Expertise

services_strat3

Strategy

Megadata Technology strives to provide exceptional and unparalleled services and solutions that ensure every client receives proven processes and procedures. By providing end-to-end visibility and clearly defined accountability, we  maximize the value of all resources by building trusted partnerships that leverage the strengths of all parties involved.

services_creat3

Creativity

Megadata Technology develops and implements trusted systems for data access, assurance and dissemination 

that utilize advanced technology solutions. MDT’s core services are diverse, but each one provides rapid, trusted 

deliverables to secure your information, your knowledge and ultimately your power.

services_tech3

Technology

Megadata’s agility and utilization of advanced technology, and customized services ensures that your company receives the cyber security, information technology and telecommunication solutions in the required timeframe.

Our Core Services

Cyber Security

Megadata Technology identifies physical, technical and administrative security weaknesses in cyber security programs by utilizing trusted techniques in observation, documentation review, testing and interviews. MDT provides recommendations and mitigations for cyber security guidance compliance that adheres to a common architecture and maximizes the use of conventional/unconventional and security services. MDT’s cyber security services include:

  • HIPAA Compliance
  • Security Programs Assessments & Establishment
  • Physical Security Assessments
  • Risk Assessment & Risk Management
  • Certification & Accreditation (NIST/DoD RMF)
  • Defense-in-Depth Architecture
  • Configuration Management
  • Vulnerability Assessment, Mitigation, & Management
  • Life-Cycle Management
  • Security Testing and Evaluation
  • Security Engineering
  • Incident Detection, Reporting, & Response
  • Disaster Recovery/Business Continuity Plans or COOP
  • Developing security requirements in accordance with Federal and National guidance, to include Best Business Practices (BBP)
  • Cyber Security Awareness Training
  • Rapid Assessments – Independent verification and validation (IV & V) based upon government and industry standards

Security Engineering

Megadata Technology assists in the security hardening of software and hardware in accordance with federal, national, Department of Defense and the best business practices of databases, operating systems, web servers, routers, switches, VoIP and wireless technologies.

Risk Assessment & Mitigation

Megadata Technology conducts risk assessment, analysis mitigation and management for:

  • Risk Assessment
  • Collection of data
  • Identifying existing & non-existing controls
  • Risk analysis
  • Identify vulnerabilities
  • Identify potential undesirable results
  • Associate vulnerabilities with affected assets
  • Identify risk-reducing countermeasures

Assist in the management of mitigation plans for:

  • Identifying the budgetary impact related to the acceptance, avoidance or transfer
  • Assign priority to budgeting, implementation and maintaining countermeasures.

Defense-In-Depth Architecture

Megadata Technology assists in recommending and implementing defense-in-depth architecture solutions for firewalls, encryption, content checking, source authentication, intrusion detection, access control, secure protocols and auditing.

Security Testing & Evaluation:

Megadata Technology provides security testing and evaluation to create comprehensive reports and recommendations that utilizes a range of security auditing tools, including:

  • Retina – SCCVI (Secure Configuration Compliance Validation Initiative) – Network scanner for printers, network devices, workstations, & servers
  • Nessus – ACAS (Assured Compliance Assessment Solution) – Identifies configuration vulnerabilities
  • RSA Archer – vulnerability trend analysis
  • AppDetective – Database scanner for SQL, Sybase, MySQL, Oracle, DB2, and Informix
  • Fortify – Application source-code scanner
  • CA-Examine – Mainframes ACLs (Top Secret, ACF2, and RACF)
  • VMware vCenter Configuration Manager – virtual and physical server environments
  • SCAP (compliance checker) – vulnerability management, measurement, and policy compliance evaluation
  • Web Inspect – Web Servers scanner for multiple web services
  • SQLMap – SQL injections flaws
  • NMap – Port, Protocol and Service Scanner
  • Threat Secutor Prime – FDCC Compliance
  • Host Base Security System (HBSS) – continuous monitor
  • DISA Security Readiness Reviews (SRRs) Scripts
  • Manual checks utilizing DISA Security Technical Implementation Guides & Checklists

Physical Security

Megadata Technology provides trusted assistance for unique physical security measures. These include:

  • Defining the value of data to information owner (What’s most valuable to you?).
  • Defining and assigning physical security requirements based upon federal, national and Department of Defense standards, including best business practices (BBP).
  • Conducting physical security assessment, including collecting data through observation, documentation review, and interviews and identifying existing and non-existing physical controls.
  • Assist in mitigating vulnerabilities by providing risk-reducing countermeasures.
  • Validating already implemented risk-reducing countermeasures.

