CyberspaCe seCurityProtecting Your Valuable Information

so

lu

tio

n

1

CyberspaCe seCurity solutionsIn our increasingly competitive world, secure, reliable data access is

more urgent than ever. But increased access comes with increased

risk. The proliferation of e-commerce and the growth of the Internet

have been accompanied by dramatic increases in unauthorized

intrusion and network misuse. Federal agencies and businesses

are responding by prioritizing electronic security and creating or

accelerating security technology programs. However, technology

alone cannot prevent cyber attacks — a multifaceted solution that

assures data security without interrupting critical data flow is needed.

Intergraph has the dedicated, certified resources, and experience

to offer you a proven, comprehensive cyberspace security solution

that will help protect your systems, network resources, and mission-

critical data.

2

How secure is your data?Continuing research by the FBI and other law

enforcement agencies confirms that informa-

tion security breaches and computer crimes

continue to rise and the financial toll continues to

mount. Highly publicized breaches of Personally

Identifiable Information (PII), malware intrusions,

and overt cyber attacks, including cyber attacks by

terrorist hackers, are just the tip of the iceberg.

In fact, in 2009 the Identity Theft Resource

Center (ITRC) reported that the business sector

experienced 41 percent of all publicly reported

information security breaches. The number of

reported breaches in the first half of 2008 was

up 69 percent. The Internet Crime Complaint

Center (IC³) stated that from January 1, 2009

through December 31, 2009, its website received

336,655 complaint submissions, a 22.3 percent

increase over 2008’s 275,284 complaint submis-

sions. Financial losses linked to these complaints

exceeded $559 million, more than double the

losses reported in 2008.

In 2005, the highest likely sources of cyber attack

were viruses unleashed by independent hackers

(almost 75 percent) and insider abuse of network

access (almost 50 percent). In 2008, reported virus

infections had declined, but unauthorized access

by outsiders continued to rise, with 2008 levels

four times those of 2000. Whether from a virus

writer in a far-off country or a disgruntled employee

in your own organization, an attack on your

information infrastructure could cost millions in lost

sales, customers, trade secrets, and productivity.

To respond to these alarming trends in cyber

crime, businesses and U.S. government

organizations must develop plans to protect

their information infrastructure from cyber ter-

rorism. Cyberspace security surveys indicate

that performing risk assessments makes an

organization four times more likely to detect

identity theft. Government mandates, such as the

Health Insurance Portability and Accountability

Act (HIPAA) for the healthcare industry, the

Gramm-Leach-Bliley Act (GLBA) for the finan-

cial services industry, and the Department of

Defense Information Assurance Certification and

Accreditation Process (DIACAP), call for minimum

levels of security required to protect the privacy of

consumers and U.S. citizens.

Unfortunately, many organizations don’t know

where to begin, and those that do lack resources,

time, technical expertise, and the required knowl-

edge of information technology and security. With

our strong industry partnerships and our broad

experience in systems integration, development,

testing, training, and networking, Intergraph is

uniquely suited to help you meet your information

assurance (IA) needs.

i/secure life-Cycle iA supportComputer systems and networks face constant

and increasingly sophisticated attempts to

access data, whether from disgruntled employ-

ees, hackers, or domestic and foreign terrorists.

Until recently, most organizations have viewed

network security as a single event or series of

discrete steps taken on demand to counter

known events. However, in the face of increased

threat levels, a more consistent and vigilant

methodology is required.

3

Intergraph’s I/Secure methodology approaches

security as a continuous life cycle of process

improvements. Rather than taking isolated steps,

Intergraph supports local security organizations

in building an integrated, comprehensive process

that is guaranteed to increase security both

immediately and in the future. Intergraph also

provides standalone, focused IA offerings such as

risk and physical security assessments, DIACAP,

or Certifi cate of Networthiness (CoN) certifi ca-

tions and accreditations, policy development and

implementation, and privacy workshops to help

organizations take the steps needed to secure

their valuable information.

risk reviewSince networks frequently add new equipment,

content, and users, you must regularly identify

assets, assign value, and assess liabilities. You

must consider questions such as:

•What data do you possess that is of value to

you and others?

•Who would you consider to be unauthor-

ized users?

•How might these unauthorized users exploit

your systems and networks?

•What are the potential consequences and

costs of a security breach?

•What types of protection will reduce risks to

an acceptable level?

Intergraph helps establish procedures for

conducting investigations and supports you in

assessing threat information, developing priorities,

and working with team leaders to reduce risks.

We review your network and system architecture

and make recommendations for improvements.

a CyCle For seCurity

We offer Cyberspace Security solutions

that meet your precise needs, regardless of

the size of your organization. We approach

cyber security as a life cycle of continuous

improvements to system and network

security including risk review, policy

development, solution implementation,

administrative support, and accreditation.

4

Any organization using Web-based or information

technologies will benefit from our support.

