Download - CounterMeasures™ Risk Analysis Software
CounterMeasures™ Risk Analysis Software
www.countermeasures.com
www.alionscience.com
© Alion Science and Technology
Slide 2
• Alion is an employee-owned technology solutions company headquartered in Northern Virginia
• Five years old with 70 plus years heritage as a Illinois Institute of Technology Research Institute (IITRI) focused on support to DoD
• Alion’s revenue is $850M/year with 3800 employee owners
• Core Business Areas:• Defense Operations• Modeling & Simulation• Wireless Communication• Industrial Technology• Chemical, Biological, Nuclear & Environmental Sciences• Information Technology• Naval Architecture & Marine Engineering
Company Biography
© Alion Science and Technology
Slide 3
Decision Support Focus and Tools
• General focus – Planning, Resource management, System Stress and Risk
• Shrink wrapped to Contractor deployed and operated
• Tool Set includes:• CounterMeasures – Risk assessment and management• VI2SA (Visual Interactive Investment Strategy Analysis) -
Portfolio, investment analysis, supply chain and operational risk
• MOBSIM/Simviewer _ Transportation planning• PRAS (Predictive Readiness Assessment System)- System
stress management• Vector Suite – Crisis planning and exercise suite• CPR (Crisis Planning and response) – response management
and planning system,
• Customization of system(s) to customer environment
© Alion Science and Technology
Slide 4
CounterMeasures Pedigree
• Origin was 1985 Navy risk methodology• Initial focus was shrink wrapped product for IT
assessments• Alion/IITRI partnership dates from 1997, acquired in
2002• Antiterrorism effort initiated with TSA requested
assessment of 11 largest airports immediately after 9/11
• Domain applications include: Federal (DoD, DOE, DOS), State (NJ, WI), Local (Washington DC), schools, ports, banks, oil and chemical industry
• DHS connections - CEDAP grant program, automation of DHS’s RAMCAP methodology
• Scope of deployments - $4K to multimillion dollar enterprise deployment with oracle based desk top management at all levels (US Army)
© Alion Science and Technology
Slide 5
CounterMeasures™ Overview
© Alion Science and Technology
Slide 6
CounterMeasures™ Overview
1. System Characterization
2. Threat Identification
3. Vulnerability Identification
4. Control Analysis
5. Likelihood Determination
Role-based, context sensitive automated
survey Automated Analysis Module
7. Risk Determination
8. Control Recommendation
9. Results Documentation
6. Impact Analysis
© Alion Science and Technology
Slide 7
Case Study #1: New Jersey Treasury/State Police
Web Based Training
Custom Security Risk Assessment
Software
Custom Reporting
© Alion Science and Technology
Slide 8
Case Study #2 OUSD(I) CI&S
100% Web Deployment
Fuse DIA Threat Data
© Alion Science and Technology
Slide 9
Case Study #3 U.S. Army OPMG
Custom Methodology
Data Warehouse and Visualization
Automatically Generate DA Form 2806-1-E
© Alion Science and Technology
Slide 10
Case Study #3 U.S. Army OPMG
Filter and search results
Updated Graph
Underlying Data
© Alion Science and Technology
Slide 11
Case Study #3 U.S. Army OPMG
Multiple Graph Formats
Accompanying Legend
© Alion Science and Technology
Slide 12
Case Study #3 U.S. Army OPMG
Totals reflect results per filter
criteria
Detailed Remediation Cost
Information
© Alion Science and Technology
Slide 13
Case Study #3 U.S. Army OPMG
Interactive Geospatial Page
“Drill down” by clicking on
installation icon
© Alion Science and Technology
Slide 14
Case Study #4 TSA Air Cargo
Support recommendations for updates to regulations and
legislation
Data Warehousing/Trend Analysis
Conduct/facilitate logistics chain assessments
© Alion Science and Technology
Slide 15
Case Study #5 FDIC
IT Security/GovernanceAutomate existing organizational
report
© Alion Science and Technology
Slide 16
System Characterization
• Respondent – Who’s taking the survey?
• System environment – what are the characteristics of the system?
• What type of function does the system serve?
• Selections are tailored to the customer’s needs
• Respondent – Who’s taking the survey?
• System environment – what are the characteristics of the system?
• What type of function does the system serve?
• Selections are tailored to the customer’s needs
© Alion Science and Technology
Slide 17
Vulnerability Identification
• Survey respondent selects which assets the organization wishes to measure risk to and how valuable those assets are
• Survey respondent selects which assets the organization wishes to measure risk to and how valuable those assets are
• Vulnerabilities are associated with assets – they are inherent properties of assets
• Vulnerabilities are associated with assets – they are inherent properties of assets
© Alion Science and Technology
Slide 18
Threat Identification and Likelihood Determination
To what extent will a threat exploit a vulnerability?
How frequently does a threat manifest itself?
© Alion Science and Technology
Slide 19
Control Analysis
What countermeasures are in-place? How well has the organization implemented the countermeasures?
© Alion Science and Technology
Slide 20
Impact Analysis
What’s the organization’s posture?
© Alion Science and Technology
Slide 21
Control Recommendation
How can we improve the organization’s posture?
© Alion Science and Technology
Slide 22
Risk Determination
How much risk is my organization experiencing?
© Alion Science and Technology
Slide 23
Risk Determination
How can I measure my organization’s compliance?
© Alion Science and Technology
Slide 24
Risk Management
How do I manage the implementation of my recommendations?
© Alion Science and Technology
Slide 25
Conclusion/Questions
Caleb Jones
Alion Science and Technology
703.998.1630
www.CounterMeasures.com