CyberspaCe seCurityProtecting Your Valuable Information
so
lu
tio
n
1
CyberspaCe seCurity solutionsIn our increasingly competitive world, secure, reliable data access is
more urgent than ever. But increased access comes with increased
risk. The proliferation of e-commerce and the growth of the Internet
have been accompanied by dramatic increases in unauthorized
intrusion and network misuse. Federal agencies and businesses
are responding by prioritizing electronic security and creating or
accelerating security technology programs. However, technology
alone cannot prevent cyber attacks — a multifaceted solution that
assures data security without interrupting critical data flow is needed.
Intergraph has the dedicated, certified resources, and experience
to offer you a proven, comprehensive cyberspace security solution
that will help protect your systems, network resources, and mission-
critical data.
2
How secure is your data?Continuing research by the FBI and other law
enforcement agencies confirms that informa-
tion security breaches and computer crimes
continue to rise and the financial toll continues to
mount. Highly publicized breaches of Personally
Identifiable Information (PII), malware intrusions,
and overt cyber attacks, including cyber attacks by
terrorist hackers, are just the tip of the iceberg.
In fact, in 2009 the Identity Theft Resource
Center (ITRC) reported that the business sector
experienced 41 percent of all publicly reported
information security breaches. The number of
reported breaches in the first half of 2008 was
up 69 percent. The Internet Crime Complaint
Center (IC³) stated that from January 1, 2009
through December 31, 2009, its website received
336,655 complaint submissions, a 22.3 percent
increase over 2008’s 275,284 complaint submis-
sions. Financial losses linked to these complaints
exceeded $559 million, more than double the
losses reported in 2008.
In 2005, the highest likely sources of cyber attack
were viruses unleashed by independent hackers
(almost 75 percent) and insider abuse of network
access (almost 50 percent). In 2008, reported virus
infections had declined, but unauthorized access
by outsiders continued to rise, with 2008 levels
four times those of 2000. Whether from a virus
writer in a far-off country or a disgruntled employee
in your own organization, an attack on your
information infrastructure could cost millions in lost
sales, customers, trade secrets, and productivity.
To respond to these alarming trends in cyber
crime, businesses and U.S. government
organizations must develop plans to protect
their information infrastructure from cyber ter-
rorism. Cyberspace security surveys indicate
that performing risk assessments makes an
organization four times more likely to detect
identity theft. Government mandates, such as the
Health Insurance Portability and Accountability
Act (HIPAA) for the healthcare industry, the
Gramm-Leach-Bliley Act (GLBA) for the finan-
cial services industry, and the Department of
Defense Information Assurance Certification and
Accreditation Process (DIACAP), call for minimum
levels of security required to protect the privacy of
consumers and U.S. citizens.
Unfortunately, many organizations don’t know
where to begin, and those that do lack resources,
time, technical expertise, and the required knowl-
edge of information technology and security. With
our strong industry partnerships and our broad
experience in systems integration, development,
testing, training, and networking, Intergraph is
uniquely suited to help you meet your information
assurance (IA) needs.
i/secure life-Cycle iA supportComputer systems and networks face constant
and increasingly sophisticated attempts to
access data, whether from disgruntled employ-
ees, hackers, or domestic and foreign terrorists.
Until recently, most organizations have viewed
network security as a single event or series of
discrete steps taken on demand to counter
known events. However, in the face of increased
threat levels, a more consistent and vigilant
methodology is required.
3
Intergraph’s I/Secure methodology approaches
security as a continuous life cycle of process
improvements. Rather than taking isolated steps,
Intergraph supports local security organizations
in building an integrated, comprehensive process
that is guaranteed to increase security both
immediately and in the future. Intergraph also
provides standalone, focused IA offerings such as
risk and physical security assessments, DIACAP,
or Certifi cate of Networthiness (CoN) certifi ca-
tions and accreditations, policy development and
implementation, and privacy workshops to help
organizations take the steps needed to secure
their valuable information.
risk reviewSince networks frequently add new equipment,
content, and users, you must regularly identify
assets, assign value, and assess liabilities. You
must consider questions such as:
•What data do you possess that is of value to
you and others?
•Who would you consider to be unauthor-
ized users?
•How might these unauthorized users exploit
your systems and networks?
•What are the potential consequences and
costs of a security breach?
•What types of protection will reduce risks to
an acceptable level?
Intergraph helps establish procedures for
conducting investigations and supports you in
assessing threat information, developing priorities,
and working with team leaders to reduce risks.
We review your network and system architecture
and make recommendations for improvements.
a CyCle For seCurity
We offer Cyberspace Security solutions
that meet your precise needs, regardless of
the size of your organization. We approach
cyber security as a life cycle of continuous
improvements to system and network
security including risk review, policy
development, solution implementation,
administrative support, and accreditation.
4
Any organization using Web-based or information
technologies will benefit from our support.
PolicyEvery business and government organization
has policies, procedures, advisories, standards,
mandates, and regulations that address a range
of security issues. Intergraph helps you review
these documents, eliminate redundancy, and
identify requirements for physical security, accept-
able Internet use, messaging, network tools, and
computer viruses. We’ll help you define preven-
tion, monitoring, and reaction procedures and
plan policy education. By assigning responsibili-
ties, you can ensure all policies and advisories are
appropriately incorporated and enforced. Through
continual review, you can simplify the dynamic
policy development process.
implementationSelecting technology tools is no easy task given
the breadth of products available and the evolving
capabilities needed to keep pace with changes in
network speed and technologies. With broad expe-
rience in a wide array of multiplatform products and
systems, Intergraph helps you evaluate available
technologies such as databases, servers, network
devices, intrusion detection systems, Internet
scanners and firewalls, and detection software. We
integrate and implement the infrastructure you need
to meet your precise security needs.
An important step in implementing an IA program
is to create a local response team that can deal
firsthand with system security issues and coor-
dinate with regional or divisional organizations.
Intergraph has extensive experience in estab-
lishing response team capability, with specific
knowledge of how to approach network/system
intrusion response. Intergraph also supports
the implementation of management, response,
mitigation, and reporting processes. We’ll help
you develop monitoring functions and implement
daily, weekly, monthly, and quarterly tasks, as well
as support metrics. With our help, you can bal-
ance your operational and security needs within
realistic budgetary constraints.
AdministrationOnce your security procedures are in place,
Intergraph can support daily on-site administra-
tion to minimize risk. Using our proven systems
engineering methodology, we help you manage
the security process, objectively review results,
and update your procedures and policies. We
conduct training to educate users about accept-
able use, introduce new procedures and policies,
and increase security awareness.
We can also assist your IA officer in enforcing
procedures, conducting incident investigations,
and preparing reports for upper management or
DoD submission. If an incident occurs, we help
you minimize the impact of service disruption
and information theft or loss for quick recovery.
Responding systematically with our solution, you
can dramatically reduce the risk of recurrence.
AuditSuccessful security systems must be tested.
That’s why Intergraph helps you with assessing the
vulnerability of your system through intense penetra-
tion testing using the latest hacking methods. We
participate in certification testing of all information
systems due for accreditation or reaccreditation. We
help you establish accreditation criteria and evalua-
tion/certification processes and maintain a database
of accreditation status and schedules.
5
u.s. army records management and declassification agencyIntergraph currently supports the Records
Management and Declassification Agency (RMDA)
Army Records Information Management System-II
(ARIMS-II) Project with DIACAP package prepara-
tion and sustainment that includes implementing
and validating assigned IA controls. Intergraph’s
Cyber Security team performs validation to check
compliance against required IA controls for a
Classified MAC III system and provides results
to the RMDA. ARIMS-II is designed to provide
enhanced capabilities for authorized users to cre-
ate, maintain, transfer, locate, and retrieve official
Army records, to include tracking documents
stored in Army Records Holding Areas (RHAs)
and in the Army Electronic Archive (AEA). Our
Web-based toolset helps the action officer, records
coordinator, records manager, records holding
area manager, and records administrator ensure
that the Army’s long-term and permanent records
are kept in compliance with the law and that those
records are securely stored and retrievable only by
authorized personnel.
u.s. army corPs of engineersIntergraph has provided support for the U.S.
Army Corps of Engineers (USACE) IA program.
This support includes security risk reviews,
security policy development, audits, DISA
STIG compliance, and DIACAP compliance
and documentation. The USACE Real Estate
Systems National Center (RESNC) Real Estate
Management Information System (REMIS)
application is now certified in the Corps of
Get the Most FroM your budGet
In today’s environment of decreased funding
and increased threat, you need the best
cyber security solution for your dollar. Make
sure to get the most from your budget with
a security process that will last well into the
future. Add Intergraph’s expertise to your
team today.
Proven SolutIonthe following is a list of recent Intergraph
Cyber Security customers in the area of It
Security Assessments:
•Athens Limestone
Hospital
•Lockheed Martin
Svc, Inc.
•Centers for Disease
Control
•Children’s Health
System
•Computer
Associates
•COSMIC
•Cryptek, Inc.
• Intergraph Australia
• Intergraph PPM
•NAVAIR JTDI
•New York City
•Palladia Systems, Inc.
•Publix Employees
FCU
•UAB Health System
•Yuma Proving
Grounds
•EDS - Herndon
• Intergraph Canada
•State of Alabama
•NAVICP-Mech
•Omega
•USA AMCOM
•PEI Electronics,
Inc. (DRS)
•Westar
•William Penn
School District
6
Engineers Enterprise Infrastructure Services
(CEEIS) infrastructure, now known as the Army
Corps of Engineers-Information Technology
(ACE-IT) infrastructure.
ACE-IT provides the data backbone for USACE
offices, supporting 70 division and district loca-
tions and more than 39,000 users, including
USACE, military, contractor, and civilian users.
Intergraph helps identify network and system
vulnerabilities and recommends cost-effective
countermeasures that reduce risk. Our risk
assessment document, summarizing the com-
prehensive assessment we conducted on the
Central and Western Processing Centers, was
used in system certification and the final System
Security Authorization Agreement (SSAA).
