CLIENT STORY

Electrosoft’s experienced team of Cybersecurity and Information Privacy professionals supports the security and privacy efforts of a civilian agency that promotes and protects U.S. economic interests and deals with highly sensitive data including international trade secrets.

PROBLEM

The civilian agency required expert cybersecurity support to protect the agency’s information and information systems from breaches of confidentiality, integrity, availability and privacy that could result in devastating effects on the U.S. economy. The agency uses a mix of hosted and cloud-based services to implement its IT environment.

SOLUTION

Electrosoft is delivering three distinct, yet collaborative, support efforts:

Security Operations Center

The Security Operations Center (SOC) is the operational element of the agency’s security program. The SOC focus is to identify, protect, detect, respond to and recover from all manner of cybersecurity threats. The SOC also deploys, manages and operates various technical security systems and controls on the enterprise network. The SOC provides five major functions:

1. Threat Detection Analysis and Forensics
2. Security Architecture and Special Projects
3. Endpoint Protection
4. Compliance and Vulnerability Management
5. Data Loss Prevention

Information System Security Authorization

Electrosoft assists in the execution of business initiatives. We work closely with information system owners to prepare and update the security documentation necessary to obtain and maintain an Authority to Operate (ATO) for each information system.

Privacy Program Support

Electrosoft creates, assesses and maintains system and organizational privacy documentation including System of Records Notices, Privacy Threshold Assessments (PTAs) and Privacy Impact Assessments (PIAs). Electrosoft’s Information Privacy professionals create and distribute privacy policies for internal- and external-facing efforts. Our team works collaboratively to monitor and resolve issues related to the unauthorized disclosure of Personally Identifiable Information.

RESULTS/BENEFITS

Security Operations Center 

Electrosoft’s strong defensive posture mitigated over 35 million cyberattacks during our first quarter of service. Agency management commended our team for mounting such rapid responses in mitigating two first-quarter cyber incidents.

Information System Security Authorization

Our Information System Security Officers serve as the primary liaison between Assessment and Authorization staff and information system owners (SOs) and technical staff to assure the accuracy of all information system documentation and its ability to satisfy the requirements of the agency’s Chief Information Security Officer and Chief Information Officer. We work with information SOs to update documentation whenever systems undergo major changes in configuration or environment. Electrosoft redesigned several templates to ensure a streamlined, effective document for all the agency to utilize. 

Privacy Program Support

Our Information Privacy professionals assist the agency in the preparation and submission of PTAs, PIAs and System Security Plans for all systems. We’ve finalized and posted PTAs and PIAs for three systems to date; others are in process. By staying abreast of current privacy standards, the agency is better positioned to review and revise policies and practices to align with industry best practices.

Prior to Electrosoft’s engagement, different agency groups handled the privacy function, leading to inconsistency and little accountability. We streamlined the process for PIA/PTA centralization and produced an Artifact Log for Common Controls Catalogue. We not only streamlined the PIA/PTA process but also assisted SOs in identifying relevant and accurate information for final submission and publication. The Electrosoft Privacy Team is now recognized as the point of contact for all privacy-related issues and concerns.