Security Management Practice

NCI Security's team of cyber and information security experts is comprised of professionals who have managed security programs for government and private critical infrastructure owners and operators. Our team has extensive experience in security operations, security policy development, regulatory requirements analysis, incident response, and security program development. NCI Security leverages this experience by offering appropriately scaled, professional security advisory services to government, corporate and individual clients.

Examples of security management services include the following (click the headings for more detail):

• Critical Infrastructure Protection Planning
  Our team members have created and executed security plans and standards for all manner of critical infrastructure, from SCADA systems to check processing equipment. This activity has included incident response and recovery, anomaly detection, and regulatory compliance activity.
• Capability Maturity Assessment
  We have over a decade of experience assessing complex security functions against standard Capability Maturity Models (CMMs), including the InfoSec Assurance CMM (IA-CMM) created by the United States National Security Agency and the recently-released Electricity Subsector Cybersecurity CMM (ESC2M2) created by the United States Department of Energy for the White House.
  
  Our team members served in leadership and consultative roles in the development of the ESC2M2.
• Enterprise Security Program Development and Review
  We have extensive experience in the development, implementation, and execution of robust, practical enterprise security programs designed to reduce organizational risk. Our multi-function approach uses proven methodologies that ensure all aspects of a modern, effective security program are addressed in a way that is organizationally feasible and professionally responsible.
• Incident Response Planning and Simulation
  When it comes to being prepared for security incidents — especially in the context of critical infrastrucutre — a robust, well-tested response plan is invaluable. We have experience creating and evaluating comprehensive security incident response plans for companies of all sizes. Our goal is to ensure response plans are actionable, understood at all levels of the organization, and integrated into existing business continuity and disaster recovery plans where appropriate.
• Personnel Training and Education
  From general security awareness programs to training on specific topics, we can customize a curriculum that meets your organization's needs. Security practices are not effective when they are not understood. Training programs are valuable for all roles, from the end user to the security professional, in order to communicate information necessary to reduce operational risk and to improve the maturity of the security function.
• Documentation and Presentation
  Effective communication of risk to every level within an organization is crucial to establishing the value of an information security program and to increasing the credibility of its initiatives. We are expert presenters and can speak security to all audiences, from C-level executives and board members to non-technical individual contributors. We can also provide professional security-related presentations and documentation for your product or service.