Task Area 5 - Critical Infrastructure Protection and Information Assurance
The protection of critical infrastructure and assurance of agency information is evolving as the next great CIO focus area (with the passing of Y2K problems). Information assurance is defined here as those operations that protect and defend information and information systems by ensuring confidentiality, integrity, availability, accountability, restoration, authentication, non-repudiation, protection, detection, monitoring, and event react capabilities.
A non-exhaustive list of examples of the type of work to be performed under this task area is:
- Critical infrastructure asset identification
- Information assurance of critical infrastructure
- Risk management (vulnerability assessment and threat identification)
- Critical infrastructure continuity and contingency planning
- Physical infrastructure protection
- Information systems security
- Information assurance
- Emergency preparedness
- Training and awareness programs
- Exercises and simulation
- Disaster recovery
- Security certification and accreditation
- Crypto systems
- Record management
- Public key infrastructure
- Electronic messaging
- Digital libraries
- Intelligent, automated data collection and analysis
Technical Approach to Critical Infrastructure Protection
Our approach is founded on disciplined application of the SAIC Common Approach to engineering and development plus years of experience, tailored to unique needs of each specific task order.
SAIC understands that as components of the critical infrastructure are interrelated, so too are processes needed to protect them. Our security engineering approach addresses all aspects of the SOW. SAIC offers established, proven, methodologies to successfully conduct all aspects of systems security engineering.
We leverage existing processes, templates, and knowledge bases. SAIC tailors the security approach for each task to maximize effectiveness and reduce cost. We provide each customer products and services consistent with their specific guidance, formats, and regulations.
Security Risk Identification and Mitigation
Potential Risks include:- Denial of service/inability to recover from a disaster
- Unauthorized access to systems and/or data Installation of unauthorized, untested or malfunctioning software
- Perform vulnerability assessment/ threat identification, critical infrastructure continuity/ contingency planning/ physical infrastructure protection planning/disaster recovery planning
- Employ Public Key Infra-structure, crypto systems, record management
- Detect or avoid via information systems security, security certification/ accreditation, training/ awareness programs
Security Vulnerability Assessment & Planning
- Critical infrastructure asset identification
- Critical assets
- Mission
- Critical infrastructure continuity and contingency planning
- Risk management (vulnerability assessment and threat identification)
- Threats
- Mitigation plans
Security design, implementation, installation and operation
- Information systems security
- Information systems assurance
- Physical infrastructure protection
- Disaster recovery
- Train
- Monitor
- Assess
Security technology assessment and planning
- Assess security technologies
- Recommend applicable technologies
- Develop implementation plans
- Implement applicable technologies
Security operations (training, monitor & certification)
- Emergency preparedness
- Exercises and simulation
- Training & awareness programs
- Intelligent, automated data collection and analysis
- Security certification & accreditation