MCGlobalTech Enterprise Risk Management Program
Download as PPTX, PDF1 like607 views
MCGlobalTech is a minority-owned small business providing advisory and security consulting services to align technology and security programs with organizational goals. Their core competencies include information assurance, vulnerability management, and security risk management, supported by their Enterprise Security Risk Management framework. The company has experience serving federal and commercial clients, offering a range of services including security testing, documentation, and continuous monitoring to meet regulatory requirements.
MCGlobalTech Enterprise Risk Management Program
- 1. Mission Critical Global Technology Group Enterprise Security Risk Management (ESRM)
- 2. About Us MCGlobalTech – Mission Critical Global Technology Group (MCGlobalTech) is a minority owned, small business founded by industry leaders to provide strategic advisory and security consulting services to public and private sector business managers to better align technology and security programs with organizational mission and business goals. – The Principals at MCGlobalTech have been providing Information Security services to the Federal Government and the private sector for over 25 years
- 3. Our Values At MCGlobalTech, we believe that strong values create long term relationships with our customers, employees, partners and the communities we serve. At the heart of everything we do, our corporate values are: – Providing customer satisfaction – Delivering innovative solutions – Empowering staff for success – Promoting Entrepreneurial spirit – Maintaining technical excellence Staff Skills Success
- 4. What we offer MCGlobalTech is able to provide our customers with innovative, mission-critical solutions in a broad variety of technologies. We consider the following our core competencies: – Information Assurance (Security Authorization) – Vulnerability Management – Security Risk Management – Security Engineering – Penetration Testing – Network Security
- 5. Enterprise Security Risk Management Our framework for providing our security services is encompassed in our Enterprise Security Risk Management solution (ESRM). The ESRM framework provides full life-cycle security support to ensure that federal agencies and commercial customers meet their regulatory and business security requirements.
- 6. ESRM Full Life-Cycle Security Security Requirements Definition Security Design and Engineering Security Test, Validation and Reporting Security Documentation and Response
- 7. ESRM Full Life-Cycle Security Security Requirements Definition – This phase of the life cycle defines the security management, operational and technical requirements for the system. – The MCGlobalTech engineers will define the requirements of the system in accordance with the applicable government or commercial regulation (FISMA, ISO, CoBit, etc.). This is the foundation of the system and it will impact its design, hardware, software, performance, security and reliability.
- 8. ESRM Full Life-Cycle Security Security Design and Engineering – Focusing on the security aspects in the design, the system must be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. – The MCGlobalTech engineers will provide security support to include security architecture design, security control identification and implementation and security risk analysis and assessment.
- 9. ESRM Full Life-Cycle Security Security Test, Validation and Reporting – MCGlobalTech offers a full range of system testing to include security controls testing, application testing, vulnerability testing and penetration testing. These test are performed in accordance with government or commercial regulations and guidelines. – MCGlobalTech also offers Independent Validation and Verification (IV&V) testing to ensure that the system meets the defined security requirements.
- 10. ESRM Full Life-Cycle Security Security Documentation and Response – During the operational phase of the system the MCGlobalTech consultants will create and/or finalize the system security documentation to include security design, security plans, risk assessments, etc. – MCGlobalTech can provide support for forensic analysis and incident response in cases of system breach. MCGlobaltech can also implement its Security Continuous Monitoring program to ensure system confidentiality, reliability and security.
- 11. Security Continuous Monitoring Our primary service offering within ESRM is our Security Continuous Monitoring (SCM) program. MCGlobalTech’s SCM program is designed to help federal agencies and commercial clients meet existing government regulations, respond to both internal and external audits and existing and new security threats and vulnerabilities. SCM Internal & External Audits Federal Guidelines and Directives Threats and Vulnerabilities
- 12. Security Continuous Monitoring The SCM program is designed to review the security of an organization’s IT infrastructure on a recurring basis. The program is intended to measure an organization’s security posture over time. This will allow management to understand whether the security of the network is improving or declining and determine what areas to focus available resources. Baseline Assessment Monthly/Quarterly Checks Full Assessment Malicious Code Hackers
- 13. Security Continuous Monitoring SCM Compliance Scope Maintain security documentation Perform vulnerability assessment Perform security controls testing Enforce policy through internal reporting Track and update system weaknesses Educate and train users and system administrators Monitor changes throughout environment
- 14. Security Continuous Monitoring SCM Compliance Schedule Enterprise Compliance Schedule Monthly Conduct Security Controls Testing Ensure Patch Management Compliance Update Policies and Procedures Findings tracking and reporting Quarterly Policy compliance auditing Incremental Vulnerability Assessments POA&M updating and reporting Annually/ Continuous System Security Plan & Risk Assessment Update Perform Penetration Testing Providing Information Security Training Monitor Changes throughout the Environment
- 15. Past Performance MCGlobalTech’s Principals have worked for and with large contracting and consulting firms. They have provided security expertise throughout the federal government including the Department of Defense, Intelligence and Federal Civilian Agencies. They have also provided security services to large financial, healthcare and various commercial organizations throughout the country. A list of federal and commercial clients along with the specific security services performed is listed in the following tables.
- 16. Past Performance (Federal) Clients Information Assurance Vulnerability Management Security Risk Management Security Engineering Penetration Testing Network Security DHS ● ● ● ● ● ● DOL ● ● ● ● IRS ● ● ● ● NASA ● ● ● DOT ● ● ● DOD ● ● ● ● ● FBI ● ● VA ● ● USAID ● ● ●
- 17. Past Performance (Commercial) Clients Security Program Management Security Risk Management Security Engineering Penetration Testing Vulnerability Management FISERV ● ● ● ● Verisign ● ● CarMax ● ● Freddie Mac ● Booz Allen ● ● ● ● ● Hawaiian Healthcare ● ● Bancroft ● ● Lydall ● ● IBM ● ● Walgreens ● ●
- 18. Contact Us Mission Critical Global Technology Group 1325 G Street, NW Suite 500 Washington, District of Columbia 20005 Phone: 202.355.9448 Email: Info@mcglobaltech.com Eugene E. Dorns Morris Cody Managing Principal Managing Principal edorns@mcglobaltech.com mcody@mcglobaltech.com (202) 355-9448 x102 (202) 355-9448 x100 (703) 868-1873 (cell) (302) 740-2022 (cell)