Security & Privacy Framework Development

The Challenge

A client supporting the U.S. Department of Health & Human Services needed to reorganize its IT infrastructure to comply with the Federal Information Security Management Act (FISMA), a law that requires all government agencies and the companies with which they conduct business to develop, document, and implement specific data security frameworks to protect sensitive information. Considering FISMA’s stringent, paperwork-intensive information security requirements, the client chose pureIntegration to help it navigate the process and develop a strategy to achieve federal compliance.

The Solution

pureIntegration utilized its extensive network and application management experience to assess, plan, and support the development of a broad National Institute of Standards Technology (NIST) Security Control framework mapping that was performed in two layers. A high-level mapping compared the security control components of an Information Technology Infrastructure Library (ITIL) with the components of a governance framework (COBIT) that showed the coverage of IT governance focus areas. The framework provided the client with a comprehensive approach to IT governance and service management that included the following:

  • Publication of a comprehensive IT security policy
  • Analysis of risk management, information security governance and common security controls
  • Development and execution of certification and accreditation processes and strategic planning for long-term improvements of IT security
  • Construction and acceptance of a risk management plan of action & milestones (POA&M)
  • Formation of value-based IT strategic financial models that support business strategies
  • Formation of an executive-level Information Security Advisory Council

The Business Benefits

pureIntegration helped the client establish a framework for comprehensive IT governance and bring its systems into compliance with federal law. This not only improved the client’s image among third parties and regulators, but it also helped the IT department redefine itself as a businessfocused and goal-oriented function of the company. By aligning with the needs of management, the IT team was able to accept clear ownership of its function and responsibilities and validate its value among all of the company’s stakeholders.

»
«

In The Field:

Outbreak: Avoiding Information Security Catastrophes in Cable Fundamentals of Performance Testing
SDVOSB
Service Disabled Veteran Owned Small Business (SDVOSB)

TALK TO US

For more information on our offerings or our company  and how we can put our expertise to work for you, give  us a call at 703.707.9680.