18
1 | www.SecureMerger.com Secure Merger® PO Box 540 Augusta, GA 30903 www.SecureMerger.com Secure Merger® Capabilities
1 | w w w . S e c u r e M e r g e r . c o m
Secure Merger® PO Box 540
Augusta, GA 30903
www.SecureMerger.com
Secure Merger® Capabilities
2 | w w w . S e c u r e M e r g e r . c o m
Corporate Overview Secure Merger, a Georgia Limited Liability Company, was founded in 2017. Headquartered in Augusta, GA, our professional team members have decades of experience in digital asset protection, cyber security assessments, and cyber security emergency response. Our cyber security assessments help organizations protect and value digital assets, detect current intrusions, and measure their organization’s cyber maturity. It is crucial to provide the government with the technology and expertise required to thrive in today’s fast paced and ever-changing high-tech world. We achieve this by applying state-of-the-art technology solutions:
ü Developing and implementing Cybersecurity, Information Assurance and computer security techniques and methodologies
ü Strategic focus area for system reviews, audits, analyses, and application and implementation of actual security controls
ü Developing and providing state-of-the-art information security and forensics management training seminars, lectures, classes, and webinars
ü Applying leading-edge technology, techniques, and practices in support of tactical and strategic disaster and readiness planning and security engineering
ü Providing “specialized” hands-on support to anti-terrorism and homeland security actions and activities
ü Providing and developing new techniques and security practices in cloud security, VoIP, IoT, virtualization, and network defense
Our Mission Our mission is to help make the world a safer place. We do this by helping the U.S. Federal government achieve their goals in the cyber realm. Our Management Philosophy The Secure Merger team is committed to serving in any capacity necessary for project completion and satisfaction. We uphold federal, state, international regulatory compliance and business law practices. Secure Merger possesses high regard to the stewardship of our client’s funds. Our team leadership ensures we can identify and deliver projects and programs on time and at or below budget. The Secure Merger Advantage At Secure Merger we are proud to add value by delivering leading-edge cyber security expertise and business perspective to reduce uncertainty and risk in their transitional or steady-state operations. We strive to provide the best of the best in all facets of our operations. Our team of industry professionals originates from numerous academic and technical disciplines, ensuring an innovative and quality product.
3 | w w w . S e c u r e M e r g e r . c o m
Company Characteristics
Certifications As cyber security threats continue to emerge with increasing complexity and sophistication, professionals in the field must remain vigilant, learn continuously, and develop new skills daily. At Secure Merger, we bring together experts from a wide variety of specializations with uncommon and rarely matched abilities, proven through on-the-job performance. As part of continuing professional development, we encourage our team to earn and maintain top-tier industry certifications that confirm expertise in the field, validate specific knowledge and skills, require continuous learning, and encourage participation in professional development networks. This guarantees our customers peace of mind that only comes from working with a leader in cyber security. Certifications held by our team leaders include:
§ (ISC)2 Certified Information Systems Security Professional (CISSP) § (ISC)2 Certified Information Systems Security Management Professional (CISSP-ISSMP) § (ISC)2 Certified Information Systems Security Engineering Professional (CISSP-ISSEP) § ISACA Certified Information Systems Auditor (CISA) § ISACA Certified Information Security Manager (CISM) § ISACA Certified in Risk and Information Systems Control (CRISC) § ISACA Cyber Security Fundamentals Certificate (CSX-F) § ATAB Certified Anti-Terrorism Specialist-Cyber Terrorism Responder (CAS-CTR) § GIAC Certified Incident Handler (GCIH) § GIAC Certified Enterprise Defender (GCED) § GIAC Security Essentials (GSEC) § IISFA Certified Information Forensics Investigator (CIFI) § EC-Council Certified Chief Information Security Officer (C|CISO) § EC-Council Certified Ethical Hacker (C|EH) § EC-Council Computer Hacking Forensic Investigator (C|HFI) § EC-Council Emergency Disaster Recovery Professional (E|DRP) § Cisco Certified Network Associate Route & Switch (CCNA R&S) § CompTIA Security+ CE § CompTIA Network+ CE § CompTIA A+ CE
4 | w w w . S e c u r e M e r g e r . c o m
NAICS Codes The following codes are applicable to Secure Merger: Primary 541690 Other Scientific and Technical Consulting Services Additional 541511 Custom Computer Programming Services 541512 Computer Systems Design Services 541519 Other Computer Related Services 541611 Administrative Management and General Management Consulting Services 541618 Other Management Consulting Services 561621 Security Systems Services (except Locksmiths)
CAGE Code 8CCF1
DUNS Number 081330416
Insurance Information SECURE MERGER, LLC 609 Ponder Place Suite C Evans, GA 30809 Policy: MTK1562835A Provider: USLI Limits of Liability: $3,000,000 An official certificate of insurance can be provided upon request.
