Embed Size (px)
DESCRIPTION
Citation preview
03/14/200903/14/2009 11
SMALL BUSINESS SHOWCASENETWORK SECURITY SERVICES
LLC Small Business Size: SBA Certified 8(a), HUBZone, WO,
SDB Niche Areas: Computer Forensics & Managed Security IRS/Treasury Contracts:
Subcontractor on IRS MITS Cyber Security, Office of the ACIO Prime contractor on IRS Cyber Security Training, Electronic Crimes
Unit Largest award: $415,000
Largest Company Award: Amount: Incrementally funded; currently at $415,000 Customer: Govt: SPAWAR Charleston. Prime: Honeywell
Technology Solutions, Inc.
03/14/200903/14/2009 22
Who We AreWho We Are
SBA Certified 8(a) and HUBZone, Woman-SBA Certified 8(a) and HUBZone, Woman-Owned small businessOwned small business
GSA Schedule 70 Prime ContractorGSA Schedule 70 Prime Contractor Seaport-E Prime ContractorSeaport-E Prime Contractor
Provider of highest level of IT security Provider of highest level of IT security solutions solutions
03/14/200903/14/2009 33
Who We AreWho We Are
Security Team’s QualificationsSecurity Team’s Qualifications Backgrounds in:Backgrounds in:
Law Enforcement/Military IntelligenceLaw Enforcement/Military Intelligence Federal AgenciesFederal Agencies Prestigious Commercial BusinessesPrestigious Commercial Businesses
High levels of education & certificationsHigh levels of education & certifications
03/14/200903/14/2009 44
NSS Founder BackgroundNSS Founder Background Law Enforcement Officer (19 years Law Enforcement Officer (19 years
experience)experience) DetectiveDetective
Computer Crime InvestigationsComputer Crime Investigations Commercial FieldCommercial Field
DCITP, Lead Instructor for Network Investigations DCITP, Lead Instructor for Network Investigations & Intrusions& Intrusions
Ernst & Young, Director of Incident Response, Ernst & Young, Director of Incident Response, National Forensics LabNational Forensics Lab
Fiderus Inc., Director of Incident Response & Fiderus Inc., Director of Incident Response & Penetration TestingPenetration Testing
03/14/200903/14/2009 55
Core CompetenciesCore Competencies
Information Assurance ServicesInformation Assurance Services Managed Enterprise Security ServicesManaged Enterprise Security Services Computer ForensicsComputer Forensics Network InvestigationsNetwork Investigations Computer Forensics TrainingComputer Forensics Training
03/14/200903/14/2009 66
What We OfferWhat We Offer Information Assurance ServicesInformation Assurance Services
Certification and AccreditationCertification and Accreditation Risk & Vulnerability AssessmentsRisk & Vulnerability Assessments Disaster Recovery and Policy DevelopmentDisaster Recovery and Policy Development
Managed Security ServicesManaged Security Services Firewalls/RoutersFirewalls/Routers IDS/IPSIDS/IPS Incident ResponseIncident Response
Computer Forensic Investigative Computer Forensic Investigative ServicesServices
Computer Crime Investigative TrainingComputer Crime Investigative Training
03/14/200903/14/2009 77
Information AssuranceInformation Assurance
03/14/200903/14/2009 88
Information Assurance Information Assurance ServicesServices
Information Assurance (IA)Information Assurance (IA) Certification & Accreditation Certification & Accreditation Vulnerability AssessmentsVulnerability Assessments Penetration TestingPenetration Testing Application TestingApplication Testing
03/14/200903/14/2009 99
C&AC&A
The Federal Information Security The Federal Information Security Management Act (FISMA) Management Act (FISMA)
Compliance with FISMA requires Compliance with FISMA requires expert security analysis and expert security analysis and evaluation skills and a thorough evaluation skills and a thorough understanding of the FISMA understanding of the FISMA requirementsrequirements
03/14/200903/14/2009 1010
C&AC&A NSS Security Experts assist and NSS Security Experts assist and
guide in the compliance of efforts for guide in the compliance of efforts for the following standards:the following standards: FISMAFISMA NIST 800 seriesNIST 800 series FIPS 199,200FIPS 199,200 DITSCAP/DIACAP DITSCAP/DIACAP NIACAP NIACAP HIPAA HIPAA
ST&E Testing of the above standardsST&E Testing of the above standards
03/14/200903/14/2009 1111
C&AC&A
