Programs and Services

In the first two focus areas, we perform similar functions for our customers, in different ways. The similarity lies in the result, helping our customers identify and satisfy their need for information assurance capabilities.

The main difference between them is our point of view. In the area of programs, we are an independent contractor operating outside the program office. In the area of services, we are an integral part of the program office.

In those focus areas, we gather and manage requirements. We design systems. We develop concepts of operation. We prepare strategic, operational, and tactical plans. We manage programs and support acquisition. This includes product evaluation, design support, life cycle and logistics support.

We protect critical infrastructure, detect intrusions, and track attack sources. We do this by analyzing and assessing system dependency, vulnerability, and security, and developing analytical algorithms and applications.

We support mobile e-mail, secure the mobile environment, and secure telephone distribution.

ISSO also analyses threats, prepares threat models, and develops graphics to represent those threats. We analyze systems, traffic, and networking communications to gather security requirements and evaluate security threats. We characterize, estimate, and quantify security threats, attacks, and vulnerabilities. ISSO prepares computer models and simulations to support analysis of threat scenarios and assess system security. We develop analytical applications and algorithms to probe systems and gather valuable data about potential vulnerabilities. In addition to vulnerability scanning, ISSO performs penetration testing and prepares documentation for system accreditation and certification.

ISSO performs red team reviews, data mining, and data reduction to gather security threat information from available data as well as from open source intelligence. In our data mining, we develop algorithmic applications, change detection, relational chaining, and sequence projections.

We help our customers apply standards. The standards include those from National Information Assurance Partnership® (NIAP), Common Criteria, and Director of Central Intelligence Directives. We support program offices during certification and accreditation or conduct certification test and engineering. We perform independent verification and validation, as well as operational test and evaluation.

ISSO knows public key infrastructure. We have an extensive history in cryptography and key management. We developed the GSA key management program and we are developing the prototype for over the network keying (OTNK). ISSO is leading the architecture definition for high-assurance Internet protocol encryptor (HAIPE) and we are developing the HAIPE reference implementation for the intelligence community.

ISSO provides knowledge management and supports conferences. We conduct computer security education and training and we support exercises at all levels.