5 | w w w . S e c u r e M e r g e r . c o m
Key Areas of Emphasis
1 – Cyber Security Risk Assessments 2 – Cyber Security Audits 3 – Incident Response 4 – Digital Forensics 5 – Attack Susceptibility Assessments 6 – Penetration Testing 7 – Code Review 8 – Policy and Program Development 9 – Employee Training
1 – Cyber Security Risk Assessments Secure Merger carefully selects personnel with topic-specific expertise to compose risk assessment teams best suited to unique organizational needs. Our analysts have custom-built a broad risk assessment process which can adapt to the most diverse organizations, while delivering the preeminent foundational pieces our clients have come to expect. The Secure Merger Advantage
Ø Comprehensive Coverage § Based on the 108-item NIST Cybersecurity Framework, our risk assessments
comprehensively cover all aspects of an organization’s cyber security program § We use our results to build detailed maturity ratings that our clients can use for trend
analysis and strategic planning, and targeted resource deployment Ø Quantified Risk Exposure
§ We believe the best way to make actionable decisions from a security risk assessment is to normalize the results in a consistent manner
§ Our assessments evaluate the annualized, dollar-quantified risk exposure of each of the most significant threat events we find, using the Open FAIR methodology
§ We put into context what our findings really mean in terms of probability and consequence, using such numerical sources as:
§ Industry studies § Federal crime statistics § Organizational business impact analysis § Secure Merger’s own proprietary intelligence
Ø Standards-Based Flexibility § Our risk assessments can be flexibly adapted to deliver the same benefits, in terms of
the standard most useful to each organization. This includes the following, among others:
§ CIS Controls § COBIT 5 / 2019 § HIPAA § ISA/IEC 62443 § ISO/IEC 27001 § NIST SP 800-53
6 | w w w . S e c u r e M e r g e r . c o m
Our team has the capacity to conduct thorough onsite risk assessments which measure an organization’s cyber security maturity across 23 programmatic areas. We then zero in on the most serious cyber security risks with dollar-quantified insight into the organization’s exposure, and deliver discrete recommendations on how our clients can best reduce their risks, and take control of their cyber security. This includes such technical analysis as:
§ Active / Passive Device Discovery § Automated Software Inventory § Automated Account Inventory § Automated Vulnerability Scan § Privilege Review § Domain Configuration Analysis § Network Infrastructure Analysis § Network Security Traffic Analysis
Additionally, a thorough documentation review is coupled with onsite observations, and interviews of personnel range from organizational leadership to entry-level contributors. The result is a comprehensive assessment with big-picture takeaways, as well as granular findings and tangible action plans.
