Security Program Implementations

Security Issues Management

Loblolly’s Security Issues Management program captures and consolidates issues arising from:

  • Security incidents
  • Failed or deficient internal security controls
  • Exceptions that require attention or escalation

Issues Management enables organizations to catalog:

  • Internal and external audit findings
  • Regulatory examination issues
  • Self-identified issues
  • Establish accountability for problem resolution
  • Track remediation plans against commitments and due dates

Robust reporting makes it easy for all levels of management and Executives to understand the full scope of outstanding issues, priorities, and remediation timelines.

IT Risk Management

With Loblolly’s IT Risk Management, your security group can catalog organizational elements and IT assets according to risk level. This management program includes a risk register to catalog IT risks, pre-built IT risk assessments, a pre-built threat assessment methodology, and a catalog format to document IT controls. Security Issues Management is also included for managing security gaps and findings generated from risk assessments.

Gaining clear visibility into IT risk enables you to streamline your assessment efforts, accelerate the identification of IT risks, and establish timely reporting. The linkage between risks and internal security controls enhances communication and simplifies correlation of IT control requirements to reduce compliance gaps and improve risk mitigation strategies. This agile risk management framework enables you to keep up with changing requirements within the business and focus resources on the most impactful IT risks.

Security Vulnerabilities Program

Loblolly takes a big data approach to helping security teams identify and prioritize high-risk threats. Your security group can proactively manage IT security risks by combining asset business context, actionable threat intelligence, vulnerability assessment results, and comprehensive workflows. This consolidated vulnerability research platform enables IT security analysts to prioritize scanning and assessment activities, implement alerts, explore vulnerability scan results, and analyze issues as they arise. A powerful and flexible rules engine highlights new threats, overdue issues, and changing business needs. This ability to correlate known vulnerability risks with an applied business context helps prioritize response and remediation efforts, to speed the rate of closure of significant gaps and reduce costs.

Security Operations and Breach Management

With Loblolly’s Security Operations & Breach Management, you can catalog IT assets for incident prioritization. A full business context overlay within this catalog allows you to prioritize events. Workflow-driven reporting for security incidents allows security managers to stay on top of the most pressing issues. Best practice content for incident handling procedures helps your security analysts respond to alerts effectively and efficiently.

In addition, when a breach occurs, tailored workflows help to manage follow-up investigation and remediation activities. The security operations manager can effectively monitor key performance indicators, measure security control efficacy, and manage the overall SOC (Security Operations Center) team.

Loblolly Consulting RMF Service Offerings
  • NIST SP 800-53 Risk Management Framework (RMF) Assessment
  • DoDI 8510.01 Risk Management Framework for DoD IT Implementation
  • Transition in Support of DoD IT Risk Management Framework (RMF)
  • Complete Assessment and Authorization (A&A) Services
  • Cyber Security Controls and Enhancement Implementation
  • Cyber Security Controls – Compensating Controls Implementation
  • Vulnerability Assessment and Penetration Testing
  • Security Plan & Policy Development
  • Security Engineering (NIST SP 800-160 and TAC 202)
  • Risk Assessment (NIST SP 800-30 and TAC 202)