PolicyEvery business and government organization

has policies, procedures, advisories, standards,

mandates, and regulations that address a range

of security issues. Intergraph helps you review

these documents, eliminate redundancy, and

identify requirements for physical security, accept-

able Internet use, messaging, network tools, and

computer viruses. We’ll help you define preven-

tion, monitoring, and reaction procedures and

plan policy education. By assigning responsibili-

ties, you can ensure all policies and advisories are

appropriately incorporated and enforced. Through

continual review, you can simplify the dynamic

policy development process.

implementationSelecting technology tools is no easy task given

the breadth of products available and the evolving

capabilities needed to keep pace with changes in

network speed and technologies. With broad expe-

rience in a wide array of multiplatform products and

systems, Intergraph helps you evaluate available

technologies such as databases, servers, network

devices, intrusion detection systems, Internet

scanners and firewalls, and detection software. We

integrate and implement the infrastructure you need

to meet your precise security needs.

An important step in implementing an IA program

is to create a local response team that can deal

firsthand with system security issues and coor-

dinate with regional or divisional organizations.

Intergraph has extensive experience in estab-

lishing response team capability, with specific

knowledge of how to approach network/system

intrusion response. Intergraph also supports

the implementation of management, response,

mitigation, and reporting processes. We’ll help

you develop monitoring functions and implement

daily, weekly, monthly, and quarterly tasks, as well

as support metrics. With our help, you can bal-

ance your operational and security needs within

realistic budgetary constraints.

AdministrationOnce your security procedures are in place,

Intergraph can support daily on-site administra-

tion to minimize risk. Using our proven systems

engineering methodology, we help you manage

the security process, objectively review results,

and update your procedures and policies. We

conduct training to educate users about accept-

able use, introduce new procedures and policies,

and increase security awareness.

We can also assist your IA officer in enforcing

procedures, conducting incident investigations,

and preparing reports for upper management or

DoD submission. If an incident occurs, we help

you minimize the impact of service disruption

and information theft or loss for quick recovery.

Responding systematically with our solution, you

can dramatically reduce the risk of recurrence.

AuditSuccessful security systems must be tested.

That’s why Intergraph helps you with assessing the

vulnerability of your system through intense penetra-

tion testing using the latest hacking methods. We

participate in certification testing of all information

systems due for accreditation or reaccreditation. We

help you establish accreditation criteria and evalua-

tion/certification processes and maintain a database

of accreditation status and schedules.

5

u.s. army records management and declassification agencyIntergraph currently supports the Records

Management and Declassification Agency (RMDA)

Army Records Information Management System-II

(ARIMS-II) Project with DIACAP package prepara-

tion and sustainment that includes implementing

and validating assigned IA controls. Intergraph’s

Cyber Security team performs validation to check

compliance against required IA controls for a

Classified MAC III system and provides results

to the RMDA. ARIMS-II is designed to provide

enhanced capabilities for authorized users to cre-

ate, maintain, transfer, locate, and retrieve official

Army records, to include tracking documents

stored in Army Records Holding Areas (RHAs)

and in the Army Electronic Archive (AEA). Our

Web-based toolset helps the action officer, records

coordinator, records manager, records holding

area manager, and records administrator ensure

that the Army’s long-term and permanent records

are kept in compliance with the law and that those

records are securely stored and retrievable only by

authorized personnel.

u.s. army corPs of engineersIntergraph has provided support for the U.S.

Army Corps of Engineers (USACE) IA program.

This support includes security risk reviews,

security policy development, audits, DISA

STIG compliance, and DIACAP compliance

and documentation. The USACE Real Estate

Systems National Center (RESNC) Real Estate

Management Information System (REMIS)

application is now certified in the Corps of

Get the Most FroM your budGet

In today’s environment of decreased funding

and increased threat, you need the best

cyber security solution for your dollar. Make

sure to get the most from your budget with

a security process that will last well into the

future. Add Intergraph’s expertise to your

team today.

Proven SolutIonthe following is a list of recent Intergraph

Cyber Security customers in the area of It

Security Assessments:

•Athens Limestone

Hospital

•Lockheed Martin

Svc, Inc.

•Centers for Disease

Control

•Children’s Health

System

•Computer

Associates

•COSMIC

•Cryptek, Inc.

• Intergraph Australia

• Intergraph PPM

•NAVAIR JTDI

•New York City

•Palladia Systems, Inc.

•Publix Employees

FCU

•UAB Health System

•Yuma Proving

Grounds

•EDS - Herndon

• Intergraph Canada

•State of Alabama

•NAVICP-Mech

•Omega

•USA AMCOM

•PEI Electronics,

Inc. (DRS)

•Westar

•William Penn

School District

6

Engineers Enterprise Infrastructure Services

(CEEIS) infrastructure, now known as the Army

Corps of Engineers-Information Technology

(ACE-IT) infrastructure.

ACE-IT provides the data backbone for USACE

offices, supporting 70 division and district loca-

tions and more than 39,000 users, including

USACE, military, contractor, and civilian users.

Intergraph helps identify network and system

vulnerabilities and recommends cost-effective

countermeasures that reduce risk. Our risk

assessment document, summarizing the com-

prehensive assessment we conducted on the

Central and Western Processing Centers, was

used in system certification and the final System

Security Authorization Agreement (SSAA).