Risk/Threat/Vulnerability Management

Megadata Technology provides assistance in managing risks, threats and vulnerabilities by developing RTV management systems and uploading and maintaining assets in Vulnerability Management Systems (VMS).

MDT also manages risks, threats and vulnerabilities by ensuring the acknowledgement and compliance of US Cyber Command (USCYBERCOM), Information Assurance Vulnerability Alerts (IAVAs), Communication Tasks Orders (CTOs) and Warning Orders (WARNORD).

Security Policy Management

Megadata Technology develops policies and procedures in accordance with federal, national, Department of Defense and best business practices (BBP) to address:

  • Communication security for emails, VoIP, wireless and VPNs
  • Operation security for laptops, workplaces, telecommuters, backups, incident responses, business continuity/disaster recovery and security classification guides (SCG)
  • Personnel security for privileged users and user usage agreements
  • Training and awareness
  • Physical security for visitors and maintenance

IT Security Audit/Regulatory Compliance

Megadata Technology performs its Cyber Security (CS) operations and support services in accordance with the following overarching governances, policies, guidance, and regulations:

 

National Security Directives

Homeland Security Presidential Directives

Office of Management and Budget Circulars

Federal Information Security Management Act of 2002 (FISMA)

Committee on National Security Systems (CNSS)

NIST Special Publication 800 series

DoD

NSA

 

The processes by which we utilize to gain your compliancy:

 

DoD RMF

FISMA

NIST

Privacy Impact Analysis (PIA)

Privacy Threshold Assessment (PTA)

Sarbanes-Oxley (SOX)

Gramm-Leach-Bliley Act (GLBA)

HIPAA Security

Telecommunication

Megadata can also assist with various telecommunication needs such as:

  • Premise wiring and complete infrastructure design
  • Wireless technology implementation and site surveys
  • Satellite communication engineering
  • Audio/Visual support
  • Earth and Ground station physical security

Compliance

Megadata Technology performs certification and accreditation support in accordance with NIST and DIACAP. MDT’s assessment and authorization are in accordance with:

  • Executive Order 12333
  • P.L. 100-235 (Computer Security Act of 1987)
  • Guide for the Security Certification & Accreditation of Federal Information Systems—NIST SP 800-37
  • National Security Decision Directive 298 (1988)
  • National Security Directive 42 (NSD-42) (July 5, 1990)
  • NSTISSP 11 (January 2000)
  • Executive Order 13231
  • Office of Management and Budget, OMB Circular A-130 (January 28, 2000)
  • E- Government Act of 2002
(Federal Information Security Management Act)

(December 17, 2002)

Assessment and Authorization Process:

  • NIST – 800-53 rev4
  • DoD RMF – DoDI 8510.01

Program/Acquisition Management Support

Megadata retains certified Program Management professionals specializing in:
  • Earn Value Management
  • Risk Management
  • Issue Management
  • Project Management

Eight Security Components

These components represent the core technical foundation for Megadata’s strategic security approach for our clients.

1

Information Security (INFOSEC) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc.)

 

2

Communication Security (COMSEC) is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients. In the United States Department of Defense culture, it is often referred to by the abbreviation COMSEC. The field includes cryptosecurity, transmission security, and physical security of COMSEC equipment.

 

3

Network Security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.

 

4

Operational Security (OPSEC) as a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.

5

Personnel Security is a system of policies and procedures which seek to manage the risk of staff (permanent, temporary or contract staff) exploiting, or intending to exploit, their legitimate access to an organization’s assets or premises for unauthorized purposes.

 

6

Computer Security is information security as applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the Internet.

 

7

Physical Security security measures that are designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks).[1] Physical security involves the use of multiple layers of interdependent systems which include CCTV surveillance, security guards, protective barriers, locks, access control protocols, and many other techniques.

 

8

TEMPEST is a National Security Agency codename referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations.[1] TEMPEST covers both methods to spy upon others and also how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC).[2]