Services
Cyber Pack Ventures Inc. (CPVI) provides Information Security Assessment services customized to a business’s needs. The staff consists of senior experts with experience in the commercial sector, the intelligence community, the Department of Defense, Homeland Security, and other government sectors.
The following list of services represent commonly requested capabilities, but CPVI also provides customized offerings.
Security Policy Development
Perform risk analysis of Information Technology (IT) system operations and their governance to ensure protective measures are implemented commensurate with business requirements and objectives
- Provide Contingency and Continuity of Operations (COOP) planning to minimize loss of data and infrastructure ensuring availability of business functions
- Perform gap analysis on the IT operational environment to identify compliance with established policies and guidelines
- Identify and develop risk mitigations to support business decisions
Security Assessment and Authorization
Perform Independent Security Assessments of IT systems based on the Risk Management Framework (RMF). This process includes identifying weaknesses and providing recommendations to address identified vulnerabilities. Also documents all aspects of an IT system to address compliance requirements based on applicable guidelines and regulations. Assist with streamlining processes to ensure the security of the system in a resource constrained environment.
- Identify system categorization and applicable security controls
- Implement and document security controls
- Coordinate Security Assessment activities
- Develop Security Test Procedures to ensure security controls are in place and functioning as intended
- Perform Security Assessments
- Identify continuous monitoring activities post authorization
Threat Assessment
Conduct an independent risk assessment identifying both known and unknown vulnerabilities that may be exploited to compromise the confidentiality, integrity, or availability of information being processed, stored, or transmitted by an information system.
- Identify relevant internal and external vulnerabilities to an organization and the potential threats associated with them
- Assess impact to the organization that may occur given the potential for threats that may exploit vulnerability
- Assess risk based on the expected harm and likelihood of harm occurring from identified vulnerabilities and associated potential for exploitation
- Provide recommendations for improving the security of an organization or IT system
Disaster Loss Prevention
Perform risk analysis to evaluate employee behavior and the associated risks based on factors such as the locale and the threat landscape. Assist with the following activities to support data loss prevention (DLP):
- Properly classify and understand the protection requirements of the business data
- Help implement a security-aware culture where protecting data is critical to all employees
- Provide the training that employees need to know in order to keep data secure
- Help implement necessary technical controls to protect the data from potential threats
- Monitor and audit both internal and external user activity to maintain a continuous awareness of the threat environment
- Develop and help enforce security policies based on relevant threats and that are integrated with business processes and aligned with appropriate roles and responsibilities
- Help ensure clear leadership through executive commitment and visibility
- Develop an incident handling process
Identity and Access Management
Assist in establishing an Identity and Access Management solution by identifying and mapping users to the appropriate access privileges for an IT system and/or platform.
- Define security policies and guidelines that establish processes for data access privileges
- Deliver the necessary infrastructure components to support authentication
- Assist with the development of processes and procedures for access control including establishing, modifying and revoking user accesses
- Identify and help implement tools for auditing and monitoring access activity
- Assist data owners in specifying the access control levels and permissions required to access data
CPVI also provides services in the following areas:
Cyber Operations Advisory Services - strategy, regulatory compliance, and awareness, training and education, market development and legislative and regulatory analysis
Software Engineering - strong past performance in developing secure applications and software assurance standards for national security especially in cryptographic related areas
Cyber Operations Support - software assurance, security engineering, security infrastructure and implementation, IT and communications operations, and monitoring and testing
Technical compliance – provide technical leadership through architecture, processes, risk management and automated monitoring in support of compliance with privacy laws and policies across the SIGINT system
CFIUS and FOCI activities – provide technical consulting and policy advising for M&A evaluations, Proxy and SSA boards; suggest and evaluate mitigation processes and solutions
Cyber Operations Integration - Joint Pub 3-13 and 3-13.1 issues, and service specific implementations, Cyber Counterintelligence and Cyber Electronic Warfare
CPVI NAICS Codes
For federal government contracts, CPVI supports the following NAICS Codes:
541511 Custom Computer Programming Services
541512 Computer Systems Design Services
541513 Computer Facilities Management Services
541519 Other Computer Related Services
541613 Marketing Consulting Services
541618 Other Management Consulting Services
541690 Other Scientific and Technical Consulting Services
541712 Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
611420 Computer Training
611430 Professional and Management Development Training
611710 Educational Support Services