Cybersecurity

EnDyna supports its clients’ programs with a variety of Cybersecurity solutions, including vulnerability assessments, penetration testing, and cyber risk management. We use the latest tools and platforms to provide a wide range of services in a secure environment.

Vulnerability Assessments/Penetration Testing

Preventing unauthorized access to and criminal use of networks is crucial to protecting our nation’s critical infrastructure and military systems. If hackers got unauthorized access to information systems, they could steal sensitive secrets or alter code to do serious damage to national security. Preventing hackers from gaining unauthorized access to information systems includes identifying and fixing vulnerabilities.

EnDyna performs systematic reviews of security weaknesses in information systems to evaluate if systems are susceptible to any known vulnerabilities. If so, we assign severity levels to those vulnerabilities, and recommend remediation or mitigation.

EnDyna performs penetration testing (pentest) – known as “ethical hacking” (an authorized simulated cyberattack on a computer system) to evaluate the security of the system and to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths.

EnDyna also provides access to a proprietary SaaS platform, which facilitates the submission and tracking of vulnerabilities discovered in internet-accessible information systems. This Platform provides the ability to provide financial incentives (termed “bug bounties”) for valid submissions. Platform support services also includes robust platform reporting, effectively securing the platform, and managing the administration and operation of the platform, including its security.

Cyber Risk Management

EnDyna provides a robust cyber risk management program to preserve the integrity of information and corporate intangible assets and ensure minimal loss. Keeping web applications, source code and embedded software. A few examples of customers’ losses – which can be prevented with effective vulnerability assessments - include:

Information Security (INFOSEC)

EnDyna helps protect information by mitigating information risks by preventing or reducing the probability of unauthorized or inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording or devaluation of information. Protected information may take any form, e.g. electronic or physical, tangible or intangible. Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. In addition, EnDyna provides comprehensive support to facility and personnel security clearances.

PROJECT EXPERIENCE:

US Department of Homeland Security (DHS), Vulnerability Disclosure Policy Platform for DHS Cybersecurity and Infrastructure Security Agency (CISA): EnDyna will provide CISA and participating Federal Civilian Executive Branch (FCEB) agencies access to an existing, commercially available SaaS platform, which will facilitate the submission and tracking of vulnerabilities discovered in internet-accessible information systems, termed FCEB systems, of the FCEB agencies, including Independent Agencies and all Boards, Commissions, and Committees (Chief Financial Officers (CFO) ACT and Non-CFO Act Agencies). In addition, as an optional functionality, the platform will provide agencies the ability to provide financial incentives (termed “bug bounties”) for valid submissions. EnDyna will provide the Government with project management support services including robust platform reporting, effectively securing the platform, and managing the administration and operation of the platform, including its security. Participation in the platform will be voluntary for FCEB agencies, and therefore the platform can support a varying number of agencies at any time.

US Department of Defense (DoD) Washington Headquarters Services (WHS), DDS Crowdsourced Vulnerability Discovery and Disclosure Services: Under subcontract to Bugcrowd, Inc., EnDyna is conducting crowdsourced vulnerability discovery and disclosure (CVDD) services across the full range of networks, systems, and information, including web applications, software, source code, and software-embedded devices across the whole Department of Defense.

US Army, Background Investigation Submission Support Services for the US Army Personnel Security Investigation Center of Excellence (PSI-CoE): Under subcontract to Riva Solutions, EnDyna provides on-site personnel to perform and review entries in the Joint Personnel Adjudication System (JPAS), the NBIB Central Verification System (CVS), Electronic Questionnaire for Investigations Processing (e-QIP), and related databases. The Government uses Microsoft Windows based operating system (currently Windows 10) with the Microsoft Office Suite (Word, Excel, PowerPoint, etc.). EnDyna staff conducts reviews of security questionnaires and provides feedback to Applicants completing these documents through both electronic mail (e-mail) and verbal (telephonic) communication methods. The basic service objective is to perform management and personnel security/suitability background investigation submission support. Success is defined as 100% of investigation requests submitted to the PSI-CoE being processed with one of two (2) outcomes: (1) all unneeded or incomplete investigation requests are closed and/or cancelled; and (2) all required and completed investigation requests are submitted to and accepted by the investigative service provider (ISP). The current ISP is the Office of Personnel Management (OPM) National Background Investigation Bureau (NBIB).

US Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD), Compliance Training for the Infrastructure Security Compliance Division (ISCD): EnDyna provided strategic development, implementation, evaluation, and management of a comprehensive Infrastructure Security Compliance Training program to enhance the effectiveness and efficiency of personnel training to DHS headquarters. We supported ISCD in analysis, revision, and by bringing up to date training programs that enabled DHS to continue to fulfill a critical mission to train designated federal target audiences with critical knowledge, skills, and abilities (KSAs). This project focused on the overarching effort to perform the critical ISCD activities necessary to meet the program requirements for general inspection, regulatory program updates, and standard employee training. As part of this work, the DHS courses on which we worked involved the training of Federal inspectors in Chemical Facility Anti-Terrorism Standards (CFATS) regulations (6 CFR Part 27). The courses included knowledge checks, games, scenario-based performance exercises, report-outs, an end-of-course tests and evaluations.