SDV INTERNATIONAL enables clients to protect information systems and data, provides expert cybersecurity solutions, and supplies intelligence monitoring and analysis. SDV INTERNATIONAL’s staff includes cleared and credentialed subject matter experts in penetration testing, information assurance, signals intelligence, and full-spectrum computer network operations. We enable both private and public sector clients mitigate the risk and impact of cyber attack. Drawing on our cutting edge expertise gleaned from supporting global organizations, our staff crafts realistic and effective strategies for dealing with the modern cyber threat.
From our on site workforce to our top corporate leadership, we know how to manage security programs. For example, SDV INTERNATIONAL's President, holds a Master of Science degree in Cybersecurity, and is a Certified Information Systems Security Professional (CISSP), a Certified Project Management Professional (PMP), and DoD Information Assurance Technical Level III Certified (IAT-III) and Information Assurance Management Level III Certified (IAM-III). Our team's expertise includes, but is not limited to research and projects in:
Cyberspace and Cybersecurity - cyber architecture, cyber services, protocols, algorithms, hardware components, software components, programming languages, various cybersecurity mechanisms, business continuity planning, security management practices, security architecture, operations security, physical security, cyber terrorism, and national security.
Prevention and Protection Strategies - prevention of cyber-attacks, including countermeasures based in training, encryption, virtual private networks, policies, practices, access controls, secure systems development, software assurance arguments, verification and validation, firewall architectures, anti-virus, patching practices, personnel security practices, and physical security practices. We also have extensive experience with business continuity plans and disaster recovery plans (BCP, DRP), including strategies for large-scale prevention, including critical infrastructure protection, international collaboration and law enforcement.
Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing - intrusion detection and prevention in cyberspace, including network security, monitoring, auditing, intrusion detection, intrusion prevention, and ethical penetration testing. Developmental applications have included Intrusion Detection Systems (IDS), rule creation and application, penetration strategies, and continuous monitoring strategies.
Digital Forensics and Cyber Crime Investigation - computer forensics, network forensics, cell phone forensics, and other types of digital forensics, with focus on identification, collection, acquisition, authentication, preservation, examination, analysis, and presentation of evidence for prosecution/defense purposes.
Cyber Event Modeling and Simulation - developing, leading, and implementing effective enterprise-level and national-level cybersecurity programs, with focus on establishing programs that combine technological, policy, training, auditing, personnel, and physical elements. Modeling and simulation research and exercises include challenges within specific industries (e.g., power grid, health, banking, finance, and manufacturing). Modeling and simulation research and exercises include intense focus on architecture, risk management, vulnerability assessment, threat analysis, crisis management, security architecture, security models, security policy development and implementation, security compliance, information privacy, identity management, incident response, disaster recovery, and business continuity planning. (Related Terms include: Cybersecurity Modeling and Simulation, CyberWar Games, Red Team, Blue Team, and Orange Team.)
Penetration Testing and Analysis - Our evaluations staff will conduct active analysis of the security of web applications, client computer systems, and networks in order to identify potential vulnerabilities. Following these tests, which are designed in detail with the client to ensure trust and strong communications, SDV INTERNATIONAL will fold the results of the evaluations into a robust risk analysis package.
Cybersecurity Consulting and Training - These services include, but are not limited to, information assurance and cyber defense (applied and active). Our consultants assess vulnerabilities based on proven risk analysis models. Our recommended countermeasures can be implemented through training programs that cater to various roles and levels of professional expertise, from flag officers and CEOs, to downrange tactical teams and other operations professionals.
OSINT Monitoring and Countermeasures Targeting - As part of our risk analysis, SDV INTERNATIONAL formulates targeting matrices tailored to our client organization to sketch and follow possible threats via analysis of real-time monitoring of threat streams.
Logical & Physical Access Controls - As organizations move quickly to adopt PKI-based integrated physical access control systems [PACS], there is a critical need for integrators and consultants to demonstrate expertise in designing and overseeing the implementation of these environments. Securing public and private sector facilities requires robust identity credentials that are both resistant to fraud and meet the standards of an official certification process. SDV INTERNATIONAL can help your organization leverage PKI-based identity credentials to reduce the total cost of securing facilities while delivering the efficiency and protection of an integrated approach to physical access control. Our trusted PACS services will enable you to extend investments in PKI for logical access to existing and planned PACS infrastructure, and harmonize the integrity and security of facilities with your cybersecurity programs. We support all products from the CertiPath Approved Products List, as well as other DoD suppliers.
Our experts place a strong emphasis on Cybersecurity, and incorporate a NIST standards and guidelines into our projects. We support many enclaves, and are known for success in the following areas:
- Developing System Security Plans (SSP), from inception to ATO/IATO. Developing gap analyses and plans of action and milestones to prepare commercial systems for entry to government capability and GRC (i.e. FISMA compliance).
- Providing support to migrate from DIACAP to RMF, including crosswalk strategies.
- Supporting DISA eMASS, providing visibility into authorization packages, wizard functions, linear workflows and approvals.
- Implementing STIGs for various products, using DISA STIG Viewer, ConfigOS STIG remediation for Redhat Linux, Windows, etc.
- Providing support with Governance, Risk and Compliance (GRC) tools to meet the following compliance and configuration auditing requirements: PCI, HIPAA/HITECH, NERC, FISMA, GLBA, SOX, CERT, CIS, COBIT/ITIL, DISA STIGS and NIST.
- Utilizing Security Content Automation Protocol (SCAP), the NIST methodology used to evaluate vulnerability management, measurement, and policy compliance of security software solutions and NIST requirements to: define settings (XCCDF); evaluate targets (OVAL); determine whether targets are applicable for a (CPE); examine Common Vulnerabilities and Exposures (CVE); examine Common Configuration Enumeration (CCE); generate standardized reports (ARF); utilize Common Vulnerability Scoring System (CVSS); and utilize the Trust Model for Security Automation Data (TMSAD) to describe a common trust model that can be applied to specifications within the security automation domain.
- Deploying Tenable Nessus Cloud, Nessus Manager and Nessus Professional for asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery, and vulnerability analysis, including strategic Agent-based scanning of online and offline devices.
- Supporting Tenable Security Center (NIST SCAP 1.2 compatible) to consolidate and evaluate vulnerability data across organizations, prioritizing security risks and providing a clear view of security posture. Developing customized dashboards and reports, and Assurance Report Cards (ARCs) to visualize, measure and analyze the effectiveness of security programs for Governance, Risk and Compliance (GRC). Communicate ARCs and other Score Cards to top organizational leadership and technical staff.
- Supporting Tenable SecurityCenter Continuous View (SecurityCenter CV) to collect data from multiple sensors to provide advanced analysis of vulnerability, threat, network traffic and event information and deliver a continuous view of IT security across your environment, generating information needed to continuously adapt and improve security posture to protect organizations.
If you need support from experts who have earned a reputation as skillful, dedicated and trustworthy partners, go ahead and call us today.