cyber security

Comprehensive Protection

Our objective is to protect your organization against threats across devices, networks, clouds, hybrid clouds, and on-premises environments.

CyberSecurity: Ensuring mission success.

Our platform agnostic objective is to protect your organization against threats. We establish data governance processes to ensure data elements are sound and secure from theft, corruption, natural disasters, or unauthorized activity while allowing the information and property to remain accessible and productive to its intended users. Our clients have grown to depend on and trust GAMA-1 Technologies to protect their digital information, manage risk, and manage privacy concerns wherever personal identifiable information is collected, stored, or used.

Our team of CTR 006 certified professionals provides security guidance and services to Federal clients throughout the System Development Life Cycle (SDLC) utilizing the Open System Interconnection (OSI) model that defines a networking framework to implement protocols in seven layers (application, presentation, session, transport, network, data link, physical).

We provide an agile project management approach to prioritize security tasks to deliver comprehensive defense in depth best practices to protect your data containing sensitive information that has the potential to fall into the wrong hands.

Our CyberSecurity Services

Information Assurance (Business) Services

  • System Risk Assessment
  • Auditing, Assessment and Authorization (A&A)
  • Governance & Reporting
  • Compliance Frameworks (Federal Information Security Management Act [FISMA], NIST 800 publications standards, [SP 800-53, Rev 4 / Rev 5, SP 800-53A, and RMF – SP 800-37, Rev 2])
  • Development of System Security Plans (SSPs)
    Contingency Plans (CPs)
    Security Impact Assessments (SIAs)
    Business Impact Assessment (BIA)
    Risk Assessment Reports (RARs)
    Federal Information Processing Standards (FIPS) 199 security categorization
    FIPS 200 minimum security controls
    Configuration Management Plans
    Incident Response Plans
    Rules of Behavior (RoBs)
    Service Level Agreements (SLAs)
    Memorandum of Understanding (MOUs)
    Inter-Service Agreement (ISAs)
  • Management / remediation of Plan of Action and Milestones (POA&M)
  • Respond to data calls and requests for information – FISMA, DHS, DOC, NOAA, and NOAA Line Offices and Programs
  • Information System Security Official (ISSO) support -Technical/Non-Technical Support
  • IT organization change management framework
  • Planning, budgeting using Project Management Book of Knowledge (PMBOK)
  • Monitor and measure to determine effective  security protections 

Information Security (Technical Applied) Services​

  • Intrusion detection / forensics for operating platforms, products, and technologies (Linux, Cisco, Microsoft, Juniper, Apple, McAfee, ECMO, IPS/IDS, Arcsight BigFix, Tenable.sc)
  • HSPD-12 support and services
  • Evaluation of various technologies and products
  • Configuration management
  • Provide security architectural considerations and recommendations
  • Design secure cloud architectures and services
  • Facilitate cloud provisioning and orchestration; Azure, AWS, and Google
  • Assess new technologies and guide, implement on-premise, cloud, or hybrid environments
  • Provide FISMA compliance for cloud services; FedRAMP, EINSTEIN, TIC 3.0, VPN connections, cloud broker connections, direct connections, managed trusted internet protocol service (MTIPS), G-suite, internet of things (IoT), virtual LANs (VLANs), cloud access security broker (CAS), McAfee MVision, and mobile computing device management
  • Hands-on cyber security monitoring tools experience
    Application, network, technical team testing
  • Security best practices such as: defense in-depth; least privileges; access controls; and, encryption
  • Maintain IT processes methods and tools for log analysis (Arcsight)

Cyber Security (Technical Applied and Theoretical) Services

  • Penetration Testing (Web, Network, Application, Hardware, War-dial, Physical, Social Engineering)
  • Vulnerability Scanning 
  • Malware Analysis
  • Network Forensics
  • Reverse-engineering and custom software solutions to find new exploits

Data Protection Services

  • Secure data against unauthorized access, end -to-end encryption
  • Data governance technical processes to ensure data elements; both the content and metadata are secure

Data Privacy Services

  • Access Authorization – 
    Data stewardship and ownership roles definition
  • Legal – Homeland Security President’s Executive Orders, Presidential Directives, DHS Secretary Binding Operational Directives (BODs), Office of Management and Budget Memoranda

Security Program Experience

As a trusted NOAA partner, GAMA-1 Technologies provided end-to-end Information Assurance,  Information Security,  Cyber Security, and Data Protection / Privacy Services for five Program Offices and all systems within the National Weather Service (NWS) Annual Assessments (A&A) contracts. Through GAMA-1’s NWS contract, we managed and developed an IT security program and operational environment which involved assessing, analyzing, monitoring, and mitigating risks.

