Security Services

IT Security - A Business Imperative

You demand that your information technology system be secure and failsafe. ARC has the IT backbone and system support to ensure a level of security and security services that keep your data safe at all times.

From secure initial build-out, to constant monitoring and regular system reviews, ARC IT professionals keep your system safe and secure even in the most extreme situations.

Security services include Certification and Accreditation, incident response support, security assessment and consulting, vulnerability testing and assessment.

You can rely on ARC IT for exceptional IT security services.

Certification & Accreditation (C&A)

ARC facilitates all activities needed to certify and accredit your IT infrastructure or application. C&A activities include:

• Performing risk assessment
• Determining and documenting FIPS 199 system categorization
• Evaluating baseline security requirements
• Documenting security plans
• Conducting Security Test and Evaluation (ST&E)
• Recommending corrective actions for any deficiencies/weaknesses
• Drafting plans of action & milestones (POA&M)
• Compiling the final C&A package

C&As are in compliance with NIST and OMB guidance/requirements.

Incident Response Support

ARC professionals support your systems with advice, troubleshooting, and assistance for incidents on individual workstations or entire networks. Incident response services include the following:

• Virus handling
• Forensic analysis of incident
• Response action recommendations
• Future prevention recommendations
• Development of incident response procedures
• Development of Computer Security Incident Response Capability (CSIRC)

Security Assessment and Consulting

Call on ARC IT Professionals for in-depth security assessments and consulting services, including the following:

• Initial on-site review and assessment of your security program to determine C&A effort
• Performance of all security-related tasks and activities to assess the current state of information security programs and information systems according to federal regulations, laws, and NIST standards including the review of security policies, processes, procedures, documentation, previous audits, and interviews of personnel involved in the management and operation of information systems; a full assessment report is prepared at the conclusion of the security review
• Assistance with compiling FISMA reports, as well as help with getting security programs into FISMA compliance
• Development of security documentation (e.g., security plan, contingency plan, business impact assessment, configuration management plan, etc.)
• Continuous monitoring activities such as development of a continuous monitoring plan, review and update of security documentation, security controls testing, etc.
• Critical Infrastructure Interdependency Analysis
• Architecture Review

Vulnerability Testing and Assessment

ARC technicians are constantly educated and up-to-date on specialized testing that identifies vulnerabilities in databases, networks, wireless networks, websites, applications, servers, and workstations. We can give your agency an objective assessment of its vulnerability and associated risk based on the existing controls, probability of occurrence, and impact to the confidentiality, integrity, and availability of the organization's information/system. Testing services include the following:

• Application Testing
• Database Testing
• Website/Application Testing
• Router Configuration Review
• Firewall Configuration Review and Testing
• Network Testing
• Server Testing
• Workstation Testing
• Wireless Testing
• Public Branch Exchange Testing (War Dialing)
• Perimeter Testing
• Information review of organization's publicly available data (e-mail, infrastructure, domain names, blogs, newsgroups, etc.)
• Penetration Testing

Service Availability

Hours of availability for security analysts are negotiated on a per-client basis.

Key Metrics

• Customer satisfaction

Major Cost Drivers

• System/infrastructure complexity

Learn About:

IT Service Desk Measures | Application Development