|
Today, almost
all computer/communications systems require some
form of security; privacy and integrity issues will
become more important as we move into the realm of
electronic commerce. Security mechanisms and
procedures can be expensive - it is critical to
analyze security requirements to ensure maximum
protection at the lowest possible cost. To determine
how much security you may need, CSC's experts may
perform a threat analysis to examine potential risks
such as hacking (computer break-ins), phreaking
(phone break-ins), fraud (access by unauthorized
user), abuse (unauthorized access by authorized
user), and a range of other risks. The likelihood of
the risk and the amount of damage that may occur
drives the recommended security mechanisms.
Within any computer/communications system, there
are many security needs. The integrity of the
operating system must be ensured and users must be
authenticated (i.e., their identities must be
verified). User authority (i.e., their ability to
access resources) must be checked while the
integrity of data base systems must be guaranteed.
Data privacy must be ensured and the system must be
auditable (i.e., security events must be tracked).
Security controls are implemented through mechanisms
such as identity cards, voice/thumb/hand print
recognition, retinal scanning, logon IDs, passwords,
digital signatures, access controls, public/secret
keys, timeouts/lockouts, checksums, audit logs, and
more.
Physical security ensures protection and control
of resources. Physical security includes facility
security system/monitoring, cameras, security
personnel, building access controls; management of
personnel clearance records, and oversight of secure
areas. Operational security includes handling of
classified materials, personnel clearance
processing, classified visit certification, and
maintenance of classified files for all contracts
with security requirements. We know the security
business; in fact, our Chantilly, Va., facility
received the prestigious James S. Cogswell
Outstanding Industrial
Security Achievement Award for exceptional
awareness of security responsibilities.
For more information, please
contact
Kumait Jawdat,
Business Development.
What We Offer
|| Success Stories
Security Planning and Analysis
Our experts believe that computer/communications
systems require a security plan. The plan should
include assessments of the likelihood of each
threat, the amount of damage that may occur as a
result of the threat, procedures to mitigate and
prevent each threat, and procedures to report and
respond when a threat incidence occurs. When a
system is large, targeted by many threats, or has
the potential to be severely damaged by a threat, a
security expert should develop this plan. Each
system should be carefully analyzed to ensure that
people, stored data, and communications capabilities
are safeguarded.
Computer/Communications System Security
CSC's experience with
computer/communications system security
includes: security analysis, design, development,
integration, installation,
operation, and evaluation. Our work with both
mainframe and client-server systems has prevented
and mitigated many types of threats. System security
solutions developed by CSC have enabled
customers to lock the door on such sensitive
information as medical records, corporate databases,
command and control information, and government
information. We have developed systems combining
access controls, data encryption, and multiple
levels of security. These systems include a range of
technologies from ATM (where cell payloads are
encrypted) to high-assurance certificate authority
infrastructures where public key cryptographic
solutions ensure privacy, authentication, and data
integrity for electronic commerce and other
network-based transactions.
Security Awareness
CSC has promoted security awareness via
training, incidence reporting, contingency planning,
privacy declarations, and formal certifications for
sensitive systems. Our internal security newsletters
dispel myths, explain potential threats, and discuss
what happens to those who are caught giving away
secrets either maliciously or inadvertently. Our
contingency and disaster recovery plans describe the
steps needed to protect our business before and
after a catastrophic event. We can help you
implement similar plans.
CSC is well-known for its work in command, control,
computers, communications, and intelligence (C4I).
We have performed quantitative risk analyses,
written security policies/practices, and developed
secure information systems for the Defense
Information Systems Agency (DISA), Office of the
Secretary of Defense, and the National Security
Agency. We have worked with these agencies and other
Government agencies to develop privacy policies,
practices, and solutions for large sensitive
systems.
The Defense Red Switched Network (DRSN) is the
primary secure, command and control voice system for
the
Department of Defense; it links the Joint Chiefs
of Staff (JCS), warfighting commands, and the
National Command Authority (NCA). CSC is
helping DISA transition to a robust voice and data
network with extensive network management
capabilities. CSC provided design and
implementation planning support, and developed
policy and procedures for the operation, maintenance
and network management of the DRSN. CSC
designed, built, implemented, and operates the
Advanced RED DRSN Integrated Management Support
System (ARDIMSS). The ARDIMSS is used to monitor
network performance and to collect and analyze
faults for quality improvement. CSC's
extensive experience with
secure communications systems has enabled DISA
to implement a premier command and control network
supporting worldwide secure conferencing
capabilities. |
