Identity Credential & Access Management
As Information Technology (IT) continues to increase in complexity, many organizations struggle with the management of identities and associated access along with with an overabundance of application-specific user accounts and access controls. This problem is further complicated by today’s mix of cloud applications, legacy applications, mobile workforce and the need to access critical information anywhere, and anytime.
External threats such as malware, phishing, and social engineering create an environment where proper selection of Identity and Access Management solutions is critical. Organizations are now working to establish unified, robust, and enterprise-wide user authorization and authentication frameworks to enable streamlined access without compromising the security that more sensitive applications and data demand.
Alcor helps our customers deploy Identity and Access Management solutions that result in significant secure, operational and business process improvement. Our full lifecycle Identity, Credential and Access Management (ICAM) practice is focused on solving difficult enterprise issues associated with user registration, credentialing, authentication, and authorization to physical and logical assets. Our services include:
• Strategic Planning and Program Management: Effective ICAM solutions demonstrate a balance between usability and security. We leverage our full lifecycle understanding of ICAM to support a collaborative benchmarking process that provides our clients with insight into numerous other organizations that share similar challenges. Our subject matter experts bring extensive experience with federal ICAM policy, guidelines, and technical standards. We have conducted in-depth analyses of these standards to support client efforts to develop compliant, cutting edge solutions that maximize user adoption. This includes:
• ICAM Policy Analysis and Development.
• ICAM Technology and Implementation Analysis.
• ICAM Strategy and Implementation Roadmap.
• ICAM Governance and Oversight.
• Program Management.
• System Architecture, Design, and Integration—Vital components of the design process are a practical concept of operations and realistic cost model to enable program decision makers to understand the core functional elements and forecast anticipated costs of the program. This includes:
• Concept of Operations (ConOps).
• Operational Lifecycle Cost Model.
• ICAM / Federated Identity Architecture.
• Registration and Credentialing Workflow Development.
• System component design and integration.
• Process and Application Enablement—Enabling process and applications for ICAM services requires that stakeholders define the business need, identify critical requirements, and develop comprehensive use case scenarios for “as-is” and “to-be” processes. Our team’s comprehensive understanding of the technologies that enable these services ensures that our customers achieve their goals for increased efficiency and productivity. This includes:
• PIV-Enabled Network Logon.
• Single Sign-On (SSO).
• Digital Signature, Encryption and Timestamp.
Risk Management and Compliance
Alcor’s Risk Management and Compliance services addresses the essential elements of cybersecurity, from strategy, governance, and enterprise risk management to security controls, architecture, implementation, and management.
Cybersecurity Risk Quantification:
• Enables enterprise risk management through the quantification of your cybersecurity risk or exposure that provides the insight necessary to articulate your cyber risk appetite, make risk-informed investment decisions, and illuminate risk transfer needs and options.
• Leverages strategic and financial company information to model your cyber operating environment and generate a dashboard view of the “Cyber Value-at-Risk” – the probability of breach, average and severe breach costs, and the top cybersecurity weaknesses.
• Based on data collected from an Enterprise-wide Cybersecurity Program Assessment and additional pertinent organizational information, such as enterprise and business unit revenue and business value of significant IT assets from the CISO and CIO point of view.
Security Technical Controls Review:
• Methodical review of your cybersecurity technical controls environment. • Assesses the enterprise cybersecurity architecture and technical controls for:
• How well the controls implement policy.
• How effectively they support the risk appetite.
• How effectively they meet compliance requirements.
• Applies technical tools to evaluate the operational effectiveness of security controls.
• Based on a repeatable and traceable methodology that draws on accepted security technical controls standards such as Center for Internet Security Critical Security Controls, NIST SP 800-53, Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), and other sector-specific standards.
Incidence Response and Management
Any organization using information technology is a target for data theft, ransomware, denial of service attacks, and other nefarious attacks – no one is immune. For companies holding customer-sensitive information, federally or state-protected information, personal health information, or even trade secret information, developing an effective incident response plan is crucial.
Alcor provides a broad set of Incident Response and Management Services:
• Prepare – Develop the plan, tools and support when an incident occurs.
• Analyze – Identify the type of incident and defining the scope and potential impact.
• Contain – Limit the exposure and expanse of the incident.
• Remove – Eliminate the threats and threat actors responsible for the incident.
• Recover – Restore normal business operations while reducing the likelihood of a repeat cyber incident.
Business Continuity & Disaster Recovery
An organization reputation is built on the business continuity, Alcor ensures its clients business continuity with the plan of the action during a business disaster, this involves in creating policies and plans that ensure necessary business functions during a disaster by providing business impact analysis, change management and reporting potential issues. Disaster recovery involves in restore important systems this also involves in reducing business downtime.
Security Information and Event Management (SIEM) is an important piece of any organization’s security strategy. Managed effectively, it can help organizations to protect business operations and intellectual property, meet compliance regulations and enable better detection and faster response to security incidents.
Demand for SIEM technology is high, but that doesn’t mean that every business has deployed a SIEM solution or that all existing implementations are running smoothly.
Alcor utilizes its SIEM expertise to provide you with services at all stages of implementation, from product selection and testing, to implementation, tuning, and functional testing.
Alcor performs vulnerability scanning using industry standard assessment tools as well as manual attack techniques meant to uncover weaknesses that are often missed with automated vulnerability scanning alone. In addition to reporting on the vulnerabilities we discover, Alcor provides remediation guidance and risk scoring to ensure your teams have the information necessary to prioritize remediation efforts.