 

For FY2019 our Information Security Assessment and Authorization (A&A) Specialists supported an enterprise-wide service performing 19 standardized, reliable, and high-quality annual assessments for all the NWS FISMA high, and moderate systems, to include 13 penetration tests for 5 high, and 8 moderate FISMA systems. We complied with NOAA’s Risk Management Framework (RMF), FISMA, DOC, NOAA, and NWS IT standards and security policies. GAMA-1 ensured consistency of our product and service, which is key to our customer satisfaction. The A&A team conducted assessment findings reviews sessions to ensure that the identified findings, vulnerabilities, threats, threat agents, existing safeguards, consequences, recommended mitigation tasks, procedures, and processes are executed exactly as intended. Our 30+ CISSP certified professionals ensured that all 25 high, moderate, and low NWS FISMA systems were compliant with federal requirements and guidelines by providing FISMA continuous monitoring support such as annual reviews and recommendations on system security documentation including but not limited to IT security policies and procedures, System Security Plans, Configuration Management Plan, Contingency Plan and Test, Incident Response Plan, PTA/PIA, etc., we managed a corrective Plan of Action & Milestones (POA&Ms) and any FISMA related guidance to NWS ITSOs and ISSOs. 

 

We facilitated planning for business continuity / disaster recovery, certifying and accrediting systems, security technical assessments, monitoring security, reporting / responding to incidents, and taking corrective actions. Our Security engineers work with the CISOs, ITSOs, and ISSOs to successfully manage and architect IT security services across the agency. We ensured secure operations for IT infrastructure, networks, applications, databases, equipment, and assets. We performed the required system security scans to assess vulnerabilities and to ensure the proper “hardening” to protect against potential threats. We have worked with our customers to address the ever-expanding IT Security threat landscape. We instituted security programs that provided the controls and a solid basis of proven security measures from industry best-practices, such as, ensuring that applications identify and follow security requirements; implementing multi-layered perimeter defense; hardening internal resources; securing Personal Identifiable Information (PII); and instituting HSPD-12 within an effective security risk management structure.s

for more information  about cybersecurity

Project Manager
Kathleen Fitzgerald

for more information about working with GAMA-1

Director of Business Development
Gerald Stark

Customer and Consultant testimonials

From our Clients and Partners:

NWS/OCIO - I wanted to let you know how much the Alaska Region appreciated your team (GAMA-1), and how they conducted the A&A Review. Your team were consummate professionals there to provide meaningful assistance and feedback to solve problems. I received extremely positive feedback from the Alaska Region participants regarding the team, and their performance. This is a testimony to both yours and GAMA-1's leadership, and the quality and competence of the individuals on the A&A team. Thank you (GAMA-1) for the proactive, professional attitude you brought to the Alaska Region A&A to improve our IT security posture.”
Carven Scott
Regional Director
I just wanted to let you know how much I value and appreciate all the support that I get from the GAMA-1 team. We just completed an important and substantial NOAA Tsunami Warning System ATO briefing this afternoon with senior NOAA and NWS leadership. Team 3 went into this assessment down one assessor as Hugo had just accepted a new job. My sincere thanks to Kuan as he was able to step in and his help was invaluable. Also I wanted to thank the leadership of Sergio who kept everyone (including me) on target and on task through these unusual times (Covid-19). Abdul worked very long hours providing excellent advice and technical analysis of the controls despite suffering a personal hardship encountered along the way. Yemisi and Anthony Sepenno also contributed greatly to the success of this assessment. Yemisi traveled with our team for two weeks and asked the hard questions of both the Pacific Region and Tsunami systems. Anthony Sepenno continues to provide expert technical and historical support throughout the entire process. I just wanted to express my sincere gratitude for the support that we have all received in this very important mission of IT Security.
Chris Ortiz
Information Technology Security Officer (ITSO) Office of the Assistant Chief Information Officer NOAA/National Weather Service

Our Clients

Supporting our clients' missions

GAMA-1 News

Careers

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on facebook
Facebook
Share on google
Google+