 |
| Home |
|
| About Us |
|
| Services |
|
| Management Consulting |
|
| Financial Consulting and Advisory |
|
| Information Technology Consulting |
|
| Security Assessment and Authorization |
|
| Training Services |
|
| Careers |
|
| Contact Us |
|
Management Consulting Services
SEBA provides management consulting services to government and private clients. Organizations hire the services of management consultants in order to access specialized expertise and to obtain objective advice regarding organizational issues. SEBA helps organizations by analyzing their issues and developing plans to improve their organization. SEBA assists organizations with crafting policies and procedures, Risk Analysis, Business Process Reengineering and Organizational Development.
SEBA provides a wide range of management consulting services to its clients. These services include:
- Strategic planning
- Program Management
- Project Management
- Quality Control Reviews
- Requirements definition
- Budget development and peformance information
- Communication strategy
- Program documentation
- Portfolio Managememnt
- Change Management
- Business Process Improvement
Financial Consulting and Advisory Services
SEBA understands an organization’s needs to maintain accountability and internal controls over its transactions and the increasing pressure on businesses to comply with regulatory requirements. SEBA advises clients on managing business and financial issues and its range of services include:
- Accounting Services
- Audit and Audit Support Services
- Budgeting and Budget Reviews
- Chief Financial Officers (CFO) Act Audit Support
- Cost Benefit Analysis
- Due Diligence
- Financial Statements
- Financial Management Services
- Forensic Audits
- Compliance Reviews
- Internal Controls Reviews
- IT Security and Systems Audits
- Mortgage Loan Services
- Portfolio Management
- Program and Contract Reviews
- Real Estate Advisory Services
- Office of Management and Budget (OMB) Circulars A-123, A-127, and A-130 Reviews
Information Consulting Services
SEBA ensures that an organizations’ information and intelligence is protected and accessible only to authorized individuals. SEBA provides IT Consulting services in three specific areas including:
- Cyber Security
- Information Assurance
- Penetration Testing
- Vulnerability Analysis
- Software Reverse Engineering
- Malware Analysis
- Exploit Development
- Software Development: Application and System-level
- Information Technology: Network and Software Security, and Network and System Engineering.
Security Assessment and Authorization
The Federal Information Security Management Act (FISMA) of 2002 requires that all U.S. federal agencies conduct Security Assessments and Authorization (SA&A; formerly Certification and Accreditation (C&A)) for all information systems and major applications that are put into production on U.S. government networks. SA&A involves expert security analysis and evaluation skills and a thorough understanding of the FISMA requirements.
SEBA's SA&A consultants have proven expertise in helping U.S. federal agencies comply with FISMA and improve their security posture. Whether your agency requires assistance in setting up an SA&A program, enhancing the program you have already established, certifying new information systems, or validating new SA&A packages, SEBA can help.
Many agencies understand the security of their information systems inside and out, but simply do not have the extra resources it takes to analyze, review, and document the necessary requirements for SA&A. SEBA can come on site to your facility, discuss your SA&A requirements with your Information System Security Officer and Information Owner, and work with your existing staff to help you accomplish your SA&A objectives. Our SA&A program is backed by our Common Criteria and FIPS experts who understand the type of security elements and configurations that products, applications, and information systems require for security
SEBA can prepare the following types of documents on your behalf:
- FIPS 199 Security Categorization
- Asset Inventory (hardware and software)
- System Description/Boundary Description
- Information System Contingency Plan
- Business Impact Assessment
- Configuration Management Plan
- Incident Response Plan
- Vulnerability Assessments and Reports
- System Security Plan
- SA&A Process Handbook/Standard Operating Procedures
- SA&A Document Templates
- Security Control Assessment (formerly Security Tests and Evaluations (ST&Es))
- Plan of Action & Milestones (POA&Ms)
SA&A for Federal Agencies
U.S. federal agencies are mandated by the Federal Information Security Management Act (FISMA) to understand the security risks posed to their infrastructure and to take appropriate actions to mitigate the risks. Security Assessment and Authorization (SA&A) is the process by which federal agencies examine their information technology infrastructure and develop supporting evidence necessary for security assurance accreditation.
Getting through the SA&A process can be a daunting task and many agencies require additional resources to meet their SA&A needs. In addition, there is a new emphasis on continuous monitoring of security in near real time. Even if you have enough in-house resources, it may be a conflict of interest to prepare your own SA&A Package, especially in regards to the assessment (RMF Step 4, NIST 800-37, Rev 1). SEBA's SA&A consultants have experience helping federal agencies obtain positive results. We review your existing management, operational, and technical controls and generate evidence that shows you have taken into consideration all risks, and have taken actions to mitigate those risks. We speak on your behalf and interface with the evaluators, OIG and auditors to defend the evidence.
If you believe that your information systems will not stand up to SA&A, we can advise you on what you need to do to get your information systems ready for the process. We can help you determine which security controls are missing, and which risks are in need of mitigation. In accordance with your agency's own security policies, we can help you come into compliance so that your SA&A process will be a sure success.
If your agency has not yet developed a well-defined SA&A process, we can help you develop a standardized process, and document it in a SA&A Program Handbook. If you have a handbook, we can help you develop templates to accompany your handbook.
Prepare SA&A and Package
SEBA is available to help you prepare Certification Packages. As part of our Certification preparation service, we can help you understand what SA&A entails for your information system(s) at and how to define your accreditation boundaries. Our experienced SA&A consultants have proven expertise in assisting large federal agencies in improving their overall security posture and in developing compliant documentation. We can help you defend your package to the evaluators and advise you on how to get through the evaluation process.
Summary of SEBA’S Package preparation services:
- Prepare an asset inventory for your SA&A package
- Put together required SA&A documents for systems and applications
- System Description/Boundary Description
- Work with the evaluation team to ensure full Accreditation
- Update existing SA&A packages for re-certification
- Assemble the final packages
- Develop security requirements for your information systems
- Create security policies and procedures required for SA&A
SEBA provides training designed to meet your organization’s goals and objectives. We provide standard courses on internal controls, organizational development and project management. We also custom-design courses to address the specific needs of your organization. Our course facilitators have several years of industry experience and are able to deliver courses in a manner that equips the participants with the knowledge and skills they need to improve their organizations. Our courses cover the following topics:
- Federal Government Accounting
- Internal Controls
- Project Management
- Conflict Resolution
- Team Building
- Communication
- Customer Service
- Leadership Training