CAPABILITIES

The staff at 3fold Solutions has experience with COMSATCOM systems, global cloud / virtual, IT infrastructures, data centers, and software development lifecycle environments in life sciences / healthcare, software, service, finance, technology, communications, manufacturing, travel, Federal / DoD / military, and other industries.

Our capabilities include:

Performance of security compliance assessments of products, Information Security Management Systems, and cloud platforms, including full traceability from requirement to security control, technical, procedural, personnel, and physical control testing / auditing, false positive analysis, detailed gap reporting and formalized risk assessment, and identification of mitigation and remediation activities. This includes DIACAP, RMF, FedRAMP, FISMA, NIST, ISO, PCI-DSS, NERC-CIP, FIPS 140-2, HIPAA, and many other acronyms.

Development, maintenance and publishing of security policies, standards and guidelines for technology, people, and process to ensure the confidentiality, integrity, availability of data, information, and systems. This includes all policies required for the above compliance assessments.

Design and improvement upon security architecture initiatives based on structured security architecture frameworks such as COBIT, ITIL, ISO, TOGAF, and NIST CSF.

Cybersecurity maturity assessments and independent review of cybersecurity programs. 

Coordination with accreditation boards, advisory bodies, information security communities, and Federal agencies to maintain awareness of emerging threats, technology, and threat intelligence.

Development of incident response plans, disaster recovery plans, and business continuity plans based on threat analyses, theoretical risk assessments, and critical business function identification.

Performance of Business Impact Analyses to determine critical assets, information, and processes to form the foundation of data classification and subsequent protection levels for each category.

Coordination with leadership and board to align cybersecurity with business outcomes, executive-level presentation to communicate security issues at the right level, and to establish appropriate security risk management function.