7 | w w w . S e c u r e M e r g e r . c o m
2 – Cyber Security Audits Secure Merger assists its clients in understanding not only their organizational compliance with regulatory requirements, but the deeper implications of their cyber security policies and procedures, and the effectiveness of their controls. Ineffective compliance programs do more than drain energy and resources from organizations that could better allocate them elsewhere; they foster an environment in which binders and checklists can be mistaken for legitimate security. Our team brings decades of experience managing compliance programs across a wide variety of industries, and helps our clients balance control implementation, user awareness, and resource management to make regulatory compliance an area of strength. Secure Merger can audit information systems to determine whether:
§ Systems are in compliance with applicable laws, regulations, contracts, and industry guidelines § IT data and information have appropriate levels of confidentiality, integrity, and availability § IT operations are being accomplished efficiently, and effectiveness targets are being met
Our thorough expertise delivers quality support to organizations needing:
§ IT Audits § Compliance Audits § HIPAA Reviews § IT Security Audits § Security Assessments § FISMA Reviews § COBIT Audits § ISO27001 Audits
Controlled Unclassified Information (CUI) In December 2016, NIST issued SP 800-171 in support of the E.O. 13556 originally issued in November 2010. This Executive Order from the President is designed to provide guidance and direction to all organizations, public and private, on how to maintain the confidentiality of governmental data on their organizational systems. It deals with specific types of unclassified data, primarily in the Critical Infrastructure areas, known as Controlled Unclassified Information (CUI). Secure Merger provides these third-party assessments for CUI compliance. The CUI assessment procedures are flexible and can be customized to the needs of the organizations and the assessors conducting the assessments. Security assessments can be conducted as self-assessments; independent, third-party assessments; or government-sponsored assessments, and can be applied with various degrees of rigor, based on customer-defined depth and coverage attributes.
8 | w w w . S e c u r e M e r g e r . c o m
3 – Incident Response Even the best defended networks encounter unexpected cyber incidents, and preparing for the unexpected can be the difference between a minor irritation and a full-scale disaster. Secure Merger’s capability to perform thorough, on-network security risk assessments would be incomplete without the complementary ability to detect, investigate, and contain cyber incidents as they are discovered. If an issue is uncovered while we are onsite, or if our clients find themselves in over their head at any other time, our team provides rapid and effective response. The objectives of security incident response activities are to:
§ Limit the immediate incident impact to customers and business partners § Recover from the incident § Determine how the incident occurred § Discover how to avoid further exploitation of the same vulnerability § Avoid further escalation of incident § Assess the impact and damage in terms of financial impact, loss of data, loss of processing, data
breaches, reputation, etc. § Update organizational security policies and procedures as necessary
The Secure Merger team provides for or coordinates with the customer to develop, institute, and support incident response activities, depending upon client requirements, needs, and industry stature. Breach Response Scenarios Secure Merger has the unique ability to bring together strengths on a variety of security programmatic areas, to multiply our clients’ incident response capability. Our strong suits include:
§ A keen ability to craft efficient security policy to fit each unique organization § Years of experience in wide-ranging classroom instruction and cyber certification § A diverse technical skillset with experience in such varied industries as commercial, military,
federal government, and critical infrastructure § Industry thought-leaders in the legal, regulatory, and business aspects of cyber security
These coalesce to create engaging breach response scenarios, enlightening table-top exercises, and invaluable training in organizational incident response. Whether as a means of training leaders and key stakeholders, exercising a new process, or growing interdepartmental synergies, our team’s guidance enables our clients to approach cyber incidents from a position of strength.
9 | w w w . S e c u r e M e r g e r . c o m
4 – Digital Forensics The current situation of business security no longer can be described as a matter of "Will your organization be compromised (hacked)?" but, rather, "When?" In the aftermath of a cyber incident, adequate collection, preservation, and analysis of the relevant evidence are the foundational pieces of an effective investigation. If the significant pieces are buried under irrelevant alerts and artifacts, valuable time may be lost in assembling an adequate response strategy. The Secure Merger team possesses many years of experience and background, the knowledge and “real-world” skills to identify, track, and prosecute the cyber-criminal, by identifying, collecting, documenting, storing, preserving, and analyzing evidence. Our team consists of personnel possessing the necessary skills for identification of intruder footprints, and evidence collection techniques for expeditious and proper prosecution. Our certified and experienced personnel utilize numerous top tools of the forensics trade, including software, hardware, and specialized techniques. Secure Merger’s digital forensics capability provides much-needed context, rich expertise, and keen insight into cyber attacks, so that our clients can effectively investigate and remediate the incident. Our ability to collect, process, and preserve evidence and chain of custody sets up our analysis and intelligence capability, which support effective investigation and equip our clients to respond in an appropriate and timely manner. Our team will serve as expert witnesses, including testimony in court for disciplinary procedures.
