Sentar Wins MDA Phase I
for Software Risk Assessment Technology Development
April 27, 2010Software from third parties is often used in mission
critical systems. While known malicious code will be identified
during normal test and evaluation processes, suspicious code is
more difficult to accurately identify.
More here |
|
|
|
 Sentar’s
Information Assurance (IA) extends
back to our founding in 1990. An
initial contract during this era was to provide independent validation
and verification services on a large GMD program. Since this
initial contract, Sentar has continued supporting Government and
commercial clients providing IV&V, V&V, test and evaluation, quality
assurance/control, certification and accreditation (C&A) services.
Sentar’s recent work in developing new cyber security technology has
extended our IA and C&A activities specific to address the security
issues related to systems and software applications.
Comprehensive Information Assurance Program
|
Sentar's Comprehensive Information Assurance
Program
- A complete solution for securing vital sensitive,
proprietary and classified information
- Sentar's IA Strengths are woven across Program Lifecycles
Larger
View Here |
|
|
Information Assurance Risk Assessments
Specifically for IA Analysts working with Department of Defense
IA issues, the information Assurance Risk Assessment (IARA)
facilitates rigorous, operationally focused, defendable and
repeatable IA risk assessments. The methodology is focused
specifically on assessing IA risks for DoD systems using the
Department of Defense’s Information Assurance Certification and
Accreditation Process (DIACAP) regulations. However, the IARA
methodology is equally useful in to assessing any Government or
commercial system.
For a copy of Sentar's Information Assurance Risk Assessment
Process for Military Systems white paper, click
here.
Larger image
here
The IARA Process leverages the
analysts’ understanding of the
operational and administrative environment that the system
operates
within the computing/networked architecture of the system and
the
relationship of the identified vulnerability/deficiency to
the trusted
computing path critical to the system’s operational mission.
With this
knowledge, IARA guides the analyst through a series of
determinations
that form a two-factored assessment of both the likelihood
and
consequence of the possible exploit of the identified
vulnerability or
deficiency. The independently derived likelihood and
consequence
determinations are then factored together into a risk
determination of
the deficiency/vulnerability being assessed. The end-result
of the IARA
process when applied to a set of IA issues within a
particular system is
a risk-prioritized ranking of the issues that facilities
well-grounded
decision surrounding mitigation efforts.
An Excel tool designed to assist
the analyst with IARA assessments is
available free of charge by contacting
iara@sentar.com
|
|
|
Sentar's Cyber-Security Lab
Sentar’s commitment to IA and
computer network defense is also
reflected in our modern R&D lab. To date, Sentar has invested
over $50K
in corporate funds to building a flexible and innovative lab that
supports
computer network defense research and software information
assurance. Sentar continues to build and grow this into a
world-class
capability to promote the development and evolution of CND and IA
related technologies. |
|
CND Lab, Rack 1
Photo:
Click image or scroll down for schematic (concept diagram)
Larger
View Here
CND Lab
Capabilities Schematic:
|
|
Up | Software Eng./Analysis | Information Assurance | Soft. Process Improvement | Complex Systems Integ. | MG-Fusion
|
|
Sentar
Wins MDA Phase II to Develop
Sentar
Tapped for Marshall IT Services with Dynetics