Computer Forensics & Data Security:
Safeguarding Controlled Unclassified Information (CUI)
Good athletes know that records were made to be broken. That is why they train and constantly improve their performance.
When it comes to protecting computer systems and the sensitive data they contain, the competition is just as fierce. Furthermore, it is easy to become the target of sinister forces both outside and inside the organization. In fact, the threat from within the organization can be greater than from outside forces after one considers bad actors as well as unwitting mistakes like configuration errors, monitoring oversights, and falling for phishing or social engineering compromises.
Frankly, computer security is not just an issue of good technology. In fact, good technology will not even be effective if an organization does not have good processes that are followed by well trained personnel. Remarkably, many organizations do not even have good fundamentals, much less good technology, good processes, or well trained personnel.
In addition, computer security is no longer just a good business practice for defense contractors. Since December 2017 computer security has been a regulatory requirement as well, at least when it comes to safeguarding Controlled Unclassified Information (CUI) under DFARS 4.7300, the contract clause at DFARS 52.204-7012, and the security controls at NIST SP 800-171.
When It Really Matters CDI Founder Greg Fordham has over 30 years experience interpreting federal procurement rules and regulations like the Federal Acquisition Regulations (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) as well as having performed over 400 computer forensic projects just since 2001 on issues involving computer security and the exfiltration of company sensitive data. He is the perfect resource for helping contractors protect their sensitive computer data as well as meeting the requirements of the new DFARS requirements for safeguarding controlled unclassified information (CUI).
CDI forensic and computer security services include both proactive and reactive services. Our proactive services help contractors assess the strength of their data security policies, procedures, practices and controls for preventing, detecting and responding to data breaches, resource impairments and system compromises by both external and internal threats. In the process, we assess defense contractor compliance with the DFARS requirements for safeguarding CUI..
Having good policies, procedures, practices and controls is particularly important. They are not only essential for preventing a loss but also for ensuring that, if there is a loss, it can be detected, its scope determined and then prevail in an effort to recover damages, if available. This latter aspect can be very important, since part of prevailing in any kind of legal action can be showing that reasonable steps were taken to protect sensitive data. Perhaps more important for some is that contract awards could be withheld in situations where contractors fail to meet the new CUI requirements.
Our reactive services help contractors to assess and respond to system breaches, compromises, impairments, potential cyber incidents, and exfiltration of sensitive data. In addition, under the new DFARS requirements, contractors have certain windows within which to preserve data related to a potential cyber breach, conduct any in-house assessment of the cyber breach and to report the incident and findings to DoD. Our reactive services help contractors to comply with these reporting requirements.
Subject Matter Primers
Learn more about computer security from our article, 10 Steps to Protect Your Company from Employee Based Computer Compromise.
Learn more about intrusion and data breach analysis from our article, Four Reasons Why You Need Celestial Defense to Investigate Your Intrusion and Data Breach.
DFARS Safeguarding Controlled Unclassified Information (CUI)
Celestial Defense of Atlanta Georgia is a highly skilled and experienced provider of expert consultant computer security and computer forensic services involving
- Incident response
- Forensic Grade Imaging and preservation
- Forensic examination and analysis of servers, workstations, laptops, phones, and other storage devices and media
- File system analysis
- File activity and usage analysis
- Device system analysis
- Intrusion analysis
- Internet usage analysis and web page reconstruction
- Social media and text messaging recovery & analysis
- File deletion activity analysis and data recovery
- Compliance with organizational, contractual or regulatory requirements like DFARS 4.7300 and 52.204-7012 and NIST SP 800-171 governing the safeguarding of CUI
- Database analysis
- Software analysis
- Data security process, procedures and systems consulting
- Systems hardware design, selection, construction and installation
- Process design, implementation and integration
- Policy and procedure development
- Training and process monitoring
Typical projects involve:
- Network intrusion and data breach
- Misappropriation of sensitive data and trade secrets
- Government investigations
- Whistle blower response
- Harassment and discrimination claims
Is your computer data safe from abuse or compromise by forces inside as well as outside the organization? CDI's Data Security Survey is an introductory assessment of an organization's systems for compliance with the DFARS requirements for safeguarding Controlled Unclassified Information (CUI) and preventing, detecting and responding to data breaches, resource impairments and system compromises by both external and internal threats. <Learn More >