Security Operations

Philosophy

Today, employees and users across industry and government, have more data than ever to work with and more tools and systems to access it with; and they expect easy-to-use tools that work everywhere they do. Organizations are challenged securely store the data and to provide secure access to that data at a low or reasonably low cost.

Cognizance Technologies (CT) operates with the philosophy that security must be the first-class member of its operations at all times and that the organization must be transparent about its security practices.

Our clients, including the Internal Revenue Services (IRS), value our expertise in achieving their cybersecurity goals and objectives.

Strategy Execution

CT’s strategy for security and security operations is based on three major tenets. First the system, application, and product security; second, the infrastructure security, and third employee/user awareness. System security pertains to quality system development at any organization, be it CT or any of our clients. Infrastructure security covers the systems that support the products and services provided by the organization (again be it CT or its clients). And, lastly, awareness emphasizes the importance of practicing security by people in the organization.

To ensure proper understanding of the philosophy and execution of our strategy, CT uses best practice methodology to factor in security into designs, projects and timelines. Methods employed by CY include strict engineering standards in the system setup and application development (including observability), creating and constantly evaluating reusable security frameworks (procedures and practices) that handle common issues, 24/7 monitoring of system and infrastructure operations and performance for anomalies, multi-factor authentication with “need to know” or “least access” authorization, Infrastructure as Code, automated configuration management and patch deployment, quarterly and annual training of all employees on best security practices within the organization.

Agile Development

Guidelines

CT adheres to NIST security and security control guidance 800-53/60 for classifying both the data we store and systems/applications we develop work with that data in terms of confidentiality, integrity, and availability.

Our expertise in and understanding of security we provide guidance to our partners and clients in the areas of Risk and Vulnerability Analysis, physical security (site and facility security), system and application security (configuration and change management), Certifications and Accreditation (C&A) and Security Testing and Evaluation (ST&E), security awareness training and education.