Cyber Security

For more than 17 years, Ingenium has been trusted partner to Federal and commercial clients across the gamut of IT security and related information assurance services. Our proven and sustainable best practice solutions span security analysis and enforcement, enterprise security architecture development, and disparate systems integration.

Ingenium’s security-vulnerability study for the Washington Suburban Sanitary Commission (WSSC) of Maryland identified and supported the neutralization of immediate threats and acted as a foundational resource for a comprehensive, strategic Cyber Security Plan. Our teams supported the analysis and planning to respond to cyber vulnerabilities, safeguards effecting both public health and national security elements. The WSSC provides safe drinking water and wastewater treatment for Maryland's Montgomery County and Prince George's County.

Established in 1918, the commission is the eighth largest water and wastewater utility in the United States serving over 1.8 million people in an approximately 1,000-square-mile (2,600 km2) area. It also owns and manages approximately 16,000 km of water and sewer mains. The scope of the security-vulnerability study covered IT resources and the identification of security risks, and network, server, and personal-computer (PC) security within the WSSC wide area network (WAN). The study also covered a review of WSSC firewalls, virtual private networks, vulnerability-scanning tools, intrusion-detection systems, domain configuration, network architecture, and access-control tools. Objectives achieved on this project included:

  • Identification of immediate, specific security risks
  • Review of existing policies
  • Provision of rapid fixes to neutralize security breaches
  • An outline of a long-term, strategic security plan

Ingenium’s holistic approach, covering both processing and communications related risks, incorporates a broad spectrum of technological, global environment, human and regulatory dependencies. We draw upon the expertise of our certified teams to achieve reliable and verifiable results supported by the overarching methodological and administrative checks and balances afforded by experienced ISO and CMMI Level 3 practice application.

Client Benefits
  • Enhance reporting and response activities related to security via the introduction of proven analytical approaches and related support tools
  • Meet all compliance stipulations across enterprise deployments in terms of DR and Cyber thresholds
  • Advance risk mitigation and performance efficiencies by introducing documented, repeatable, measurable and automated cyber processes
  • Achieve measurable situational awareness thus increasing overall security disposition
  • Thwart unintended/unwanted geographic and domain barriers and enhance information sharing and collaboration
  • Enhance relationships with stakeholders to promote proactive and effective participation in security requirements address
Cyber, IA and Disaster Recovery Services
  • Computer Forensics/Vulnerability and Threat Assessment Analysis, Response Design and Implementation
  • Security Program Planning and Management Support
  • Technical Security Architectural Design and Development
  • Security Certification and Accreditation
  • Disaster Recovery and COOP
  • Critical HW/SW/Communication asset identification
  • Cyber Workforce augmentation
  • Network security monitoring and incident response
  • Data recovery and preservation
  • Security policy, standards, and awareness
Vulnerability Management Service

Ingenium's vulnerability management services provide a full range of solutions designed to identify and mitigate weaknesses at the network, host and application levels. This serves to reduce the exposure of critical systems to external and internal attacks. Systems and networks are often compromised by employees or consultants working inside the organization as opposed to hackers from outside. Our information security analysts leverage electronic and physical vulnerability assessment tests. Our process manages vulnerabilities throughout the entire vulnerability stack. Our service manages vulnerabilities beyond the well-known weak spots at the network and operating system. We can identify vulnerabilities in databases, third-party applications, and custom Web applications as well as physical access to critical infrastructure. We also detect problems such as cross-site scripting and SQL injection.

  • Identify specific security vulnerabilities and review tools currently in use to enhance security and business continuity for systems and devices connected to the enterprise
  • Identify and recommend improvements to security policies in use by IT personnel
  • Provide recommendation to remedy problems discovered during this assessment
  • Identified capacity bottlenecks and performance limitations
  • Assessed the quality of the infrastructure, the obstacles to scalability and/or adaptability
  • Identified the threats to survivability
  • Determined the impediments to full cost-effectiveness
  • Provided a full architecture review that included servers, networks, application software, integration of the technology environment, and determined is the current architecture supported the needs of the organization
  • Identified an overall enterprise strategic roadmap
  • Reviewed and assessed all systems, devices, and networks per OSSTMM or other security methodologies
  • Identified security vulnerabilities on servers, client systems, and SCADA devices
  • Reviewed the current patch management strategy and toolset and provided a gap analysis to ensure full coverage
  • Assessed the current use of wireless spectrum and provided analysis of weak areas
  • Reviewed the current LAN/VLAN network design and provided insights on tightening security on certain high risk and business critical networks

Application Services

New technologies offer the tools to tighten security and prevent intrusions and attacks. Ingenium recommends a thorough analysis of existing software security before making a commitment and investment in new technology. Our application security analysts can identify methods for improving security for existing systems, determine the thoroughness and effectiveness of existing security, and where an organization can strengthen its security profile through procedural improvements to better protect its data. A security profile analysis helps customers understand their most critical assets to protect and where greatest potential vulnerabilities lay. Our analysis encompasses firewalls, virtual private networks, vulnerability scanning tools, intrusion detection systems, network architecture, and access control tools.