cscss / enterprise technology + security services

CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE CSCSS

C/ETS:CYBER INTELLIGENCE +ENTERPRISE SOLUTIONS

CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C ETS

CSCSS delivers and leverages its expertise in a variety of ways to help organizations move in the right direction,make the right decisions on security investments, savebudget resources, and show a solid return on investment.

The changing factors in business, security, and costeffectiveness are vital, complex, constantly in play, and must be clear and concise to have any impact. These changes are leading the way for the criticalevaluations and innovative thought leadership that willshape and steer your business SECURELY.

CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUPInformation assurance, risk management, cyber resilience, cybersecurity programs, multi-layer cyber capabilities and technologies

C ETS

Why C/ETS?C/CETS is the IT security industry’s foremost resource for addressing many of the cybersecurity, technology, and business risk issues faced today. As IT infrastructure,security, and operations (IS&O) begin to blend, organizations arelooking to implement solutions that deliver agility, costeffectiveness, and benefits.

CSCSS is a globally-positioned, non-profit cybersecurity and research group. We offer world-class credibility and areuniquely able to provide objective, independent insight onvirtually any area of IT security and risk management. We deliver refined standards-based processes and provenmethodologies that provide the foundation for unbiased,practical, and actionable insight.

Information Assurance (IA)The CSCSS Enterprise Technology + Security Group (C/ETS)focuses on providing information systems assurance andinformation security engineering and architecture services toassist in the design and development of information services,technologies, communications, products, and systems thatensure the certification and accreditation requirements ofrelevant national security authorities are met.

Trending the Future in IA – Cyber StrategyCSCSS, working with its interagency and international partners,leverages the opportunities of cyberspace while working tomitigate the risks. We are focused on respecting and protectingthe privacy, civil liberties, freedom of expression, and innovationthat have made cyberspace an integral part of global prosperityand securitywhile managing the intrinsic uncertainties andvulnerabilities that directly and drastically impact informationassurance, defensive readiness, and national security.

In developing its strategy for cyberspace, CSCSS has focusedprimarily on a number of fundamental aspects of the cyberthreat. These include external threat actors, insider threats,supply chain vulnerabilities, and threats to global internetoperational and economic capabilities.

Our Missionn Manage cyberspace risk through efforts such as increasedtraining, information assurance, greater situationalawareness, workforce education, and creating secure andresilient network environments

n Drive information assurance and security throughConfidentiality, Integrity, and Availability by engaging andleveraging our collaborative partnerships

n Build resilient cyber frameworks and self defenses whilemaintaining an innovative approach to information securitydevelopment

n Work closely with collaborative partners, public-privateindustry, academia, and the security community to rapidlydeliver innovative, resilient, and secure capabilities wherethey are needed the most

We DeliverC/ETS delivers a multi-disciplinary, standards-based approachwith focused, practical industry knowledge into the issuesaffecting your mission-critical decisions and, ultimately, yourbottom line and return on investment.

C/ETS provides services that go beyond simple technology toprovide an innovative, strategic approach to the business ofmanaging information security, information assurance, andessential business processes and assets.

AREAS OF DELIVERYn Information assurance n Security strategic planningn Security: Executive situational awareness briefings n Defining security objectivesn Industry best practicesn Standards deliveryn Security audit/information assurance testingn Security trainingn Security maturity/metrics programs n Baseline security program frameworks n Security GRC management n Security: Program review and recommendations n Security program presentations for senior/executive management

n Documentation (GRC, audit, general security, and project management)

n Custom research, benchmarks, and industry reports

All trademarks or registered trademarks are properties of their respective owners. Copyright © 2013 The Centre for Strategic Cyberspace + Security Science. All rights reserved

Industry Focus Industry focus is fundamental to GICSR’s approach. We providemulti-disciplinary teams of audit, business risk management,security, and technology advisory professionals focused on theneeds of key industry sectors.

Leveraging our global reach, our skills and talents, we deliverindustry-specific services providing real value to our clients. Todo this we invest continuously to build our knowledge base ofthe industries we serve. We bring value by having a systematicunderstanding of key industries.

C/ETSFOCUSES EFFORTS WITHIN INDUSTRY ORGANIZATIONS THROUGH:n Evaluation of organizational security programsn Security research/security trend analysis n Alignment of security programs with business goals and objectives

n Corporate profitability and security:ROSI (Return on Security Investment)

n Development of "lean" security programs n Optimizing security programs n Security best practices and standardsimplementation

n Enhancing security awareness and educationn Developing meaningful security/ maturitymetrics program

n Creating integrated risk management programs

n Discovering and effectively complying with GRC

n Security vendor selection n Defining strategic security plans n Projecting emerging issues in security and security technology

CSCSS Enterprise Technology + Security Group (C/ETS) We work closely with industry clients helping them mitigaterisks and make the solid decisions required in lean operatingenvironments while seizing opportunities for pragmatic changeand return on security, service, and technology investment.Together with CSCSS Defence Intelligence Group, CSCSSCybercrime Intelligence Service and C3i Group, we providemonitoring and analysis activity delivering threat warnings,attack alerts, and bulletins that focus on the prevention of IAsecurity issues.

