HOME
SERVICES
DIS + ARM
TEAM
CASES




DIS + ARM

If you suspect vulnerabilities, risk exposures or threat potentials with respect to any one major operating unit (or personnel) in your organization, it is highly likely that other exposures and vulnerabilities exist in other operating units as well. This is a common frailty resulting from decentralized controls in organizations. Such vulnerabilities usually indicate a broader scope of risk exposures that are often related in their fundamental nature. Essentially, the mind has no firewalls. This is true both for individuals and organizational entities. However, the mind - and organizations - have many operational and hierarchical "Chinese Walls" - inherent barriers - which tend to obscure a clear, comprehensive view of its security measures, their effectiveness and vitality.

In an entrance interview with your designated personnel, we conduct a "Socratic" dialogue that evokes this comprehensive grasp of your organizations security programs. As performed by our expert security team, this process is known as Analytical Risk Management ( ARM ). The goal of ARM is to discern and assess your organization's risk exposures and vulnerabilities, then provide decision makers with a selection of remediation solutions from which to choose, based on guidelines delineated by budget, organizational priorities and then-current security industry standards and practices. A process of incremental implementation of remediation measures and programs can also be afforded to accommodate all your organization's priority variables. In this way, ARM yields Dynamic Integrated Security ( DIS ) Solutions for all your security program needs.

All our team members, operators and experts are eminently qualified in each of their respective professional disciplines. This assures you of the highest quality assessment and remediation results, both immediate and long term, as OPSEC's team roster clearly illustrates. In keeping with the goal of effective, sustainable security programs and measures, we can also provide periodic follow up security program audits, assessments, surveys, probes, and recommend preventive, maintenance, reaction and recovery measure upgrades.

How the Team Works

OPSEC's world class security assessment, training and remediation team is composed of three primary units. The OpSec ARM Unit is composed of highly experienced and qualified operations security and intelligence experts who assess and characterize the quality and type of your organization's security practices and capabilities. The Science, Systems and Technology Unit ( STU ) conducts a similar assessment of your organization's technology environment quality and functionality with special emphasis on computers, systems, networks, inter- and intra-nets, and communication grids and practices. The Threat and Vulnerability Assessment Unit ( TVA ) likewise assesses your organization's physical security practices and capbilities. After the assessment stage, OPSEC experts then interview operations level personnel and decision makers to discern your organization's security needs, objectives, priorities and constraints. The resulting survey and recommendation information is then presented to decision makers for choices about methods, vehicles and timetables for implementation. The final result is a cogent organization- wide security plan.

A Note About Systems "Firewalls"

"Firewall" is a much maligned and misused term. In short, a firewall is any measure which seeks to protect a system from intrusion, penetration or "leaks" of information inside or about the system itself. A firewall can therefore commonly take the form of a specific element of hardware, physical cabling or security software, as only a few examples. What is not so commonly known is that your organization's information and operations security practices (InfoSec and OpSec) invariably constrain or enhance all non-human security measures combined. Human behavior embodied in sensible security practices should be counted among your organization's most valuable firewall resources.

Compounding the possible numbers of vulnerable systems targets for firewall-protection is the raw number of combinations and permutations of systems configurations... hardware platforms, components, primary software platforms and operating systems, applications software, network and intranet configurations, Internet / Web connections and configurations... each of which possesses its own idiosyncratic vulnerabilities. Each of these components, both individually and as part of the entire system, must be examined to assess their individual and collective security qualities and weaknesses, along with the manner in which your organization puts these components to routine use. Applying the same scrutiny to information and operations security practices employed by the human members of your organization assures full contextual functionality to physical and systems security measures. In this regard, virtually every security measure requires human monitoring and operating measures.

We are widely trusted to excel at training personnel in the subtle art and science of operations security in the most secure and sensitive organizations and environments in the world.