Home Page
About HW&W
USDA Award
Other Recognition
Downloads
Contracts
MOBIS 874-1
NAICS Codes
Expertise
Client List
Key People
Case Studies
Contact Us
Intranet
e-Business Strategies
Information Security Support
Case Study
The objective of this project was to develop a comprehensive information security program for a large federal organization. This program had to be aligned with current legislative mandates, NIST/OMB guidance, departmental policy, and applicable standards.

Our client wanted assistance to assure that their security program provide comprehensive, cost-effective protection for their systems, consistent with current security legislation and guidance. To support this effort, HW&W provided a multi-disciplinary team of experts. The team included experts in the following areas: security, legal and regulatory requirements, analysis, IT technical functions, document management, federal policy and procedure principles, and training.

HW&W first provided a compilation of relevant legislation, guidance, and current departmental policies and standards. Current security policies were then compared with this compilation to identify gaps in compliance. Policies requiring update were identified and assigned a priority. An inventory of policy requirements was developed.

Development of a security program
In cases where policy needed to be developed or augmented, HW&W provided recommendations on content and format for each required document. These recommendations were designed to bring existing documents into agreement with legislation and NIST/OMB guidance, to assure that each document was complete, and to provide a framework for developing documents that did not currently exist. The client provided guidance on content and reviewed the documents prepared under their direction prior to final versions being produced.

Once the policy had been written and accepted, the rest of the security documentation was revised or developed to complete the program. This included comprehensive procedures, a system security life cycle, risk assessment guidance, and a systematic records management approach to support the creation and maintenance of security documents. All the revised and newly developed documents were placed on an internal security website for use by staff and contractors.

Security program support
HW&W provided an independent team to support certification and accreditation of major applications and the general support system. The team assisted in the development of plans of action and milestones and in preparation of responses to audit and oversight groups. HW&W monitors new legislation and guidance on an ongoing basis to assure that the client security program is compliant.

Security training
HW&W provided security training services to improve awareness and compliance with security policy. This training was customized for each functional role within the Agency: Technical writers, systems engineers, applications programmers, and management. HW&W provided security education outreach materials, a security training curriculum, and delivered the classroom training.

View Information Security Support Expertise


  
Copyright © 2003 H W & W, Inc.
All Rights Reserved