Security Services

BD Pro recognizes that security and risk management should be more than an add-on, but an integral component of our clients’ enterprise-level business and operations success over the life cycles of their system and infrastructure investments. BD Pro Inc. provides expert level assistance to government and private sector clients in the following security and risk management areas:

  • Security Project Management –
    • System security requirements definition and options analysis;
    • Quality assurance (QA) and Independent verification and validation (IV&V) over the security system development lifecycle (SDLC);
    • Security Systems Engineering (SSE) which includes providing security advice for application systems under development;
  • Integrated Risk Management –
    • Critical asset sensitivity analysis and documentation of Statements of Sensitivity (SoS);
    • Threat and Risk Assessments (TRAs) of enterprises, IT facilities, application systems and communications;
    • Privacy Impact Assessments (PIAs);
    • Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP);
    • Security Certification and Accreditation (C&A);
    • Security Audits and Reviews. These services include conducting pre-audits and compliance inspections of Information Technology facilities, operations, physical security, application systems and infrastructure;
    • Security compliance action planning and assistance in remediation of identified risks and vulnerabilities;
    • Security Incident Response services. These services include investigating security incidents and reporting causes and related weaknesses and recommending remedies;
    • Technical Surveillance Countermeasures (TSCM). These services include systematic physical and electronic examinations  to identify electronic eavesdropping devices, security hazards or security weaknesses;
  • Enterprise Security Framework development which includes –
    • Governance in support of Information Technology Security programs;
    • Designing security frameworks and implementing the security components of Information Technology infrastructure required to protect business critical assets and to support application systems;
    • Enterprise Security Documentation Services. This includes developing Information Technology security policies, standards, guidelines and procedures; and reviewing existing security policies, standards, guidelines and procedures and providing advice as to their appropriateness and effectiveness;
    • Developing and delivering Information Technology Security awareness and training programs;
  • Public Key Infrastructure (PKI) design, policy, implementation, operations, cross-certification and compliance inspection services.