With over 20 years of Information Assurance (IA) experience, Carson Associates offers full Information Assurance services to government agencies, commercial enterprises, and colleges and universities. Our team consists of IA experts with advanced degrees and technical certifications, including CISSP, CISM, CISA, CAP, QSA, LPT, and Certified Ethical Hacker. They follow best practices and the latest government guidelines from NIST, OMB, and DOD. In addition, Carson Associates is certified as a PCI Security Standards Council Qualified Security Assessor (QSA).
Our team enforces a lifecycle approach in structuring information security programs. This approach ensures your most important asset, your information, is protected, safeguarding its confidentiality, integrity, and availability. We use repeatable work processes and methodologies in conducting our security consulting work and have perfected our assessment process. Our IA services include the following areas:
Security Program Development
- Security gap analysis
- Risk management
- Policy and procedure development
- Compliance monitoring
- Security architecture planning
Certification & Accreditation / Risk Management Framework
- Security categorization
- System security plan development
- Risk assessment
- Security control assessment
- Plan of actions & milestones (POA&M) development
- Configuration management plan development
- C&A package development
Continuous Monitoring
- Security engineering
- Vulnerability assessment scanning
- Annual security control testing
- Penetration testing
- Application scanning & testing
- POA&M oversight & validation
- Social engineering
Compliance Evaluations & Audits
- FISMA compliance
- PCI compliance
- Section 522-Privacy compliance
- HIPAA compliance
- Hi-tech compliance
Business Continuity Planning
- Contingency planning
- Disaster recovery planning
- Continuity of operations planning and strategy
Incident Response
- Incident response planning
- Data analysis
- Forensics
- Investigations
Security Training
- Certification & accreditation
- Security in the SDLC
- Contingency plan development & testing
- Disaster recovery plan development & testing
- FISMA compliance
Privacy
- Policy and procedures development
- Privacy reviews
- COPPA compliance
- Section 522 – Privacy compliance