10 | w w w . S e c u r e M e r g e r . c o m
5 – Attack Susceptibility Assessments Numerous cyber security studies have found that upwards of 90% of successful cyber attacks begin by “attacking the human” with social engineering, phishing, and the like. The human aspect is unavoidable. Organizations cannot exist on an island; they must interact with the outside world in the form of customers, vendors, business associates, and competitors. All the while, adversaries feast on low hanging fruit, and the means of determining an organization’s external weaknesses are becoming increasingly automated and sophisticated. For these reasons, we at Secure Merger place a heavy importance on our clients understanding their security posture from the outside looking in. By taking the same steps that adversaries do when canvassing potential targets for attack, we reveal weaknesses in a friendly manner before they can be exploited by an unfriendly actor. Our Attack Susceptibility Assessment is like a penetration test of our clients’ people, and their outward face to the world. Our examination from this vantage point includes:
§ Global Network Footprinting § Open Source Intelligence Collection § Social Engineering
o Phishing (Email) o Vishing (Phone) o Smishing (SMS Text)
§ Web Site Security Assessment (OWASP) An essential and often overlooked aspect of any security evaluation is the external, “black box” examination, which has the opportunity to reveal weaknesses in areas such as the organization’s supply chain, personnel training, web attacks, visitor control, and susceptibility to Business Email Compromise, to name a few. Our creative and skilled team ensures that our clients do not overestimate their defenses when it comes to probing external adversaries.
11 | w w w . S e c u r e M e r g e r . c o m
6 – Penetration Testing Large enterprises with complex security programs need to fully explore the implications of new infrastructure and system configurations, particularly when critical systems and sensitive data stand to be impacted. By thinking outside the box, proficient testers who emulate the techniques and abilities of adversaries can help identify and mitigate threats before they are exploited. A penetration testing event is a focused and targeted attack simulation to identify, evaluate, and demonstrate a particular vulnerability. These engagements provide a “point in time” focus on proving vulnerabilities rather than addressing enterprise level risks. The specific focus of the engagement can range from penetrating internet firewalls or social engineering, to compromising application architecture. A combination of commercial scanners and public domain tools from various commercial and open source software security toolkits, in addition to manual techniques, are used to identify vulnerabilities present within individual devices. Secure Merger’s skilled penetration testers have a deep knowledge of system operation, networking, and vulnerability exploitation, and how to best combine automated tools with technical know-how. Our analysts have extensive experience successfully testing systems for military and civilian agencies. A focused deployment of our penetration test techniques gives our clients confidence that the capability and configuration of their critical systems can withstand those who would do it harm. Secure Merger assists its clients in understanding the proper application of resources and the feasibility of attack, both from without and within an organization. Our proven methodology custom tailors an approach based on the client's individual system needs and requirements. Our cooperative penetration assessment process includes such capabilities as:
§ Custom Scripting § System Exploitation § Privilege Escalation § Lateral Movement § Deploy Rogue Host § Obtain Credentials § Own the Domain § Web App Pentest § Test Incident Response
12 | w w w . S e c u r e M e r g e r . c o m
7 – Code Review Development and deployment of code on critical systems must incorporate secure code review at the appropriate points in the System Development Life Cycle (SDLC). Not only is this an essential aspect of defense-in-depth, it has the potential to save a disproportionate amount of time and resources from being wasted in breach cleanup after the fact. A proactive approach can preclude a host of financial and regulatory consequences to an organization. Secure Merger utilizes the CWE Checklist and OWASP Top 10 review criteria to identify the areas of highest risk, including such areas as:
