Hugh and Albert at the Small Business Show for VA in Pittsburgh, PA

Are you as secure as you think that you are?IT Security is in the business of making environments more secure.  As we live in our world today, we are guided to meet compliance of industry specific regulations.  However the Hackers have identified MANY vulnerabilities which expose our environment to issues which are not part of the compliance model. 

This is where IT Security can bridge the cap between Compliance and Security.  We offer complete auditing and assessment services as well as remediation to bring the organization into a better security posture.

IT Security has several offerings for its clients.  All of our services make use of our trained professionals to assist organizations in either becoming more Compliant, more Secure, or Both.  Here are a few of our potential services:

  • Chief Security Officer (CSO) as a Service
  • Penetration Testing - PenTesting
    • Dynamic Analysis - DAST
    • Static Analysis - SAST
    • Vulnerability Assessments
  • Security as a Service
  • Secure CloudSM
  • Incident Response
    • Active Exploits
    • Remediation & Repairs
  • Data Protection
    • Data at Rest
    • Data in Motion

We offer full Professional resources to manage or replace existing security operations.  With more than 30 years of Professional services, we have the experience which is needed to eliminate the Hackers, and minimize the existing issues to promote improved security in your enterprise.

Certificate of Compliance

Does your organization require a Certificate of Testing compliance?  Let our trained and experienced staff prepare your Compliance letter after completing an evaluation of your Software, Web App, or Network Scan.

Most organizations are required to complete a full certification of the applications and network environment annually, or within 30 days after a change in the environment.

While Compliance is not equal to security, it is better to have compliance than not.  Working with our engineers, we can help drive your compliance issues into a better security stance for your organization.  Remember, being compliant is the starting point.  Being secure in today's environment is essential.  We welcome the opportunity to work with your organization with both Compliance and Security.

Risk Assessments

Who would you rather have assess your environment?  Our Risk Specialists, or the people that you are trying to protect your network from?

We are experts at providing agency-specific or National level risk and vulnerability assessments. Our team will also provide risk and vulnerability assessments following the NIST SP 800-26, NIST SP 800-30, NIST SP 800-53, and DoD/DHS Critical Infrastructure Protection (CIP) guidelines. We have developed comprehensive security control assessments for desktops, servers, embedded devices, and mainframes.

Agile Project Management

Agile is the most versatile project management tool in our arsenal.  Using Agile, we are able to deploy Risk Management controls into the SDLC, promote the implementation of Security Controls into the Governance solution.  Or implement BOTH at once!

Our Agile Program Managers have implemented Mature controls into developing software, providing the best implementation and status reports for your project plans.

Need to keep your developers motivated, dedicated or just help to determine the abilities of your team members.

Agile has the abilities, and we have the guidance to help your projects succeed.

Privacy Impact Assessments

Titles II and III of the E-Government Act of 2002 require that agencies evaluate systems that collect personally identifiable information (PII) to determine that the privacy of this information is adequately protected. The mechanism by which agencies perform this assessment is a privacy impact assessment (PIA). In accordance with HHS policy, operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all systems (developmental and operational). Upon completion of each assessment, agencies are required to make PIAs publicly available.