Clients: Case Studies

US DEA

VIGNETTE

TDI has provided the DEA with support at multiple levels of the organization, to include the CTO and Information Security Office. Our primary function was in a consulting role, helping the DEA in a proactive effort to mitigate many of the potential risks in information security business processes and procedures to which they could be vulnerable. TDI conducted a Security Assessment to ascertain the most likely areas for improvement within the DEA; targeting DEA's Information Security Section (ISI) and Office of Information Systems (SI). The goal of the assessment was to recommend a solution for the DEA to fulfill its information security responsibilities mandated by Congress, the President, DOJ, OMB and NIST. In addition, it was our responsibility to analyze the current operations/security environment of ISI and SI, and to assess risks in their information security practices. This resulted in TDI developing a recommended set of security processes/procedures/policies, providing associated budgetary recommendations and estimations, and suggesting organizational restructuring to demonstrate how ISI and SI should optimally conduct operations.

TDI performed a thorough review and dissection of the 17 DOJ security standards, and all DEA policies, procedures, and processes that relate to security. To supplement the documentation, TDI conducted multiple rounds of interviews with dozens of DEA staff at virtually all levels. The assessment was unbiased, with no existing budgetary data provided prior to making budget recommendations, and no DEA influence on the findings or recommendations.

For the assessment final report, findings, recommendations, and any additional costs associated with each recommendation were incorporated into a budget spanning through end of fiscal year 2010. In general, the most pressing findings related to the structural organization of the DEA and the relationship between ISI and SI. Closely linked to this are sharply defined roles and responsibilities inside each of ISI and SI independently and between ISI and SI.

CASE STUDY
US DEA - CTO IA Leadership

TDI delivers strategic executive-level advice to the DEA's Chief Technology Officer and provides recommendations for DEA enterprise IT and cyber security expenditures. We conduct product evaluation, ROI analysis, proof-of-concept, and execute pilot programs on new and emerging technologies. Our role allows us to provide daily advice for decisions affecting a 15,000 user community. We consult on matters relating to IT security federal regulatory compliance such as FISMA, HSPD-12, and Department of Justice (DOJ) directives. On behalf of the DEA, we provide input to DOJ Information Assurance policy, when secure standards for new technologies emerge. TDI executes projects under federal guidelines and standards such as NIST and FIPS and provides a best practices IA perspective to the organization in their pursuit of a sound Federal Enterprise Technical Architecture model. Accomplishments include:

  • TDI provided an end-to-end recommendation and proof-of-concept evaluation for securing enterprise email communications
  • Acted as a liaison for the Office of Information Systems to the Office of Security Programs for issues pertaining to IA such as vulnerability assessment analysis
  • Evaluated FIPS 140-2 protection mechanisms for wireless networks
  • Drafted response to DOJ wireless policy on behalf of the DEA
  • Interfaced and elicited requirements consensus among a varying number of stakeholders within the DEA
  • Worked with the organization to help develop a Patch and Vulnerability Group (PVG) capability for the entire DEA enterprise
  • Provided strategic plan, end-to-end recommendation and proof-of-concept for server virtualization technology using VMWare as part of the DEA's Disaster Recovery initiative
  • Developed and implemented in-house processes for evaluation of emerging technologies
  • Researched and evaluated Biometric storage drives and smart-card technologies
  • Evaluated protection mechanisms for wireless networks
  • Provided guidance and recommendations on decision support tools to the DEA source selection process
  • Interfaced and elicited requirements consensus among a varying number of stakeholders within the DEA
  • Consulted and negotiated with large and small hardware/software vendors

CASE STUDY
US Drug Enforcement Administration Wireless Security

The DEA solicited the support of TDI in providing strategic executive (CTO) level advice and recommendations for the DEA enterprise IT and IA investment expenditures. We conduct product evaluation, ROI analysis, proof-of-concept, and execute pilot programs on new and emerging technologies. In terms of evaluating new technologies, TDI provided an end-to-end recommendation and proof-of-concept evaluation for a Secure Wireless Solution. This solution consisted of a wireless access point and management server. Using the CTO's testing lab, TDI installed and configured a point product solution according to the manufacturer's instructions and successfully tested and adjusted the installation to integrate with DEA's IT Infrastructure over a period of several months.

TDI presented our findings and recommendations to the CTO for consideration as their wireless solution. In the end, DEA decided to employ the Cisco secure wireless solution to more seamlessly integrate and leverage their existing Cisco infrastructure and the requisite training and experience of the existing personnel on supporting that technology.