Our consultants implement security policy and procedures that protect information systems, computer systems and networks. We work to maintain confidentiality, integrity, availability, authentication, and nonrepudiation in line with applicable laws, directives, Executive Orders, policies, national standards, or regulations.
Our consultants conduct Security Control Assessments (SCAs) on your information system, computer system, and network. An SCA will test and evaluate the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly based on the National Institute of Standards and Technology (NIST) and industry best practices. Innovation Leaders, LLC will help determine if the controls are operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Our consultants will conduct penetration testing with your written consent and on agreed terms to strengthen your security posture against malicious hackers, threats to data , personally identifiable information (PII), and privacy. Short phrased as “pen test,“ we will perform a simulated cyber attack against your computer system to check for exploitable vulnerabilities and identify security gaps.
Our consultants will implement the NIST Risk Management Framework (RMF) which is a risk-based approach that integrates security and risk management activities into the system development lifecycle. RMF is a risk-based approach to security control selection and specification that considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. Within the RMF implementation we will work to ensure that NIST Special Publication 800-series is incorporated in each step tailored to your effort, project and organizational goals. We also support assessment and authorization (A&A)/ certification and accreditation (C&A) to ensure your systems get a full Authority to Operate from the Authorizing Official (AO).
Our consultants will work with your stakeholders to identify your organizational requirements and assist and develop information security documentation. The examples of information system security documentation that might be required by your organization include but not limited to the following:
- Information System Contingency Plans (ISCPs)
- System Security Plans (SSPs)
- Notification of Change (NOC)
- Planned Change Comparafive Analysis (PCCAs)
- Privacy Impact Assessments
- Security Categorization Forms
- e-Authentication Risk Assessments
- Security Assessment Results Briefings for executive-level audiences
- Authorization Boundary
Our consultants will help you identify hardware, software and other needed supplies to ensure your organization is reaching optimal performance. We support the armed services, state, local, federal and tribal governments.