§ Unvalidated input § Broken access control § Broken authentication and session management § Cross Site Scripting (XSS) flaws § Buffer overflows § Injection flaws § Improper error handling § Insecure storage § Denial of service § Insecure configuration management
Secure Merger will ensure that in the event of non-validated input, the proper security measures are in place to prevent tampering attacks such as forced browsing, command insertion, cross site scripting, and HTTP requests. We also ensure that in the event of broken access control, the model used is tied to the functions of a particular site, and users fall into their proper groups or roles as specified by their access privileges, so as to prevent hackers from obtaining confidential information. Secure Merger’s ability to identify security vulnerabilities during the development of critical code makes use of both automated and manual methods. We streamline where possible with technical tools, and utilize human expertise to put findings in context, including the exploitability, associated risk, and potential real-world impact to the client. When analyzing the attack surface and examining the data flow, our analysts scrutinize each transaction in the application and the associated security functions they invoke. This includes such topics as:
§ Authentication § Authorization § Data Validation § Encryption § Error Handling § Logging § Network Architecture § Security Configuration § Session Management
13 | w w w . S e c u r e M e r g e r . c o m
8 – Policy and Program Development There are few industries in either the public or private sector in which Secure Merger’s analysts have not worked to solve cyber security problems. Our insightful approach to programmatic security management to achieve both comprehensive regulatory compliance and efficient risk mitigation equips us to build our clients’ security programs into their organizational strengths. In the same manner that we approach the early aspects of any risk assessment, understanding an organization’s existing security posture includes a thorough documentation review of:
§ Policies / Procedures § Previous Audits / Assessments § Network and System Diagrams § System Inventories § Configurations § Log Analysis § Incident Response Plans § Business Continuity Plans § Disaster Recovery Plans § Training Records
In each of these topic areas, Secure Merger’s problem-solving expertise, resource management experience, and current industry intelligence deliver on-target review and custom-tailored improvement recommendations. In cases where our clients lack certain aspects of an effective security program, or organizational changes prompt an overhaul, Secure Merger’s deep well of knowledge in each of these areas delivers world-class security program development.
14 | w w w . S e c u r e M e r g e r . c o m
9 – Employee Training Secure Merger aims to provide the most innovative and best security practices, procedures, training, and activities to support our clients. It is crucial to provide our customers with the technology and expertise required to thrive in today’s fast paced and ever-changing high-tech world. We achieve this by applying state-of-the-art technology and realistic, cost-effective, creative management solutions to a diverse business base—both at home and across the country. Whether for topic-specific training to close a gap identified, or to satisfy recurring organizational requirements, Secure Merger training support efforts include development and delivery in a wide range of areas, such as:
§ Network connectivity (internal, third party, public) § Specialist industry devices/instrumentation § Platforms, applications, and software used § On-premises, cloud, or hybrid systems § Operational support for security § User community and capabilities
Our focus on building a creative and technically challenging environment has allowed us to attract some of the richest talent available, allowing Secure Merger to develop outstanding cutting-edge solutions and services for our customers. Our certified instructors ensure your employee, even with minimum-level knowledge, is provided the best possible instruction for certification test preparation and workforce requirements. To facilitate an efficient atmosphere, our informative courses are limited to fewer than 50 students and our in-depth technical courses are limited to 15 students per session.
