach to security operations, and handling and management of computer security incidents
  • We develop security architectures that centralize security services and their management
• Privacy Management
  • We protect sensitive and personal information against unlawful disclosure, meeting requirements of federal privacy laws (Privacy Act of 1974, e-Government Act of 2002, and OMB 06-16)
  • We provide end-to-end solutions that ensure confidentiality and integrity of data, availability of information and systems, and user accountability
  • We draw from our experience in providing Privacy Impact Assessments (PIAs) and System of Record Notification (SORNs)
• Certification and Accreditation (FISMA and DITSCAP/DIACAP)
  • We apply GAITS team mature processes, discipline and hands-on "know how" to execute C&A efforts (DITSCAP/DIACAP, NIACAP, NIST (800-53, 800-37))
  • We have prepared and maintained over 500 System Security Authorization Agreements (SSAA)
  • We provide security planning, C&A process development to ensure that management understands and can make informed operational and policy compliance risk decisions
  • We develop and review security policies and procedures
  • We perform security testing and evaluations (ST&E)
  • We define accreditation boundaries
  • We evaluate management, operational, and technical controls
  • We create and track Plans of Actions and Milestones (POA&Ms)
• Regulatory Review and Guidance
  • We apply a consistent and solid review methodology together with expert guidance to evaluate, monitor and report on the effectiveness and compliance of its IT controls and services to ensure regulatory compliance
  • We assist in the development in regulatory reviews and impact assessments, in addition to policies, procedures, guidelines and standards
  • We support work group representation on regulatory compliance
  • We identify, coordinate, and manage waivers and exceptions required to ensure compliance with regulations such as FISMA, HSPD-12, HIPAA, Sarbanes-Oxley (SOX), and OMB-130
• Lifecycle Support of Security Technologies
  • We provide research, assessment, concept development, architecture development, engineering, and operational support for operational security technologies and emerging tools while mitigating and lowering risk to current systems
  • We support piloting and testing of emerging technologies
  • We research and assess emerging security technologies to reduce mission implementation risk
  • We support security designs to evaluate and infuse new products and solutions into the targeted security architecture
  • We provide network emulation software to configure a test environment

GAITS Information Assurance Governance
Constantine Gikas PMP, CISSP
Vice President GAITS Global Security Assurance Solutions

• 20 years of professional experience in information technology, security program management, worldwide deployment of information technology, and information assurance. Management of large-scale (26M to 700M) Federal information technology programs (managing the secure deployment and operation of advanced information systems in Asia, Africa and Europe, and the delivery of Information Assurance (IA) services to Federal Agencies coordinating Certification and Accreditation activities, Vulnerability Assessments and Risk Mitigation initiatives)

Contact Information:
GAITS Corp.
85 South Bragg Street
4th Floor
Alexandria, VA 22312

Email: cgikas@gaits.com
Phone: 703-386-6926