IS Operations and Business Resilience

SteelToad understands the importance of having a plan for Information Systems Operations, a specialization of risk management that focuses on dealing with significant disruptions to normal operations. By preparing and planning business systems, people and resources for disruptions in operations, the company or agency can mitigate disruptions, so that a minimum critical level of operations can continue. Continuity planning includes identifying minimum essential functions and resources, along with acceptable time limits for restoration of operations. 

Asset Security and Control

It is important to manage the security and control of every asset, and to have process to correlate this understand the data, and to ensure adherence to the security requirements within the agency.

Database and Application Security

We provide database management and data migrations for on-premise Oracle and SQL Server to cloud database services in Azure and AWS that protects the organization’s data, prevents legal and compliance risk, and keeps data=driven applications performing at their best.  This includes performance monitoring and tuning, storage and capacity planning, backup and recovery, data archiving, data partitioning, replication, masking and retirement.

Protection of Data Assets

SteelToad ensures that the organization understands, maps, inventories, secures and controls its data flows through business processes throughout the data lifecycle form creation or acquisition to retirement.  Data lifecycle management enables better risk management and supports data quality improvements, particularly in situations involving large data volumes or high velocity of data movement and complex and interdependent processes that share data. 

We ensure security runs through the data lifecycle, from the creation of data assets through their useful life in the business and eventual archiving or destruction.  The organization will benefit from defining data usage and dependencies across business processes for data that are either critical for an important business function or are needed by multiple business processes.  

  • Securing the data lifecycle includes the following: 
    • Business direction (data requirements, creation and acquisition)
    • Development (architecture and design)
    • Implementation (physical architecture)
    • Deployment (insertion into the operational environment)
    • Operations (data transformations, usage, performance, and maintenance)
    • Retirement (decommissioning and archiving)

Security Incident Management

There must be a plan to address security incidents as they occur, to be prepared to resolve, and just as important, to prevent the occurrence.  It is important to identify and analyze the incidents and related data, and to understand the plan for initiating specific actions to address these incidents immediately. Monitoring incident status, identifying breaches of availability, and reliability, identifying threshold breaches and analyzing underlying causes and problems of incidents are all important and necessary parts of security incident management. 

Risk Management

Our goal is for clients to understand and avoid the cybersecurity risk to organizational operations, assets and individuals.  Risks may include operational downtime, loss of functions or damaged reputation.  Risk and opportunity management is a continuous, forward-looking process which includes identifying and mitigating potential negative impacts blocking the pat for meeting objectives.  It is also a way to identify and leverage procedures that exist and bring about improved performance.  By working with stakeholders, and identifying risks or opportunities early, before dedicating resources to address these risks or opportunities, we can assist in determining which are worth pursuing, considering timeliness, significance or consequences, chance of the situation occurring and the source of the risk (technical, internal, non-technical). 

Penetration Testing

SteelToad’s HVACS Cybersecurity GSA schedule provides Pen Testing that analyzes enterprise computer network defense policies and configurations.  We evaluate compliance with regulations and enterprise directives to ultimately assist with the selection of security controls to mitigate risk.