SRC defines complex operational and technological requirements by researching and identifying best-in-industry solutions and delivering unbiased and credible recommendations. We deliver information assurance support to our U.S. Government customers in the following areas:
IA Policy and Program Planning
SRC seeks to ultimately enhance the customer's overall business processes through IA policy and program planning. This starts by defining an IA infrastructure and the roles and responsibilities. We then devise training standards, develop self-evaluation processes and identify existing or needed skill sets to implement an effective IA program.
Information Risk Analysis
SRC helps determine the sensitivity, criticality and lifespan of corporate information, taking particular note of "crown jewels." We then profile the user base, looking at the information needs, access privileges and characteristics specific to its use. Our analysts then conduct assessments that identify and correlate threats to vulnerabilities. We conclude this study with an estimate of the organization's information risk.
We develop processes for network monitoring and computer defense metrics. SRC also institutes vulnerability scanning in support of reliable, patch-level situational awareness and management.
Certification and Accreditation
SRC works with SCOs, ISSMs, and directorate acquisition, development and operations managers to establish security requirements and the C&A boundary. We define accreditation criteria, review certification test results and recommendations, and prepare the CIO to make informed risk management decisions.