IA Strategic LeadershipC/ETS provides strategic guidance and leadership in informationassurance. Our experience, expertise, and background insecurity makes it possible for us to deliver independently-focused tactical IA solutions and frameworks that help mitigatesecurity threats and reduce security and business risk.

IA Client and Partner SupportThe IA mission within C/ETS spans industry verticals andsupports clients while leveraging the efforts of our collaborativepartners across government and industry to provide guidance,ensure the availability of IA solutions, and broaden IAknowledge and skills.

C/ETS Core CompetenciesC/ETS has extensive information security architecture andengineering knowledge and experience. We have developedstrong relationships with national security authorities andstandards groups through CSCSS’s collaborative partnerships to assist in product certification and system accreditation.

IN SUPPORT OF FORMAL CERTIFICATION ANDACCREDITATION ACTIVITIES, STIAC INFORMATIONSECURITY ENGINEERS PROVIDE:n Security architecture design, implementation, and review

n Security policy design, implementation, and reviewn Threat risk and vulnerability analysisn Input on security-related test procedures andperformance of high-level penetration testing

n Secure operating system configuration n Security-relevant documentationn Security accreditation plans and securityimpact analysis

n Network and telecom security and cryptographyn Security management/risk managementn Security management practicesn Security architecture and modelsn Development/planning aspects of operational and physical security

n Access control systems and methodologiesn Security-focused application and systems development n Security consultation services (focusing in allknowledge areas of operation as well as businesscontinuity/disaster response planning, law intrusioninvestigation, and ethics)


Business, Industry, and Academic Outreach Providing key leadership and balancing cybersecurity andinformation assurance while protecting and delivering cyberinnovation, critical business entities, intellectual property, andNational Security Systems demands close collaboration betweenpublic-private sector institutions, government, and academia toraise the information assurance “bar”. To do this we will leverageexisting programs within CSCSS such as C3i Group and theCSCSS Defence Intelligence Group (C/DIG), CSCSS CybercrimeIntelligence Service and our collective resources.

Through our collaborative partnerships with governmentagencies, academia, and the public- private sector, our focus andmission advocate improvements in IA education and training, aswell as in cybersecurity awareness and workforce education.

Outreach and inclusion benefits the whole spectrum ofinformation technology. They represent and reflect major focusareas for information assurance and may also provideopportunities to industry for IA research and innovation, as wellas cybersecurity awareness, education, and delivery.

Strategic Vendor Partners Program Our faculty of analysts research hardware, software, and serviceproviders, independently reviewing vendors that provideinnovative technologies to build and manage security services,secure information environments, and risk managementservices. This research provides an unbiased, independentassessment of vendor products, service, and technologydifferentiators and challenges.

CSCSS / ENTERPRISE TECHNOLOGY + SECURITYC ETS


About CSCSSThe Centre for Strategic Cyberspace + Security Science / CSCSSis a multilateral, international not-for-profit organization thatconducts independent cyber-centric research, development,analysis, and training in the areas of cyberspace, defenceintelligence, cyber security, and science while addressing thethreats, trends, and opportunities shaping international securitypolicies and national cyberspace cyber security initiatives.

CSCSS, as a strategic leader in cyberspace, works jointly withkey partners to address, develop, and define cyber technologies, cyber defence force capabilities, information dominance, andconcept operations. We deliver practical recommendations andinnovative solutions and strategies to advance a securecyberspace domain.

Internationally, CSCSS operates in the United Kingdom, Europe,United States, South America, Australia, and Canada.

CSCSS Collaborative PartnersThe Centre for Strategic Cyberspace + Security Science operatesin a collaborative partnership with agencies and organizationsthat share our commitment to the advancement of Cybersecurity,National + International Security, Cyber Education andAwareness, and Cybersecurity Research and Initiatives.

Contact UsFor more information on the C3i Group, the Centre for StrategicCyberspace + Security Science, its programmes or to find outhow we can help you please contact us.

CSCSS / Centre for Strategic Cyberspace + SecurityWashington D.C + 571.451.0312London, United Kingdom +44 2035141784North America +877.436.6746Middle East +855.237.8767Australia +61 2.8003.7553Email [email protected]

CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE CSCSS

CSCSS.org