Clients: Case Studies

US HUD

VIGNETTE

TDI brought exceptional expertise to support the U.S. Department of Housing and Urban Development (HUD), Office of Chief Information Officer (OCIO). Using our proven Information Security Policy creation model, TDI has supported the OCIO in meeting their IT security and infrastructure protection requirements. Our security team provided both compliance related support (e.g., policy review, guidance, and compliance audits), as well as technical services (e.g., security audits, vulnerability assessments, and security product implementation). In support of this effort, TDI also enhanced the department's Critical Infrastructure Protection Plan (CIPP).

CASE STUDY
US HUD Information Security Policy & CIPP Development

TDI brought exceptional expertise to support the U.S. Department of Housing and Urban Development (HUD), Office of Chief Information Officer (OCIO) in addressing the Department’s needs to meet IT security and infrastructure protection requirements.  In support of the HUD OCIO’s mission, our highly qualified staff conducted a gap analysis, developed a recommendations report, developed a security policy, reviewed HUD’s critical assets, revised the critical infrastructure protection plan (CIPP), updated the Software Risk Assessment, and recommended countermeasures to mitigate application vulnerabilities.

In support of this effort, TDI is providing both program management and technical expertise.  In fact, our personnel were integrated into each and every subtask of this project.  Managing the program allowed us to oversee all of the intrinsic processes that occurred.  In addition, we provided the critical role of Lead Security Engineer in support of all tasks within this effort, ranging from interviews, audits, document reviews, policy design and derivation, and development of the CIPP. 

TDI has developed a time tested Information Security Policy creation model that has been successfully used to develop comprehensive policies at both government and commercial organizations such as: USAC, NIH, The Smithsonian Institution, the USMC, and Monster.com

CASE STUDY
US HUD Policy and Process

TDI brought exceptional expertise to support the U.S. Department of Housing and Urban Development (HUD), Office of Chief Information Officer (OCIO) in addressing the Department's needs to meet IT security and infrastructure protection requirements. In support of the HUD OCIO's mission, our highly qualified staff conducted a gap analysis, developed a recommendations report, and ultimately developed Department-wide security policies and procedures. In support of this effort, TDI provided both program management and technical expertise.

TDI first conducted a gap analysis that encompassed a review of existing information security plans, and policies, standards, procedures, and guidelines, and compared them against numerous security requirements. This approach ensured that risks to the HUD infrastructure and mission were identified. We then developed a formal recommendations report that was developed based on the results of the gap analysis, audit findings, and personnel interviews. The report listed the specific gap, any risks that may be identified, and the results of the interviews with HUD personnel. The recommendations report was used to highlight risks associated with the shortfalls and the immediate remediation or mitigation required. TDI worked collaboratively with the HUD OCIO to prioritize the implementation of corrective actions and modifications to policy. Included in the report was a recommended implementation plan to help HUD effectively protect its critical infrastructure.

Once the formal recommendations report was approved, TDI developed a security policy manual that incorporated policy and reference gaps, and corrections to prior audit issues. The approach to developing the policy was a unified approach to developing security policies and plans throughout the organization's program areas. The prioritization was a collaborative effort between TDI and HUD. Upon delivery of the Final Security Policy document, TDI delivered a briefing that summarized the task. The briefings included activities, issues, resolution, deliverables, lessons learned, and additional recommendations for HUD to consider. The end result was a stable and effective security framework that guide's the organization in the protection of its critical infrastructure.