Service Description
Address IT system intrusions, cyber-theft, denial-of-service, malicious code, inappropriate usage and other security related events. Detect, analyze, contain, eradicate, and recover from security incidents. Successfully restore IT system security to production performance levels.
What's Included
Functions of a managed security service include
- Analyze, identify, research and gather evidence needed to investigate whether an incident has occurred.
- Categorize and analyze the source of all incidents. Utilize US-CERT SP 800-61 incident categories, if applicable.
- Identify the current and potential technical and business impact of an incident
- Document incident handling detection and analysis checklist
- Contain, eradicate and recover from all incidents. Preserve and secure incident evidence.
- Provide appropriate follow-up reporting and lessons learned.
The cost of this service is recovered by the number of full time employees (FTE) supported in your agency as a percentage of total departmental FTEs supported.
Service Level Metrics
| Measure | Target SLA |
|---|---|
| System Monitoring | 24 x 7 |
| Incident Response | 24 x 7 |
| System Availability | 99.99% excluding planned downtime* |
Cost Saving Tips
- Provide lower total cost of information security ownership.
- Allow agencies focus resources on mission critical business objectives.
- Compliance with government regulations is provided through ongoing security monitoring.
- A vendor neutral approach supports the appropriate composition of security services by deploying market-based solutions from a wide variety of industry sources.
Additional Information
Services are in compliance with applicable standards from NIST (including SP 800-61), OMB, FIPS and GAO.