Cyber Forward is unique among our cyber security peers in that we do not claim, nor strive, to be all things cyber to all people. Our products are a variation of one theme – helping our partners define and manage their systems security posture. Our approach is policy-based, not technology-based and recognizes that the issues are greater than the underlying technology and that winning the cyber war is dependent on well informed decisions being made by well-informed people.
The Department of Defense and the United States government have recognized that important and sensitive data is being lost to those who seek to use it to exploit and harm our country. In response laws have been passed requiring that proven methodologies be applied to reduce the occurrences of losing control of sensitive data and information. Our first product, DFARS Compliance, provides a seamless, cost effective means of applying these methodologies.
We start by supplying our partner with a new policy set which has been crafted to reflect National Institute of Science and Technology standards, as directed by law (NIST 800-171). We then walk through this policy set with our partner’s Management, Operations and Information Technology leadership. During this walk though, we construct a list of any policies that are not currently being adhered to, from which a Plan of Action with Milestones (POA&M) is produced. We also guide all of our partners employees and contractors who deal with sensitive data through our “Winning the War” workshop. We offer the options of keeping the Policy set update monthly, managing required reporting to the DoD in the event of a incident and project managing the POA&M for additional monthly fees.
We apply the same proven pragmatism found in our DoD work to our non-DoD clients, including those who are involved in Critical Infrastructure. Because of the important part that critical infrastructure plays in the functioning of our way of life, it has become a primary target of those who hate and wish to disrupt that way of life. We believe a proper defense from such threats begins with a clear understanding of potential targets and a systems security plan that informs their protection.
Protecting Critical Infrastructure follows a similar approach as that for protecting non-DoD sensitive data, however, there is additional, often more stringent, regulatory requirements. These additional requirements are imbedded into the new policy set as required. Policies for critical infrastructure partners are often more complex and the POA&M requires greater oversite.