Life Cycle Certification Support Life Cycle Certification Support Definition Definition Verification Verification Validation Validation Post-AccreditationPost-Accreditation
Certification Audit SupportCertification Audit Support
03/14/200903/14/2009 1212
Vulnerability ScanningVulnerability Scanning Checks for known vulnerabilitiesChecks for known vulnerabilities Work closely with customer to Work closely with customer to
identify scope and depth of scanningidentify scope and depth of scanning Generally, systems are checked for Generally, systems are checked for
known exploits and vulnerabilitiesknown exploits and vulnerabilities Work with customer to mitigate and Work with customer to mitigate and
mediate identified risksmediate identified risks Assist in solution development and Assist in solution development and
implementation implementation
03/14/200903/14/2009 1313
Penetration TestingPenetration Testing
In depth probing and testingIn depth probing and testing Exploit unknown or unpublished Exploit unknown or unpublished
vulnerabilitiesvulnerabilities Requires more time and higher Requires more time and higher
skilled people skilled people
03/14/200903/14/2009 1414
Application TestingApplication Testing
Achilles heel of service-oriented Achilles heel of service-oriented architecturearchitecture
Applications are key to leveraging Applications are key to leveraging benefits of information systems benefits of information systems
Create the greatest riskCreate the greatest risk Extensive codeExtensive code Chance of insecure or exploitable Chance of insecure or exploitable
code being created code being created
03/14/200903/14/2009 1515
Managed Enterprise Security Services
03/14/200903/14/2009 1616
Managed Enterprise Security Managed Enterprise Security ServicesServices
FirewallsFirewalls RoutersRouters Intrusion Detection SystemsIntrusion Detection Systems Intrusion Prevention SystemsIntrusion Prevention Systems Incident ResponseIncident Response
03/14/200903/14/2009 1717
Firewalls and RoutersFirewalls and Routers
Monitoring & ComplianceMonitoring & Compliance Log analysisLog analysis Configuration review and assessmentConfiguration review and assessment
Configuration updates and Configuration updates and adjustmentsadjustments
Rule testing and evaluationRule testing and evaluation
03/14/200903/14/2009 1818
Intrusion Detection Systems & Intrusion Detection Systems & Intrusion Prevention SystemsIntrusion Prevention Systems
Manage and monitor IPS/IDSManage and monitor IPS/IDS Monitor network traffic for:Monitor network traffic for: Hostile network activityHostile network activity Ex-fill of sensitive informationEx-fill of sensitive information Policy enforcement and violationPolicy enforcement and violation
PII disclosurePII disclosure Plain TextPlain Text
Respond to alerts (IR) Respond to alerts (IR)
03/14/200903/14/2009 1919
Computer ForensicsComputer Forensics
03/14/200903/14/2009 2020
Computer Forensic ServicesComputer Forensic Services
Mobile ForensicsMobile Forensics Network ForensicsNetwork Forensics Intrusion InvestigationsIntrusion Investigations Incident ResponseIncident Response
03/14/200903/14/2009 21212121
Network ForensicsNetwork Forensics
WiretapsWiretaps Packet analysisPacket analysis Server data acquisitionServer data acquisition Live data collectionLive data collection Data validationData validation
03/14/200903/14/2009 2222
Computer CrimeComputer CrimeInvestigative TrainingInvestigative Training
03/14/200903/14/2009 2323
Multiple Training CoursesMultiple Training Courses
Computer ForensicsComputer Forensics Linux ForensicsLinux Forensics Mobile ForensicsMobile Forensics Network ForensicsNetwork Forensics Intrusion InvestigationsIntrusion Investigations Internet InvestigationsInternet Investigations Wire TapsWire Taps
03/14/200903/14/2009 24242424
Training ClientsTraining Clients DCITP- Defense Computer DCITP- Defense Computer
Investigations Training Program for Investigations Training Program for DoDDoD
Department of StateDepartment of State George Washington UniversityGeorge Washington University Internal Revenue ServiceInternal Revenue Service Regional Computer Forensics GroupRegional Computer Forensics Group Federal Bureau of InvestigationsFederal Bureau of Investigations SOCOMSOCOM
03/14/200903/14/2009 2525