1. Complete name of Government agency, commercial firm, or other organization Office of Administrative Law Judges, US Department of Labor
2. Complete address
US Department of Labor, Office of Administrative Law Judges 800 K Street NW, Suite 400 Washington, DC 20001-8002
3. Contract number: DOLB079626321 4. Date of contract: 1 July 2009
5. Date work was begun July 1, 2009
6. Date work was completed Current
7. Estimated contract price $495000.00
8. Final amount invoiced or amount invoiced to date $399,400.02 invoiced to date
9a. Technical point of contact (name, title, address, telephone no. and email address)
Steven Kentner, Chief, Information Resources Division US Department of Labor, Office of Administrative Law Judges 800 K Street NW, Suite 400 Washington, DC 20001-8002 202-693-7338 [email protected]
9b. Contracting or purchasing point of contact (name, title, address, telephone no. and email address)
P.J. Soto, Director of Program Operations US Department of Labor, Office of Administrative Law Judges 800 K Street NW, Suite 400 Washington, DC 20001-8002 202-693-7542 [email protected]
10. Location of work (country, state or province, county, city) USA, Washington, DC
11. Description of contract work: Under various subcontract: Leighton Johnson, Steve Covey, Adam Gold, Cynthia Valentine, Andy Tran, and Heather Greene are currently providing IT Security Engineering services and Security Assessment & Authorization (C&A) support to the DOL – OALJ through subcontracts to NetBase, Inc. for the period 1 July 09 – 30 June 14 and to True-IA, LLC for the period 20 Sept 2015 - present. The technical services include engineering design and installation support the Enterprise-wide ePolicy Orchestrator SIEM deployment; installation and deployment of the PointSec Whole Disk encryption package for all machines in OALJ; security engineering support for the virtual host redesign efforts of the OALJ website; various governmental-directed Cybersecurity reviews, assessments, tests and other security engineering and architecture efforts as required. The RMF efforts are required under the FISMA and DOL regulations to recertify the OALJ Major Application and General Support System every 3 years. The OALJ GSS and CTS SA&A reviews include the following in accordance with DOL and NIST federal guidelines: the servers, backbone network, policies, procedures, and user activities. The Case Tracking System (CTS) and the General Support System (GSS) infrastructure system reviews include: user interviews, documentation review and modification, vulnerability scanning, specialized web application vulnerability scanning, directed penetration testing of the OALJ website, and security controls assessments. These tasks produce the following documentation: RMF documentation reports, specialized web-based remediation recommendations, Security Self Assessment documentation and inputs to the DOL-wide Security Tracking system - CSAM, ATO packages & recommendations, and supporting documentation.
12. Current status of contract (choose one): Contract tasks are currently being accomplished on-time and at-budget
Secure Merger is a joint venture. ISFMT, Inc. is a parent company (Affiliate) of Secure Merger LLC. The GAO (Government Accountability Office) has determined that the past performance of a parent company can be used as long as the management or workforce of the parent company is relied upon for the execution of the work in the joint venture.
1. Complete name of Government agency, commercial firm, or other organization ISACA
2. Complete address
ISACA 1700 E. Golf Road, Ste. 400 Schaumburg, IL 60173
3. Contract number or other reference Multiple training task orders and contracts
4. Date of contract
April 2018 – Present
5. Date work was begun April 2018
6. Date work was completed Present
7. Estimated contract price $150000.00
8. Final amount invoiced or amount invoiced to date $140,000.00 so far
9a. Technical point of contact (name, title, address, telephone no. and email address)
Rachel Glaz
ISACA 1700 E. Golf Road, Ste. 400 Schaumburg, IL 60173
847-660-5730
9b. Contracting or purchasing point of contact (name, title, address, telephone no. and email address)
Steven Mole
VP, Enterprise Business Development
ISACA 1700 E. Golf Road, Ste. 400 Schaumburg, IL 60173
10. Location of work (country, state or province, county, city) USA, India, South Africa, Hong Kong - multiple locations
11. Description of contract work: Conduct activities as an Accredited Trainer for ISACA. Provides ISACA and DoD 8570/8140 compliant and support training courses for ISACA Enterprise and Chapter personnel security certification courses throughout the United States and around the world. Courses delivered include CRISC, CISA, CISM, IT Audit Fundamentals, Cybersecurity for Auditors, Forensics for Auditors and Cybersecurity Nexus Foundations Bootcamps. Typical engagements lasted 3 to 5 days and included class delivery, classroom setup, student enrollment, and sample test delivery. Courses were delivered at commercial and governmental locations in Northern Virginia, Maryland, Hong Kong, India, Illinois, Colorado, Washington, DC, California, Texas, Florida, North Carolina, Georgia, New Jersey, Arizona, South Africa, Louisiana, Massachusetts, and South Carolina.
12. Current status of contract (choose one): Multiple contracts completed successfully
Secure Merger is a joint venture. ISFMT, Inc. is a parent company (Affiliate) of Secure Merger LLC. The GAO (Government Accountability Office) has determined that the past performance of a parent company can be used as long as the management or workforce of the parent company is relied upon for the execution of the work in the joint venture.
