Services

• Information Assurance Architectures - ISSI provides design assistance or validation analysis of this complex task.  It is easy to combine several secure components in a way that isn't secure.  ISSI uses multi-disciplinary teams of offensive and defensive personnel to insure that your architecture is secure from every perspective.  Read our white paper on the details of a typical architecture design project.
• Risk Assessments - ISSI has devised a method of performing and presenting a risk assessment that enables decision-makers to see clearly the choices they have and the impact of those choices.  All usable security systems have risks so a risk assessment should be part of any design process or purchasing decision.  Read our white paper on risk assessments
• Security Product Evaluations -  ISSI will be happy to look at a specific product for you--either a product that you are designing or a product that you are considering for your security architecture.  ISSI doesn't use a simple checklist of best practices; we approach each product as an attacker, looking for the weak link.  We are very thorough and always find flaws.  With our report in hand you can decide whether the device meets your needs, perhaps with other devices or security policies in place for layered security.
• Cryptographic Algorithm Evaluations - ISSI has the best team of world-class cryptanalysts in a private organization anywhere.  Our people all have over 30 years each in real-world cryptanalysis, not only in theoretical, text-book attacks but also the kind where plain text ends up on a decision-maker's desk.  Our people are so experienced that we can find flaws in a small fraction of the time required by more junior people, and save you time and money.
• Key Management Design and Analysis - Modern cryptography is so strong that no one can afford to attempt an attack on the actual algorithm; attacks are always directed at the key management.  Flaws in a key management system are subtle and can be hard to detect.  Our key management engineers were behind the strongest key management systems that the US government has designed.  They can help you insure that your system is elegantly designed with security and efficiency.
• NSA Product Evaluation Support - If your product will ultimately have to be approved by NSA, our engineers, mathematicians and scientists can advise you on the features that NSA will be looking for and the documentation required.  Most of our people worked in the evaluation section of NSA during their government lives.
• FIPS 140 Evaluation Support - The FIPS 140 evaluation is a process through which a laboratory approved by NIST certifies that a product meets the US government standards for good security practices.  ISSI can help you prepare for the NIST evaluation which is a fairly expensive one.  You'll want to have a successful accreditation the first time through.
• DCID 6/3-compliant Security Plans - Security Plans for IT systems that are used on DoD contracts must comply with the standards set in a document referred to as DCID 6/3.  ISSI can provide these plans or consult with your staff as they prepare the plans.

 

 

Is ISSI the right IA company for you?

Our clients generally fall into two categories--either

1. they are producing a security product and they want to make sure they won't embarrass themselves when the industry starts to attack it, or
2. they are considering using a security product and they want to insure that it will protect them against serious threats.

Put our world-class experts on your team!

ISSI consistently solves difficult problems by forming small and diverse expert teams that complement each other and the client's staff.  We have over 500 years of experience in information assurance in critical systems. 

We always find vulnerabilities in the systems we evaluate.

Because ISSI has such extensive real-world experience attacking systems, we quickly and economically find vulnerabilities. 

If you are faced with world-class threats, you need ISSI!