Security Risk Solutions, Inc.
SBIOI - 27 January 2011
© 2010 by Security Risk Solutions, Inc.
About Security Risk Solutions, Inc.




Woman Owned Small Business
Launched in 2004
Serving Federal and Private Sector Clients
Information Security and Risk Management
Consulting Services Including:







Information Assurance Risk Management
Program Risk Management
Vulnerability Assessments & Penetration Testing
Business Impact Analyses
Security/Compliance Audits & Reviews
Healthcare Systems Interoperability and Health IT Security
and Privacy
OCTAVE Training
© 2010 Security Risk Solutions, Inc.
2
Core Service Offerings
Information
Assurance Risk
Management
Services
Information
Assurance Risk
Management
Organizational
Business Impact
Analysis
Program &
Project Risk
Management
Services
Audit and
Development of
Corporate and
Regulatory
Compliance
Programs
Organizational
Resiliency Planning
Test Training and
Exercise (TT&E)
Policy and Guidance
Development and
Compliance
© 2010 Security Risk Solutions, Inc.
Information
Assurance
Technical
Services
Technical
Vulnerability
Assessments
Continuity of
Operations
Health IT
Services
Standards
Harmonization and
Interoperability
Certification and
Accreditation
Information
Assurance Program
and Project
Management
Application
Assessments
Health IT Security
and Privacy Services
Penetration Testing
and Analysis
3
Representative Clients and Partners

Space and Naval Warfare Systems Center Atlantic

Cyber Analysis and Infrastructure Protection (CODE 56110)
 Multi-Dimensional Resiliency Model (MDRM) - NRO
 NGB – Electronic Security Systems (Security Test and Evaluation)
 VA:
 Chapter 33 Post 9/11 GI Bill: Risk Management, IT Contingency Planning
 JAL FHCC: Program Risk Management
 Navy Medicine:
 NAVMISSA IT Contingency Planning – MTFs and PORs
 EIA Organizational and Technical Risk Management

US Department of Health and Human Services:

ONCHIT (Office of the National Coordinator for Health IT) Standards
Harmonization Collaborative program in conjunction with the American National
Standards Institute (ANSI)
 Led Development of Technical Interoperability Specifications for Security, Privacy
and Infrastructure (HITSP Standards incorporating HL7 messaging, XACML,
XSPA etc)
 Standards published in the Federal Register in January 2009
© 2010 Security Risk Solutions, Inc.
4
Representative Clients and Partners

FDA/NIH: Security design, development and C&A for inter-agency programs
including:








Safety Reporting Portal for Adverse Effects: www.safetyreporting.hhs.gov
IBC-RMS: The Institutional Biosafety Committee Registration Management System designed
to support monitoring of Institutional Biosafety Committees conducting recombinant DNA
research.
GeMCRIS: The NIH/FDA Genetic Modification Clinical Research Information System supports
human gene transfer research.
Georgetown University Medical Center - Global Argus: Indications and
Warnings (I&Ws) to alert U.S. responders of an imminent bioevent. Used by
the NIH and the U.N.'s WHO to check for outbreaks of all kinds, from SARS
to avian flu.
Princeton Healthcare System (PHCS), Cancer Treatment Centers of
America (CTCA), and other commercial healthcare organizations.
The Independent Electricity System Operator (IESO), Canada
OASD/HA, in conjunction with Georgetown University and the Telemedicine
and Advanced Technology Research Center (TATRC) at Ft. Detrick, MD.
Software Engineering Institute (SEI) / CERT® Coordination Center
(CERT/CC) at Carnegie Mellon University (a Federally Funded Research
Center); Networked Systems Survivability Group
© 2010 Security Risk Solutions, Inc.
5
SEI/CERT Activities




OCTAVE: Operationally Critical,
Threat, Asset and Vulnerability
Evaluation
SRS has conducted instructor
(Train the Trainer) and General
OCTAVE training classes at
SEI/CERT and for our own clients
OCTAVE Training is on the SRS GSA schedule (IT70)
SEI/CERT utilizes SRS staff to Conduct research and on-site
engagements with the Networked Systems Survivability group in
the areas of Risk Management, Mission Assurance Analysis
Protocol (MAAP), Resiliency Management Model and other
related areas.
® OCTAVE is registered with the U.S. Patent and Trademark Office by Carnegie Mellon University
Operationally Critical Threat, Asset, and Vulnerability Evaluation is a service mark of Carnegie Mellon University.
© 2010 Security Risk Solutions, Inc.
6
Task Team Composition
© 2010 Security Risk Solutions, Inc.
7
2009 D&B Open Ratings
Past Performance Report
100
90
80
70
60
50
40
30
20
10
0
© 2010 Security Risk Solutions, Inc.
8
Corporate Information
Corporate Name:
Company Category:
Incorporation Status:
State of Incorporation:
Facility Security Clearance:
Products and Services
Offered
Years in Business:
D&B (D-U-N-S) Number:
CAGE Code:
GSA IT70 Contract:
SeaPort-e:
Website:
© 2010 Security Risk Solutions, Inc.
Security Risk Solutions, Inc. (SRS)
Small Business, Woman Owned Business
S-Corporation
South Carolina
Top Secret
Information Security Professional Services including
Technical Vulnerability Assessments, Technical and
Business Risk Assessments, Consulting, and Regulatory
Compliance Audits. SRS also conducts leading edge
research and validates emerging security assessment
methodologies for the CERT at the SEI.
Currently in 7th year.
192835390
41MQ0
GS-35F-0034W
SN00178-07-D-5055 (Evolvent Acquisition Corporation )
N00178-04-D-4024 (Booz Allen Hamilton)
www.SecurityRiskSolutions.com
9
Contact Information
Johnathan Coleman, CISSP, CISM, CBRM
Principal, Security Risk Solutions, Inc.
698 Fishermans Bnd., Mt. Pleasant, SC 29464
Tel: (843) 647-1556 Cell:(843) 442-9104
JC@SecurityRS.com
Joseph Sabin Esq., CISSP, CBCP, ITIL,CRISC
Director, Federal IA Programs
Security Risk Solutions, Inc.
Tel: (843) 277-0016
Cell: (843) 814-6117
JS@SecurityRS.com
Ronald Krutz, Ph.D., PE, CISSP, ISSEP
Chief Scientist
Security Risk Solutions, Inc.
Tel: (843) 277-0016
RK@SecurityRS.com
Website: www.securityrisksolutions.com
Papers/Publications: www.securityrs.com/papers.htm
© 2010 Security Risk Solutions, Inc.
10