1. Complete name of Government agency, commercial firm, or other organization InfoSec Institute
2. Complete address
InfoSec Institute 7310 W. North Ave., Ste. 4D Elmwood Park, IL 60707
3. Contract number or other reference Multiple training task orders
4. Date of contract
August 2010 – Present
5. Date work was begun August 2010
6. Date work was completed Present
7. Estimated contract price $150000.00
8. Final amount invoiced or amount invoiced to date $156,000.00
9a. Technical point of contact (name, title, address, telephone no. and email address)
Kevin Kluzak
InfoSec Institute 7310 W. North Ave., Ste. 4D Elmwood Park, IL 60707
708-689-0131
9b. Contracting or purchasing point of contact (name, title, address, telephone no. and email address)
Lori Aiello
InfoSec Institute 7310 W. North Ave., Ste. 4D Elmwood Park, IL 60707
708-689-0131
10. Location of work (country, state or province, county, city) USA, multiple locations
11. Description of contract work: ISFMT provides DoD 8570/8140 compliant and support training courses for InfoSec Institute and subcontractor personnel security certification courses throughout the United States. Courses delivered include CISSP, CISA, CISM, CAP, CCSP, CISSP-ISSEP, CISSP-ISSMP, DOD-RMF and DIACAP Bootcamps. Typical engagements lasted 3 to 6 days (24-72 hours) and included class delivery, classroom setup, student enrollment, and sample test delivery. Courses were delivered at commercial and governmental locations in Northern Virginia, Maryland, Rhode Island, Illinois, Colorado, New Mexico, California, Texas, Florida, North Carolina, Georgia, England, Tennessee, and South Carolina.
12. Current status of contract (choose one): Task Orders completed successfully
Secure Merger is a joint venture. ISFMT, Inc. is a parent company (Affiliate) of Secure Merger LLC. The GAO (Government Accountability Office) has determined that the past performance of a parent company can be used as long as the management or workforce of the parent company is relied upon for the execution of the work in the joint venture.
1. Complete name of Government agency, commercial firm, or other organization Thomson-Reuters via IBM Global Services
2. Complete address
Thomson-Reuters 610 Opperman Drive Eagan, MN 55123
3. Contract number or other reference
4. Date of contract
1 August 2017
5. Date work was begun August 5, 2017
6. Date work was completed December 31, 2017
7. Estimated contract price $85000.00
8. Final amount invoiced or amount invoiced to date $76500
9a. Technical point of contact (name, title, address, telephone no. and email address)
Alana Folger, ISRM Security Manager 610 Opperman Drive Eagan, MN 55123 [email protected]
9b. Contracting or purchasing point of contact (name, title, address, telephone no. and email address)
Heather Goich Talent Management Specialist Artech Information Systems LLC 2810 Lemone Industrial Boulevard | Columbia, MO 65201 Office: 573.219.5802 [email protected]
0. Location of work (country, state or province, county, city) USA, Eagan, MN
11. Description of contract work: Conducted activities under Artech contract to IBM as a Senior Information Security Assurance Advisor for large Fortune 100 Information Brokerage client wherein provided assessments of vendors against corporate technology and security policies. Responded to customer inquiries regarding company compliance status and security controls as well as conducted research, interpreted or developed, maintained & applied governance, compliance regulations and control descriptions for IT audits under ISO 27001, AICPA, SOX, PCI, NIST, HIPAA, COBIT 5, NIST CSF and local standards. Additionally, provided guidance and advisory inputs for corporate governance and compliance reporting to regulators, 3rd party partners, auditors and clients and performs detailed reviews and evaluations of security components for corporate contracts, audits and sales events for large-scale corporate customers and potential clients. Developed and provided CSF training to other ISRM security assurance personnel at Thomson Reuters.
12. Current status of contract (choose one): All contract tasks were accomplished on-time and at-budget – Contract completed
Secure Merger is a joint venture. ISFMT, Inc. is a parent company (Affiliate) of Secure Merger LLC. The GAO (Government Accountability Office) has determined that the past performance of a parent company can be used as long as the management or workforce of the parent company is relied upon for the execution of the work in the joint venture.
