(703) 655-6937

Security Assurance Delivered

Consulting Services

Security Strategy and Policy Development

Security is as much about policies and procedures, as it is about specific technologies.  CCG works closely with customers, on an individual basis, and relies on its expertise in industry forecasting and integration to establish policies and procedures based on industry/client needs and to develop customized solutions.

Starting from a position of knowledge, strength and direction is essential for implementing the right technologies, and we place great value in creating a solid security framework on which to base technology acquisition decisions.

That initial policy guideline will encompass best practices and governance frameworks, including CoBIT, ITIL, COSO, NIST, and ISO 27001, for mapping out the requirements for compliance. This strategy allows us to start from a position of knowledge and strength, so that the overall IT security and governance framework can be established correctly and adequately maintained.

Most important to us when considering the policies and procedures for your organization are:

  • Compliance: Our strength is in helping you maintain compliance, so it is important to us to develop auditable policies and procedures.
  • Sustainable Development: Cost effective customization of policies and procedures allows you to implement a security program that incorporates industry best practices without hindering your business objectives.
  • End-to-end approach: The experienced professionals at CCG pay attention to every detail from policy creation to implementation, make sure every potential variation is attended to, and that the policy framework is continuously revised to adhere to new challenges.

Your actual security implementation is driven by a prescribed set of policies and procedures set into your organizational foundation.  A consultation can better help you understand the fundamental need for policies and procedures and how having a strong foundation will lead to greater innovation as you move forward. An analysis from CCG will ensure that you are up to date with industry standards as well as the latest state-of-the-art information security technologies.  In so doing, CCG will help create a sustainable security and compliance environment that can better respond to changes as they happen.

 

Risk Management

An effective approach to risk management starts with a threat assessment, a vulnerability assessment, and a criticality assessment.  Using industry-standard risk management frameworks, along with the NIST Special Publication 800-37, CCG will forge an effective risk management approach that will guide your information security decision-making process.  Starting with a personal consultation to determine firsthand the potential vulnerabilities within your organization, CCG will create a customized plan regarding threat elimination, tailored and implemented based on the needs and specifications of the customer.  Our knowledge of risk management, combined with our expertise within a wide range of environments (Federal Government and Financial Services) helps us produce effective risk analysis, management and mitigation strategies.

 

Security Assessments

The CCG security assessment methodology was developed based on years of experience in assessing security controls. Our flexible methodology support efforts of any size or complexity, and can accommodate the latest tools and technology present in the marketplace today.

 

Security Compliance

Our consultants at CCG have extensive experience in security compliance within the Federal Government and financial services sectors. Whether your organization needs to meet FISMA, FedRAMP, SOX or GLBA/FFIEC regulatory requirements, our highly-trained consultants are experts at mapping your requirements with all frameworks to include COSO, CoBIT, NIST, ISO 27001, and ITIL. We specialize in implementing IT governance, risk and compliance solutions for mid to large organizations.

 

IT Audit and Assurance

At CCG, our IT auditors independently and objectively assess the controls, reliability and integrity of an organization’s IT environment. Our independent audit results in better maintenance, as well as improved efficiency of the IT risk management, internal control, and corporate governance areas.

 

Security Assessment and Authorization (SA&A)

The Federal Government’s assessment and authorization process can be very cumbersome. At CCG, we work with SA&A experts to streamline the process. Over the years, we have developed a sustainable process that can be easily adapted to any Federal Government or Department of Defense agency.  Our primary focus is on providing a highly-automated approach that focuses on continuous monitoring after the system has been authorized.

 

Vulnerability Scanning and Penetration Testing

CCG has a team of vulnerability assessment experts that can assist any organization in identifying weaknesses that may be exploited and suggests options to eliminate or mitigate those weaknesses.  We utilize an automated toolset as well as manual reviews to assess vulnerabilities in web applications, operating systems, networking devices and databases.

To learn more about how CCG can help you, click here.