Intergraph’s Cyber Security Group also provided

RESNC with IA support for the Homeowners

Assistance Program Management Information

System (HAPMIS) and Real Estate Corporate

Information System (RECIS) applications,

both of which have achieved Certificates of

Networthiness (CON).

The USACE Finance Center Directorate

of Financial Systems Development and

Maintenance, located in Huntsville, Alabama,

also partnered with Intergraph to identify current

and potential threats and existing vulnerabilities.

The Finance Center supports and maintains

the USACE financial data system and serves

approximately 60 locations. Intergraph devel-

oped and performed testing and assisted with

SSAA documentation.

Jtdi ProgramIntergraph provided lead DIACAP support

services for the Joint Technical Data Integration

(JTDI) Program Management Office. The JTDI

System is a Web-enabled primary delivery

management system with backup capability

that automatically delivers updated technical,

supply, and maintenance information to aviation

and ground organizations ashore, afloat, at fixed

bases, and at deployed locations. It is a joint,

multiservice program led by NAVAIR that sup-

ports maintenance elements within the Army,

Navy, Air Force, Marines, and Coast Guard. The

system provides an integrated environment in

which digital technical data, training data, and

maintenance expertise is readily available as

knowledge for the warfighter.

nfsa ProgramIntergraph provides lead DIACAP support and

Information Assurance Vulnerability Management

(IAVM) services for the Joint U.S. Navy and

U.S. Marine Corps NAVAIR Fleet System Array

Application Host System (NFSA). NFSA is a collec-

tion of general-purpose, rack-mounted hardware

components and software applications designed as

a self-contained system that reduces the number of

connections to operational site network backbones.

NFSA provides the hardware and support software

and services for the hosted applications OOMA,

JKCS, AIRSpeed, and ASM. These mission-critical

applications either directly or indirectly support flight

safety, reduce aviation maintenance turnaround

time, increase asset availability and capability, and

maintain the Navy and Marine Corps aviation capa-

bility structure. NFSA operational sites include Navy

ships (CV, CVN, LHA, and LHD), Naval Air Stations,

Navy and Marine Corps aircraft squadrons, MALS

Vans, and selected shore sites.

7

Publix emPloyees federal credit unionIntergraph assessed the vulnerability of the

Publix Employees Federal Credit Union (PEFCU)

headquarters in Lakeland, Florida, focusing

specifically on PEFCU’s compliance with federal

regulations, such as the Gramm-Leach-Bliley Act.

Intergraph identified the risks and implemented a

suite of security solutions to fit PEFCU’s security

requirements. Intergraph also assisted with the

development of a complete set of security policies

and procedures, a security profile, and an internal

security team. Now PEFCU has a blended, multi-

vendor security solution that complies with federal

regulations for information security.

norfolk navy Public works centerThe Norfolk Navy Public Works Center (PWC) is

the first and largest of nine Navy PWCs and

provides facilities management, transportation,

engineering, utilities, and environmental support

to all sites in the Navy’s mid-Atlantic region.

Intergraph conducted a risk and policy assess-

ment that identified and discussed PWC’s existing

IA/security policies and procedures, performed

security tests on all identified systems to ensure

that security features designed into the system

perform exactly as required, and assisted in the

development of SSAA documentation. As a result

of this team effort, Norfolk PWC is well on its way

to ensuring that its systems and the data residing

on them are secure.

I’ve been really impressed by the work done by Intergraph. Their knowledge and professionalism has been refreshing compared to other vendors we’ve worked with in the past. I would definitely recommend Intergraph to other companies seeking to outsource and hope to use them for future projects.

Karen Sullivan, Director of Information Technology Publix Employees Federal Credit Union

“

“There is so much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders, and business partners or report to law enforcement. Incidents are widespread, costly, and commonplace.

Patrice Rapalus, Director Computer Security Institute

“

“

9

about interGraphIntergraph is the leading global provider of engineering and geospatial

software that enables customers to visualize complex data. Businesses

and governments in more than 60 countries rely on Intergraph’s industry-

specific software to organize vast amounts of data into understandable

visual representations and actionable intelligence. Intergraph’s software

and services empower customers to build and operate more efficient

plants and ships, create intelligent maps, and protect critical infrastruc-

ture and millions of people around the world.

Intergraph operates through two divisions: Process, Power & Marine

(PP&M) and Security, Government & Infrastructure (SG&I). Intergraph

PP&M provides enterprise engineering software for the design, constru-

ction, and operation of plants, ships, and offshore facilities. Intergraph

SG&I provides geospatially powered solutions to the defense and

intelligence, public safety and security, government, transportation,

photogrammetry, utilities, and communications industries.

For more information, visit www.intergraph.com.

www.intergraph.com

intergraph and the intergraph logo are registered

trademarks of intergraph Corporation. other

brands and product names are trademarks of

their respective owners. ©2010 intergraph

Corporation. 8/10 DFi-us-0033B-EnG