Intrusion Prevention System Solutions

Firmitas Secure provides information security solutions to the owners and operators of critical infrastructure. Our Services are focused on creating best in class information security for each client we serve.

Our team is focused on delivering customized solutions to your organization. Our services are designed to suit your needs. We are equally prepared to execute short-term engagements focused on a particular issue or providing long-term services to cost effectively protect your organizations critical information assets.

We help our clients achieve best in class security with tailored solutions:

  • Security Assessments
  • Remediation
  • Customized Training
  • Strategic Guidance
  • Managed Services
  • Staff Augmentation
  • Compliance Consulting

Our team has demonstrated capabilities and procedures for:

  • Application design and analysis
  • Research
  • Vulnerability assessment
  • Penetration testing
  • Computer incident response
  • Digital forensics
  • Malware analysis
  • Security policy and procedure development
  • Security intelligence

Our Team is experienced with Compliance:

  • NERC-CIP
  • HIPPA
  • PCI
  • DIACAP
  • NRC
  • FISMA
  • GLBA/FFIEC

Firmitas Secure can enhance security throughout your organization by:

  • Identifying risks and providing an actionable strategy to guide your team
  • Focusing your resources on the highest priorities with the greatest impact
  • Eliminating budget draining fixes that provide minimal improvements to security
  • Enable long term compliance through best in class security
  • Challenging outdated and institutionalized practices with inherent risk
  • Confirming and verifying your planned investments in technology upgrades
  • Providing third party expertise for achieving board and executive level support
  • Preparing your team for your next compliance audit

NERC CIP Solutions

  • Cyber Asset Identification – Firmitas Secure's Asset Discovery Service will identify and find all assets across an environment, providing a classification and database tracking system so the inventory can be maintained and re-scanned on a periodic basis.
  • Security Management Controls – Firmitas Secure's RiskControl is a comprehensive analysis of an environment determining all of the current controls that are in place, identifying gaps and creating documented remediation plans
  • Personnel & Training – Firmitas Secure has extensive experience in creating and delivering training. The training includes computer based training, live events, awareness and skill assessment. In addition to creating customized training, Firmitas Secure also creates track-able metrics across policies to make sure that the proper risks are being addressed.
  • Electronic Security Perimeter(s) – Firmitas Secure PenTest is a penetration test that actually focuses on remediation as opposed to just identifying exposures. The primary focus is to identify points of compromise and cost effective solutions to remediate the problem.
  • Physical Security – While many organizations look at physical security outside of cyber security, there is a close tie between both. By looking at integrated security across the organization all components of physical security are carefully analyzed with appropriate remediation plans developed
  • Systems Security Management – As part of the Risk Control Assessment, all components of security from hardening guides, best practices and patch management are fully addressed. Creative ways to achieve compliance are recommended based on the extensive expertise by performing similar work for other clients in this sector.
  • Incident Reporting and Response – While many organizations have some form of incident response, many are not very effective and not properly tested. Firmitas Secure will take a comprehensive look across developing, training and deploying an incident response team.
  • Recovery Plans for Critical Cyber Assets – As part of the Incident Response documentation, detailed recovery plans and options are developed for all critical assets. This includes a prioritization of the key assets and recovery options.

SMART GRID/SCADA/ADVANCED METERING INFRASTRUCUTRE

  • Security Risk Assessments for Smart Grid Projects
  • Smart Grid Infrastructure Architecture Review and Analysis
  • AMI Infrastructure Security Analysis, Vulnerability Assessment, Penetration Testing
  • Security Testing for Smart-Meter Hardware, Vendor Review
  • Application Controls and Source Code Auditing
  • Forensics & Incident Response

ELECTRIC VEHICLE INFRASTRUCTURE SECURITY

  • Securing financial transactions that are required for EV recharging
  • Implementing secure and hardened IT environments on EVSEs and Distribution Grid hardware
  • Secure end-to-end communications throughout the EV infrastructure
  • Authoritative identification of vehicle owners/operators for recharging transactions
  • Compliance with applicable Data Privacy Laws and other regulations