WCG Strategies
In short, we worked to ensure the system security requirements were achieved. To do this, WCG employed a variety of information gathering and assessment methods (e.g., interviewing, inspecting, studying, vulnerability assessment and penetration testing).
In conducting vulnerability assessment tests, WCG was careful not to affect system availability or alter configuration or data on the tested devices. Penetration tests were conducted through the public Internet. WCG provided the agency with the IP addresses from which the tests were to be conducted and gave sufficient advance notice. All tests were performed in compliance with departmental, federal and international guidelines and coordinated with the agency.
The tests and services WCG performed included:- Network analysis
- Risk assessment and penetration testing
- Development and review of HIPAA security policies and procedures
- Development of continuity of operations/business continuity planning, risk management, contingency and disaster recovery plans and procedures
- Development of security incident response planning and procedures
- Training personnel on security policies and procedures
- Development of security configuration management planning and procedures
- Development of facility security planning and procedures
Based upon prescribed government guidance and industry best practices, WCG recommended alternative approaches to remedy identified deficiencies. Alternatives were presented with respect to projected suitability to the objective, effectiveness, efficiency, initial cost, long-term maintenance and support requirements.