Meet Delta Risk’s Public Sector Team
Delta Risk’s public sector team provides a wide range of professional cyber security services to government departments and agencies, including many that execute critical cyber operations in national and homeland security, as well as government-funded research institutions and international partners. Delta Risk is uniquely qualified to help public sector entities minimize their cyber risks. Our team has the strategic and operational experience to effectively assist government organizations with their cyber security needs., including technical experts who have developed an impressive track record with military entities, intelligence organizations, and Fortune 500 companies.
Verify the Strength of Your Information Security Program
Developing a program, reviewing its effectiveness, and testing program resilience will help ensure your organization has met its compliance obligations.
Our assessments review your current cyber and IT risks, policies, and programs. With this comprehensive analysis, we can identify your program’s strengths and weaknesses to find any security gaps. We can also advise your organization on the optimal solutions for your business based on your unique risks and resource constraints.
Once developed, you need to test the effectiveness of your program in simulated real-world scenarios. Delta Risk offers red-team and table-top exercises tailored to your specific requirements, and developed with our expertise in defending government networks.
As insider threats (i.e., malicious or negligent employees) can also be a major concern for public sector entities, we deliver services directed at managing the human element of security. Delta Risk offers cyber security training and awareness courses for all levels of digital expertise.
Access Services Built Around Your Security Needs
Delta Risk’s managed security services efficiently and effectively manage your technical security needs. Our services are scalable to the size, complexity, and risk tolerance of your organization.
Protecting Government Data with Comprehensive Cyber Defenses
If your organization suffers a breach, or you suspect one has already occurred, Delta Risk offers a variety of services to help you respond, including:
- Hunting for current or undiscovered threats affecting your network,
- Coaching your organization through difficult decisions after a breach, and
- Providing a response team with a host of capabilities to deal with an active threat.
Multi-Faceted Cyber Security Issues Impact Public Sector
Government organizations across the globe must protect and defend their data and networks against persistent cyber threats. No organization is immune to the devastating consequences cyber criminals and sophisticated nation-state actors can cause by accessing a public entity’s sensitive/classified information, intellectual property (IP), and/or personally identifiable information.
Most organizations recognize the threat of a foreign entity gaining access to state secrets or defense matters. There are a myriad of other cyber threats facing public entities, however. For one, countries are actively exfiltrating IP. This not only damages the competitive advantage of private companies, but it can also affect national security.
Identifying Threat Types and Motivations
Malicious cyber actors target governmental organizations because of the vast databases of information they contain. This may include information on residents or extensive personal information on employees, as illustrated by the U.S. Government’s Office of Personnel Management (OPM) breach.
An organization’s employees could also be considered threats. Whether this threat materializes as a malicious actor exfiltrating sensitive data, or a negligent employee who inadvertently enables access to files and systems, the sheer number of people employed by the government both directly and as contractors creates additional risk.
- Maintain an Inventory of Information Systems
- Categorize Information and Systems According to Risk Level
- Maintain a System Security Plan
- Implement Security Controls
- Conduct Risk Assessments
- Achieve Certification and/or Accreditation
- Conduct Continuous Monitoring
Failure to meet the requirements of FISMA could result in budget cuts to an agency or termination from a contract for a private government contractor.
Related Blog Posts
Public Sector Compliance – FISMA Overview
In the US, the most important cyber regulation in the public sector is the Federal Information Security Management Act (FISMA), passed in 2002 as part of the E-Government Act, with updates in December 2014.
Like industry specific cyber regulations, like those in the healthcare or financial industries, FISMA requires each federal agency to develop, document, and implement a cyber security program. In addition to all federal agencies, FISMA also applies to state agencies that are administering federal programs—Medicare, Medicaid, unemployment insurance—and private government contractors who meet expansive criteria.
If your organization utilizes a cloud environment, your cloud service provider (CSP) must also comply with FISMA requirements. The use of such services is reviewed under the government-wide Federal Risk and Authorization Management Program (FedRAMP).
FISMA assigns the role of developing the standards and minimum security requirements to the National Institute of Standards and Technology (NIST), which the Secretary of Commerce approves. The requirements are extensive, encompassing 17 areas of security detailing approximately 205 specific requirements. Here is a summary of the major requirements: