The value of an organization lies within its information — its security is critical for mission operations, as well as retaining credibility and earning the trust of its users. To that end, ITC maintains a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. These Information Security (Infosec) responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage.
ITC’s Infosec programs are built around the core objectives of maintaining the confidentiality, integrity and availability of IT systems and data. These objectives ensure that sensitive information is only disclosed to authorized parties (confidentiality), prevent unauthorized modification of data (integrity) and guarantee the data can be accessed by authorized parties when requested (availability). Finally, ITC conducts risk management to continuously assess vulnerabilities and threats to information assets, and to design and implement the most appropriate protective controls.
ITC’s information security services include the following capabilities
- Assessment and Authorization (A&A)
- Certification and Accreditation (C&A)
- Information Assurance
- Continuous Monitoring
- Risk Management
- Security Controls
- Access Controls
- Defense In-Depth
- Network Security
- Security Information and Event Management (SIEM)