Information Security & Risk Management

What can I do to prevent a cybersecurity breach? How do I ensure my information is secure, let alone work toward a mature security posture?


Security with a business focus

Our approach begins with your business, takes a holistic risk-based approach to management of information security and protection against cybersecurity threats. We focus on establishing a sound security posture while reducing the cost of containment.

Our services support business processes to enable the alignment of business with IT. Our management and technology consultants address the complexity of this area while balancing security with business needs and overall compliance. Our processes analyze threats, vulnerabilities and impact to determine important risk factors, then identify cost-effective mitigation strategies and establish ways to monitor ongoing progress.





Information Security Program
  • Strategy and Enterprise Strategic Alignment
  • Security Roadmap
  • Governance Framework and Structure
  • Policies, Standards, Processes, Procedures and Guidelines
  • Security Architecture
  • Security Roles and Responsibilities
  • Security Awareness and Training
  • System and Data Classification and Criticality Analysis
  • Security Program Management
Risk Management
  • Risk Management Framework and Program Development
  • Security Maturity Assessment
  • Business Impact Analysis (BIA)
  • Risk Assessment (RA)
  • Vulnerability Assessment
  • Penetration Testing
  • Business Resilience/Continuity Planning
  • Disaster Avoidance/Recovery Planning
  • Incident Management Program Development
  • IT Security Audit
  • HIPAA Privacy, Security and Omnibus Rules
  • HITRUST Self-Assessment Guidance
  • Commonwealth of Virginia IT Security Policy (SEC519)
  • Commonwealth of Virginia IT Security Standards (SEC501)
  • Commonwealth of Virginia IT Audit Standard (SEC502)
  • Commonwealth of Virginia Hosted Environment Security Standards (SEC525)
  • National Institute of Standards and Technology (NIST) Computer Security (800-53)
  • Industry Specific “Best Practices”
  • Reports and Metrics Guidance
  • Compliance Assurance
We Gave the DMV a Security Tune-Up
View Case Study
Past Performance

Virginia Department of Social Services (VDSS)

  • Re-authorization to operate (ATO) with the Centers for Medicare & Medicaid Services (CMS) federal system
  • Security Controls and Privacy assessment using the CMS Framework & Procedures and the Minimum Acceptable Risk Standards for Exchanges (MARS-E)
  • Provided plan of actions & milestones (POAM)
  • Provided traceability matrix linking compliance requirements to the plan of actions & milestones (POAM)

Virginia Department of Health (VDH)

  • Conducted a Business Impact Analysis (BIA)
  • Conducted an enterprise Risk Assessment (RA) of common controls

Virginia Information Technologies Agency (VITA)

  • Facilitated development of statewide IT Security Policies and Procedures based on the NIST 800-53 Risk Management Framework.
  • Provided a common set of IT Security standards and associated Policies and Procedures for Executive Branch departments and agencies across the Commonwealth of Virginia

Virginia Department of Education (VDOE)

  • Conducted an IT Application Audit assessing the effectiveness of the IT security controls and compliance with COV Security Policy (SEC519-00) and Standards (SEC501-07.1)
  • Provided a report on compliance and recommendations of remediation of identified compliance issues.
Industry-Leading Expertise


  • DoD Cleared & Experienced Staff
  • DoD 8570 Certifications
  • IT System Risk Assessment
  • IS Policy & Procedures Development
  • Independent Verification & Validation
  • Security Assessment & Authorization
  • Enterprise Security Architecture Design


  • Certified Information Systems Security Professionals (CISSP)
  • Certified Information Systems Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified Internal Auditor (CIA)
  • Certified Public Accountant (CPA)
  • Certified in Risk and Information System Controls (CRISC)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Ethical Hacker (CEH)
  • Project Manager Professional (PMP)

Company information

  • SEAPORT-e – N00178-14-R-4000
  • DUNS – 796778046
  • SAM CAGE code – 4YKK2
  • SWAM – 660781
  • Certified State of Virginia Small Business
  • Certified B Corporation
  • Virginia Benefit Corporation
  • NAICS codes:
  • 541519
  • 541511
  • 541613