Operational Cyber Security
We specialize in providing highly-qualified Cyber Security resources to assess the needs of our customers and deliver fully-compliant Cyber Security programs in highly-regulated and complex environments. We provide Cyber Security Programs for enterprise/business systems, applications, Industrial Control Systems (ICS/SCADA), Internet of Things (IoT) Devices, and Cloud environments.
Securing All Information & Environments
Fully Compliant Cyber Program Features
Awareness Training Programs
We Secure All Types of Systems and all Classifications of Data with Defense-in-Depth Methodologies
We understand that connectivity in all types of enviornments may be required to support the mission and we know how to ensure that connectivity occurs in a secure and compliant manner.
Cyber Security Programs Across All Environments: ICS/SCADA, IoT, Cloud, Enterprise/Business, and Classified
Industrial Control System Security (ICS)
ICS security needs have become more challenging with targeted attacks against devices once believed to have “security through obscurity.” Our ICS Cyber Specialists enable ICS mission needs for customers with a proven defense in depth approach to isolate critical assets appropriately and secure core components, while enabling secure connectivity to address business requirements and mission needs. We ensure that ICS systems are monitored without impacting the operational integrity or availability of the system.
Internet of Things (IoT)
A rapid influx of IoT devices absent of basic security design principles have altered the cyber threat landscape and increased organizational risks. Devices of all kinds have become Internet enabled to connect people and functions to devices. This newly interconnected world has been created with low cost methodologies rather than security-minded methodologies resulting in organizations bringing in devices without security features. We assess IoT security, address vulnerabilities and gaps, and monitor the organizational environment to ensure that the mission is not impacted.
Security in the Cloud
BGS provides Cloud security for private, public, govcloud, FEDRAMP, and hybrid cloud environments. Additionally, BGS assesses cloud environments, cloud service providers, and software as a service providers and products to ensure compliance and security. When making the move to a cloud environment, security by design is crucial to ensure that the configuration of the environment addresses security needs and compliance requirements. Two of the largest security issues with cloud environments are misconfiguration and failure to adhere to security requirements due to confusion in roles and responsibilities between the provider and the organization. BGS ensures that configurations are compliant and that roles and responsibilities are clearly understood.
Enterprise/ Business Systems Security
BGS provides Cyber Security Programs for enterprise and business systems, as well as securing software. BGS assesses, tests, monitors, configures, and addresses network, firewall, and application security. Cyber Security Program features are described in the Cyber Security Program Features area below.
Classified Computing Security
BGS provides Q cleared resources to address security needs for classified computing environments. Our resources are experienced handling classified matter, and in ensuring that compliance requirements are addressed in limited areas.
Cyber Security Program Features
Policies, Procedures, and Plans
BGS creates and maintains policies, procedures, and plans to ensure Cyber Security compliance. We utilize proven templates for the creation of compliance documents to facilitate efficient use of resources. The policies, procedures, and plans support the Cyber Program.
Scanning, Testing, and Evaluating
BGS is contracted to perform ethical scanning, testing, and evaluating of security capabilities. A Rules of Engagement agreement is established with the organization prior to performing ST&E processes. A results report is provided to the customer, along with recommendations for any improvements.
Vulnerabilities, Threats, and Risks
The Cyber Program is based around Risk Management. BGS uses industry standard tools to scan for vulnerabilities, and then provides vulnerability mitigation activities. BGS evaluates vulnerabilities, analyzes threat sources, and determines the likelihood of the threat source using a vulnerability against an organization as well as the impact on the organization to establish a risk rating. Risks are managed constantly throughout the Cyber Program activities. BGS routinely performs Risk Assessments.
Incident Response and Reporting
When incidents occur, BGS provides efficient incident response and investigation activities. The appropriate response additionally involves reporting to the appropriate organizations.
Contingency Planning & Mission Impacts
Mission Impact Assessments (MIA’s) are key components for the Contingency Planning process. MIA’s are completed to assess tolerance and establish priorities for the purpose of the Contingency planning process. The contingency planning process provides methods for recovering in the event of an outage. Additionally, the Contingency Planning process includes training and testing of the contingency plan to determine effectiveness.
Certification & Accreditation for ATO's
BGS has created many certification and accreditation packages for organizations to obtain authority to operate for general support system environments and for industrial control systems. Our proven templates allow for efficient completion of required documentation to provide organizations with compliant packages.
Continuous Monitoring Program
One main component of the Cyber Program is continuous monitoring. Continuous monitoring serves to offer assurances of the effectiveness of mitigating controls, and additionally provides opportunities for continuous improvements.
Cyber Security Awareness Programs
BGS develops Cyber Awareness training content for organizations that is customized to match the policies and procedures as well as enable the mission.
Insider Threat Program
Insider threats can be accidental or intentional. Regardless of the intent, insider threats are a growing problem. BGS establishes Insider Threat Awareness Programs to enable staff to recognize signs of insider threat, and monitoring activities that assist recognizing potential insider threats. Additionally, response activities are a key component of the program.
BGS delivers content via classroom or electronic information system.