Graph Image
Invictus Insights

Fast is Slow, Slow is Fast: Invictus Provides Thoughtful Risk Assessments Aligned to Cyber Strategies

By: Sarah Upperman - Cybersecurity Engagement & Compliance Lead

A critical responsibility of the United States Government is to protect its citizens. To perform this mission effectively, U.S. military forces must respond quickly and precisely to a wide range of threats on a global scale. Many of these defense efforts rely heavily on rapidly evolving technologies. To keep up with rapid technology changes, military leaders and policy makers must be forward thinkers focused on developing tomorrow’s capabilities while executing today’s mission.

At Invictus, we are flexible and adaptable to accommodate customers’ future mission needs. IT leaders cannot afford to simply react to today’s demands. Instead, they must predict tomorrow’s needs and develop flexible and agile solutions capable of meeting a diverse set of user requirements and mission priorities. IT must provide a competitive advantage for the U.S. military that enables the collection, synthesis, analysis, and integration of information, and resources into a single comprehensive view providing insight over threats foreign and domestic. While there are many solutions which can provide this, Risk Assessment capabilities are key in providing specific operational data to inform not just authorization decisions, but risk associated with interconnection requirements for information systems.  To conduct properly informed risk assessments, Invictus maintains subject matter experts in a wide variety of technology areas.  From enterprise IT network technologies, to embedded systems on command and control and weapon systems, to mobile platforms and cross domain technologies that enable data to cross networks to operational users, we maintain experts and conduct risk assessments for our customers every day.

Invictus is committed to the development of solutions across the broad range of cyber security services. While not every organization always has the readily available resources or funding to provision an independent capability, being able to provide the objective assurance designed to add value and improve an organization’s operations is where Invictus can provide insight into an organization’s behavior and preferences. We take the time to develop objectives to develop a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, governance, and control processes. We support the development of risk-based plans to determine the priorities of the assessment activities aligning to the organization’s goals.  Invictus conducts these type of assessments for the Department of Defense Intelligence Information Systems (DoDIIS), at the US Coast Guard, and we provide input to the systems categorization at the Federal Aviation Administration (FAA).

In a number of organizations and government departments, risk assessments can be not well understood and slow down the process of accrediting vital mission systems.  Invictus provides an approach that standardizes and integrates security and the assessment of security controls across the software development life cycle.  This approach has proven to increase overall security while significantly reducing the time to accreditation for a number of customers we support.

Current support provided to the Defense Intelligence Agency aligns the development of a cybersecurity inspection program to support implementation of a zero-trust architecture. The development of the capability has been a labor of love with the cumulative knowledge and talent Invictus brings in its thoughtful approach to developing a risk assessment process, risk model defining key terms and assessable risk factors, and an analysis and assessment approach.