Case Study: Secure Communication Implementation for a Government Agency
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
Secure Communication Implementation for a Government Agency

Our Client’s Needs

The client, a Government Research Agency was implementing a Communication Portal that would allow its researchers to communicate with each other over the internet, while collaborating on projects and exchanging research data. Data security and confidentiality was of paramount importance thorough this project due to the sensitive nature of the data that would be communicated through this portal.

Scope of Engagement

The Client decided on engaging Security Brigade in two phases.

  1. Security Implementation
  2. Security Testing

Our scope included every system, network and application that would be directly or indirectly in contact with the communication portal.

Methodology

Steps taken for Security Implementation

  • Threat-Model Developed during Design Phase of Development
  • Complete Source Code Security Audit of the Web Application
  • Token Based Authentication Implementation
  • Developed In-House software to implement “Form Based Encryption and Signing Mechanism”
  • Client side PKI Certificate Implementation
  • Incident Response Team Training and Testing
  • End-User Security Training

Steps taken for Security Testing

  • Bi-yearly Penetration Testing.
  • Quarterly Remote Vulnerability Assessment.
  • Monthly Internal Vulnerability Assessment.
  • Yearly Unscheduled Real-World Attack Simulation.

Value Delivered

Our Secure Communication Implementation and Testing Service allowed the Client to assess the security posture of the new Information Sharing system and the systems directly connected to it. Furthermore the Client gained the following benefits:

  • Risk Benefits: Security Brigade worked with the Client to minimize any risks faced by the new communication-portal and the research data it held. Our Client was able to thwart very serious issues that could have potentially put all of its internal research data at risk.
  • Cost Savings: Security Brigade suggested and implemented cost-effective risk-mitigation measures based on the customer’s requirements that would ensure security and continuity of their operation. Furthermore, we were able to identify and remediate vulnerabilities that could have been used by malicious users to gain access to sensitive data. The Client was able to avoid massive security breaches due to the security implementations we put into place.
  • Customer Satisfaction: Periodic Security Testing has been conducted with minimum interruption to the Clients operations while identifying security vulnerabilities and potential risks.
  • Internal Data Security: The Client was able to prevent incidents where internal sensitive information could have been leaked. Security Brigade’s security implementation prevented possible insider-threats that would have led to massive breaches of confidential data.
  • Avoided Compliance Violation: Our Client was able to avoid and remediate vulnerabilities that would have caused serious violations of Federal Compliance and Regulatory obligations.
Copyright 2006 Security Brigade