Current ProjectsCurrent Projects
03/14/200903/14/2009 2626
IRSIRS
SPAWAR Systems Center CharlestonSPAWAR Systems Center Charleston Performing ST&EPerforming ST&E Testing:Testing:
FISMA Standards FISMA Standards NIST 800-53, 800-53ANIST 800-53, 800-53A FIPS 199, 200 FIPS 199, 200 Technology: Cisco, Unix, Microsoft, MSSQL Technology: Cisco, Unix, Microsoft, MSSQL
2000, MSSQL 2005, and Oracle 10.1(g) 2000, MSSQL 2005, and Oracle 10.1(g)
03/14/200903/14/2009 2727
Department of NavyDepartment of Navy
SPAWAR - Navy Medicine Enterprise SPAWAR - Navy Medicine Enterprise Security Operations Center Security Operations Center Router and Firewall securityRouter and Firewall security Management and monitoring supportManagement and monitoring support Policy compliance with SOPPolicy compliance with SOP Develop and document operating Develop and document operating
policies and procedurespolicies and procedures
03/14/200903/14/2009 2828
Work ExperienceWork Experience
IRSIRS USDAUSDA Department of NavyDepartment of Navy HQ, FIRST U.S. ARMYHQ, FIRST U.S. ARMY SAICSAIC Commercial BanksCommercial Banks UnionsUnions
03/14/200903/14/2009 29292929
Work ExperienceWork Experience
FBIFBI OIG PhiladelphiaOIG Philadelphia Philadelphia PD IAPhiladelphia PD IA Large Prime ContractorsLarge Prime Contractors Law Firms & Private Investigative FirmsLaw Firms & Private Investigative Firms Commercial BanksCommercial Banks Commercial BusinessesCommercial Businesses
03/14/200903/14/2009 3030
The NSS Security TeamThe NSS Security Team
03/14/200903/14/2009 3131
Certifications & EducationCertifications & Education CFCECFCE CCECCE EnCEEnCE GIAC (SANS)GIAC (SANS) MCSEMCSE CISSPCISSP CCNACCNA CCSPCCSP Security+Security+ CCNP + SecurityCCNP + Security
MA MA Sociology/CriminologySociology/Criminology
MS Information SystemsMS Information Systems
03/14/200903/14/2009 32323232
Expert TestimonyExpert Testimony Certified Expert Computer ForensicsCertified Expert Computer Forensics Certified Expert Mobile ForensicsCertified Expert Mobile Forensics Certified Witness Edged WeaponsCertified Witness Edged Weapons
03/14/200903/14/2009 3333
Customer SatisfactionCustomer Satisfaction
We have had outstanding performance We have had outstanding performance reviews from our customersreviews from our customers
We place appropriately skilled, We place appropriately skilled, technically proficient security engineerstechnically proficient security engineers
We have several teaming opportunities We have several teaming opportunities on large, upcoming projectson large, upcoming projects
03/14/200903/14/2009 3434
Future of NSSFuture of NSS
03/14/200903/14/2009 3535
Upcoming ProjectsUpcoming Projects Support C&A efforts for Marine CorpsSupport C&A efforts for Marine Corps Increase support on Navy Medicine Increase support on Navy Medicine
Enterprise Security Operations CenterEnterprise Security Operations Center Intrusion Prevention/DetectionIntrusion Prevention/Detection Incident ResponseIncident Response Manage Computer Forensics LabManage Computer Forensics Lab Provide computer forensic and Provide computer forensic and
incident response support to incident response support to government SOC/NOCgovernment SOC/NOC
03/14/200903/14/2009 3636
GoalsGoals
Achieve prime contractor statusAchieve prime contractor status Start small and growStart small and grow
Stay up-to-date on certifications and Stay up-to-date on certifications and educationeducation
Continue to provide our customers Continue to provide our customers with with
Quality of Service and Customer Quality of Service and Customer SatisfactionSatisfaction
03/14/200903/14/2009 3737
Why Choose NSSWhy Choose NSS
NNetwork Security is in our name & is what we doetwork Security is in our name & is what we do
SSkilled and Certified Security Engineerskilled and Certified Security Engineers
SStrong Past Performance & Notable trong Past Performance & Notable
ResponsivenessResponsiveness
03/14/200903/14/2009 3838
Our Contact Information
VA office: 2106 Harbor Drive, Greenbackville, VA 23356
SC office: 1156 Bowman Rd, #200, Mt. Pleasant, SC 29464
Phone: 703-319-0411 or 843-416-1196Fax: 866-670-1961
President: (Ms) Alexei HaughomEmail: [email protected]: www.network-securityservices.com