Intergraph’s Cyber Security Group also provided
RESNC with IA support for the Homeowners
Assistance Program Management Information
System (HAPMIS) and Real Estate Corporate
Information System (RECIS) applications,
both of which have achieved Certificates of
Networthiness (CON).
The USACE Finance Center Directorate
of Financial Systems Development and
Maintenance, located in Huntsville, Alabama,
also partnered with Intergraph to identify current
and potential threats and existing vulnerabilities.
The Finance Center supports and maintains
the USACE financial data system and serves
approximately 60 locations. Intergraph devel-
oped and performed testing and assisted with
SSAA documentation.
Jtdi ProgramIntergraph provided lead DIACAP support
services for the Joint Technical Data Integration
(JTDI) Program Management Office. The JTDI
System is a Web-enabled primary delivery
management system with backup capability
that automatically delivers updated technical,
supply, and maintenance information to aviation
and ground organizations ashore, afloat, at fixed
bases, and at deployed locations. It is a joint,
multiservice program led by NAVAIR that sup-
ports maintenance elements within the Army,
Navy, Air Force, Marines, and Coast Guard. The
system provides an integrated environment in
which digital technical data, training data, and
maintenance expertise is readily available as
knowledge for the warfighter.
nfsa ProgramIntergraph provides lead DIACAP support and
Information Assurance Vulnerability Management
(IAVM) services for the Joint U.S. Navy and
U.S. Marine Corps NAVAIR Fleet System Array
Application Host System (NFSA). NFSA is a collec-
tion of general-purpose, rack-mounted hardware
components and software applications designed as
a self-contained system that reduces the number of
connections to operational site network backbones.
NFSA provides the hardware and support software
and services for the hosted applications OOMA,
JKCS, AIRSpeed, and ASM. These mission-critical
applications either directly or indirectly support flight
safety, reduce aviation maintenance turnaround
time, increase asset availability and capability, and
maintain the Navy and Marine Corps aviation capa-
bility structure. NFSA operational sites include Navy
ships (CV, CVN, LHA, and LHD), Naval Air Stations,
Navy and Marine Corps aircraft squadrons, MALS
Vans, and selected shore sites.
7
Publix emPloyees federal credit unionIntergraph assessed the vulnerability of the
Publix Employees Federal Credit Union (PEFCU)
headquarters in Lakeland, Florida, focusing
specifically on PEFCU’s compliance with federal
regulations, such as the Gramm-Leach-Bliley Act.
Intergraph identified the risks and implemented a
suite of security solutions to fit PEFCU’s security
requirements. Intergraph also assisted with the
development of a complete set of security policies
and procedures, a security profile, and an internal
security team. Now PEFCU has a blended, multi-
vendor security solution that complies with federal
regulations for information security.
norfolk navy Public works centerThe Norfolk Navy Public Works Center (PWC) is
the first and largest of nine Navy PWCs and
provides facilities management, transportation,
engineering, utilities, and environmental support
to all sites in the Navy’s mid-Atlantic region.
Intergraph conducted a risk and policy assess-
ment that identified and discussed PWC’s existing
IA/security policies and procedures, performed
security tests on all identified systems to ensure
that security features designed into the system
perform exactly as required, and assisted in the
development of SSAA documentation. As a result
of this team effort, Norfolk PWC is well on its way
to ensuring that its systems and the data residing
on them are secure.
I’ve been really impressed by the work done by Intergraph. Their knowledge and professionalism has been refreshing compared to other vendors we’ve worked with in the past. I would definitely recommend Intergraph to other companies seeking to outsource and hope to use them for future projects.
Karen Sullivan, Director of Information Technology Publix Employees Federal Credit Union
“
“There is so much more illegal and unauthorized activity going on in cyberspace than corporations admit to their clients, stockholders, and business partners or report to law enforcement. Incidents are widespread, costly, and commonplace.
Patrice Rapalus, Director Computer Security Institute
“
“
9
about interGraphIntergraph is the leading global provider of engineering and geospatial
software that enables customers to visualize complex data. Businesses
and governments in more than 60 countries rely on Intergraph’s industry-
specific software to organize vast amounts of data into understandable
visual representations and actionable intelligence. Intergraph’s software
and services empower customers to build and operate more efficient
plants and ships, create intelligent maps, and protect critical infrastruc-
ture and millions of people around the world.
Intergraph operates through two divisions: Process, Power & Marine
(PP&M) and Security, Government & Infrastructure (SG&I). Intergraph
PP&M provides enterprise engineering software for the design, constru-
ction, and operation of plants, ships, and offshore facilities. Intergraph
SG&I provides geospatially powered solutions to the defense and
intelligence, public safety and security, government, transportation,
photogrammetry, utilities, and communications industries.
For more information, visit www.intergraph.com.
www.intergraph.com
intergraph and the intergraph logo are registered
trademarks of intergraph Corporation. other
brands and product names are trademarks of
their respective owners. ©2010 intergraph
Corporation. 8/10 DFi-us-0033B-EnG