Security Management Practice
NCI Security's team of cyber and information security experts is comprised of professionals who have managed security
programs for government and private critical infrastructure owners and operators. Our team has extensive experience
in security operations, security policy development, regulatory requirements analysis, incident response, and security
program development. NCI Security leverages this experience by offering appropriately scaled, professional security
advisory services to government, corporate and individual clients.
Examples of security management services include the following (click the headings for more detail):
-
Critical Infrastructure Protection Planning
Our team members have created and executed security plans and standards for all manner
of critical infrastructure, from SCADA systems to check processing equipment. This activity
has included incident response and recovery, anomaly detection, and regulatory compliance
activity.
-
Capability Maturity Assessment
-
Enterprise Security Program Development and Review
We have extensive experience in the development, implementation, and execution of
robust, practical enterprise security programs designed to reduce organizational
risk. Our multi-function approach uses proven methodologies that ensure all aspects
of a modern, effective security program are addressed in a way that is organizationally
feasible and professionally responsible.
-
Incident Response Planning and Simulation
When it comes to being prepared for security incidents — especially in the context of
critical infrastrucutre — a robust, well-tested response plan is invaluable.
We have experience creating and evaluating comprehensive security incident response plans for
companies of all sizes. Our goal is to ensure response plans are actionable, understood at all
levels of the organization, and integrated into existing business continuity and disaster recovery
plans where appropriate.
-
Personnel Training and Education
From general security awareness programs to training on specific topics, we can customize
a curriculum that meets your organization's needs. Security practices are not effective when
they are not understood. Training programs are valuable for all roles, from the end user to
the security professional, in order to communicate information necessary to reduce operational
risk and to improve the maturity of the security function.
-
Documentation and Presentation
Effective communication of risk to every level within an organization is crucial to establishing
the value of an information security program and to increasing the credibility of its initiatives.
We are expert presenters and can speak security to all audiences, from C-level executives and board
members to non-technical individual contributors. We can also provide professional security-related
presentations and documentation for your product or service.