SEI bridges the gap between Cyber-Security and Information Assurance research and education and performing real-world security risk assessments and remediation steps.  SEI designs, implements, and audits layered security solutions for Fortune 1000, Government, Healthcare, and small to medium sized businesses.  Our approach for performing security risk assessments are based on the achieving the security and privacy requirements as defined by the recent U.S. compliance law.  We incorporate best practices and utilize NIST SP800-Series standards, methodologies and approaches for performing risk assessments and security assessments for today’s IT infrastructures and IP-based network environments. 

These NIST standards and methodologies include but are not limited to:

• NIST SP800-30 Risk management Guide for Information Technology Systems, July 2002

• NIST SP800-53 (Rev 2) Recommended Security Controls for Federal Information Systems, December 2007

• NIST SP800-37 Guide for the Security Certification and Accreditation of Federal Information Systems, May, 2004

• Federal Information Processing Standards (FIPS) 199

Security Risk Assessment Consulting Services

Today, SEI provides the following IT security consulting and professional services for small, medium, and enterprise environments:

• Internal & External Vulnerability Security Assessments & Network Penetration Testing

• Compliance Audits and Security Risk Assessments (HIPAA, GLBA, FERPA, PCI DSS, SOX/SAS70)

• Network Security & Internet Ingress/Egress Security Assessments (ISO17799, NIST 800-Series, etc.)

• Pre & Post Implementation of VoIP & SIP (Unified Communications) Network and Security Assessments

• IT Infrastructure Security Architecture & Framework Assessment (Policies, Standards, Procedures, and Guidelines, CoBIT, GATE, etc.)

• Risk Management & Security Incident Response Team Services

• Business Continuity & Disaster Recovery Planning Services

SEI typically starts with an examination of what compliance laws or other security mandates or requirements are required of the organization from a security and privacy perspective.  We then ask our clients for any documented security and privacy policies and procedures as a starting point for what security controls may already be in place.  This is typically followed by a gap analysis of what is mandated by the compliance law regarding security and privacy requirements.  Then we align the gap analysis to the 7-Domains of a Typical IT Infrastructure as shown below.  Any weaknesses or gaps that are identified throughout the 7-Domains of a Typical IT Infrastructure are then mitigated with specific recommendations for each of these domains.  This forms the basis for a layered, security solution that encompasses the entire IT infrastructure.

7-Domains of a Typical IT Infrastructure

Education, Training, & Workforce Development Services

SEI provides curriculum, courseware, and experiential learning skills-set readiness, hands-on lab consulting and professional services for programs used in higher-education curriculums and adult continuing education programs.  SEI is a Value Added Reseller (VAR) for Jones & Bartlett Learning’s ISSA curriculum where we have customized the following adult continuing education programs for either an online, self-study or online, instructor led training program with a live, virtual instructor:

• Security+ Professional Certification Readiness Workshop

• SSCP® Professional Certification Readiness Workshop

• CISSP® Professional Certification Readiness Workshop

• NSA 4011 Information Systems Security Standard Certification Workshop

• NSA 4013-Advanced System Administrator Certification Workshop

SEI has specific experience working with local community colleges, nationwide colleges and universities, and state and local governments to bridge the gap between education, professional certification, skills-set readiness hands-on experience, and job placement.  We bridge this gap by building unique education, certification, and job placement programs to drive workforce development for local communities, county governments, and state governments.  SEI specializes in building workforce development eco-systems as shown below.

Cyber-Security Workforce Development Eco-System