Design & Implementation of a
Security Architecture & Engineering Program
Projects Reviewed Annually
Annual Sustainment Costs
Business Improvement Initiatives
Total Time in Months to Design & Implement
The client requested assistance to develop a program that would ensure due diligence and care, provide Cybersecurity verification and cutting-edge expertise. Although the client possessed Information Assurance, Network Defenses, Information Technology (IT) Operations and Engineering, Disaster Recovery, Governance, among other things; there was no conduit in place that would ensure IT & Cybersecurity Operations were designed properly, effectively, efficiently and synergized.
Context / Action
In response to this multi-faced challenge, we Designed and Implemented a Security Architecture and Engineering Program (People, Processes and Technologies) responsible for ensuring that security was baked into the entire System Development Life Cycle (SDLC). This was an agency-wide program which not only provided vision and value added to the customer but also supported all of its customers as well which included every DoD service component in the Government (Army, Navy, Marines, Air Force, Coast Guard, OSD, WHS, Secretary of Defense, and many others).
In understanding the customer’s business requirements, we were able to research and develop a common Security Architecture & Engineering Framework to assist Security Architects, Engineers and Chief Information Security Officers (CISOs), Authorizing Officials and others, with the best Security Architecture framework to utilize. Some of the frameworks and methodologies that were researched include, but are not limited to, the Department of Defense Architecture Framework (DODAF), Federal Enterprise Architecture (FEA), Joint Architecture Reference Model (JARM), Information Assurance Technical Framework (IATF), ITU X.800, the Information Technology Infrastructure Library (ITIL), Sherwood Applied Business Security Architecture (SABSA), and The Open Group Architecture Framework (TOGAF). From that research, we were able to identify a combined Security Architecture framework that the business can utilize every day.
Leveraging NSA’s Security Engineering and Industry’s Security Architecture Frameworks (SABSA, TOGAF and ITU X.800) all Information Technology (IT) and Cybersecurity projects were tracked throughout the SDLC to ensure that DoD Instructions, Directions, Policy, Regulations, Guides, and other security requirements were met from inception of a project through integration and operations. Ultimately, we utilized the program to integrate “toll gates” into all major IT & Cybersecurity Operations of the business (Configuration Change, Governance, Requirements, Engineering, Chief Technology Officer, Acquisition, Finance, Enterprise Management, Certification & Accreditation, and other Agency-Wide processes and boards). By integrating these “toll gates” were able to provide that due diligence and care, Cybersecurity verification and cutting-edge expertise that the customer needed.
Finally, part of the initial standup of the program, a complete Security Architecture Assessment of the Business was recommended. The Security Architecture Assessment provided the knowledge to understand the Business and Enterprise Architecture Design & Operations. With this knowledge, we were able to develop an As-Is and To-Be Security Architecture document which leveraged the ITU X.800, Security Architecture for Open Systems Interconnection framework, to document the existing IT and Business Architecture, identify gaps and recommendations for the new To-Be Security Architecture. This document was leveraged as a Cybersecurity roadmap and driver for strategy for the organization and its customers. It also assisted in allocating budget within the Cyber domain.
Are You A Government Contracting Company?
We are a Minority and Veteran-Owned Small Business. And we are always happy to take on Joint Venture Partnerships with other Government Contracting Companies. Let's Talk!
Are You A Government Civilian or Military Leader?
As a former Government, GS-15, Civilian, United States Marine and Pentagon's Security Architect. I understand the struggles of protecting Web Applications within vast Enterprise Architectures. Let's Talk!
3 Steps to Better Protections, Better Solutions & Better Sleep
Schedule A Call
If you have a Government Web Application (Websites) that you NEED protecting then schedule a call. It is Free and in place so that we can better understand your mission and goals.
Get Your Plan
During your call, we will talk about your current situation, your desired situation, and weather or not we are a good fit to work together or not. And if we do work together then we will tell you how we can best protect your web application.
Protect Your Mission
Move forward with your mission and sleep easy by knowing that light will soon illuminate your Cyber world!