Data Center Assistance Group, LLC
DCAG is a Professional Services organization that provides professional services, Sales Agent and Personnel Placement services. We specialize in Enterprise Resilience, Vulnerability Management, Business Continuity Management, and Corporate Certification services.
We support the "Whole of Nation" and "Secure by Design" guidelines provided by DHS/CISA to produce vulnerability-free applications prior to production aceptance, and Continuous Threat Exploitation Management (CTEM) to identify and mitigate new vulnerabilities to applications already in production Operations.
Our goal is to assist client companies achieve optimal services, at reduced costs, while adhering to all laws and regulations within the countries where they conduct business.
Background information
Whole of Nation
As the costs of combating cybercrimes and the rise in Ransomware attacks increased the Nations of the world meet to discuss how best to combat cybercrimes and ransomware attacks. It was agreed that a combied approach of Government, Business, Infrastructure, and Utility companies must be taken to define requirements and perform a needs analysis to define improving protection against technical and cybersecurity problems and incients.
Whole of World
From a "Whole of World" approach, each country decided to abopt their own direction in accordance to their needs. In America a "Whole of Nation" approach was developed and new laws, regulations, and guidelines established to encourage and guide organizations in adopting technologies and procedures to improve their cybersecurity and technology postures.
Secure by Design
The Depatment of Homeland Security (DHS) was assigned the responsibility to develop and implement the response to how best to protect the United States. DHS mandated that the Cybersecurity Infrastructure Internet Agency (CISA) provide a direction plan and gudelines to achieve the goal of best protecting the United States. CISA developed and published a "Secure by Design" approach to reducing, or eliminating, vulnerabilities.
SBOMs (Software Bill of Materials) to eliminate known vulnerabilities and a Pledge to adhere to Secure by Design
CISA published guiding principles and created a "Pledge" agreement for companies to commit to as a seal of approval. The end goal of this approach is to provide vulnerability-free applications that have removed all known vulnerabilities, via patches or new releases, prior to entering the production environment,
Continuous Threat Exploitation Management (CTEM) to identify and mitigate new vulnerabilities
Once applications are in the production environment, Continuous Threat Exploitation Management (CTEM) products and approaches will be utilized to identify and mitigate any new vulnerabilities occuring after the application was accepted into the production environment. This process is depicted below.
From Whole of World to Whole of Nation to Secure by Design
New Laws and Regulations designed to protect enterprises from vulnerabilities
The US Government, Business, Infrastructure, and Utility companies established a structred response to fighting cybercrimes and technology threats. The USA issued laws an regulations, as did industries and sectors. These various enterprise departments developed cyber and technology defenses, created a supportive organization, and provided their services and advice to world and domestic American enterprise.
USA is a Leader and we are helping others
The United States has been helping the world respond to technical problems and cybersecurity incidents, while creating a supportive structure described below. This internal structure is ever evolving, to provide constant improvements to an ever changing environment - like the introduction of Quantum Computing and Artificial Intelligence.
America is leading the charge to eliminate Cybercrimes
Poducing a vulnerability-free environment
The final goal is to develop an improved workflow within the enterprise, where Ideas evolve (via Brainstorming, Collaboration, Innovation) to defined Concepts, that engineering teams can fully research to define Requirements (via Components, Security, Achitecture, Scalability, Workflow, and Metrics) to complete a Systems Engineering Life Cycles (SELC) that provides the Development Teams with a System Development Design in the form of Agile (i.e., Epic, Functions, Features, and Stories).
The Development Teams then create the Application, or Service, using JIRA and documeting the product via Confluence and SharePoint.
Utilizing Vulnerability Management tools like ProCap360TM, you can produce vulnerability-free production applications by identifying Known Vulnerabilities contained in a National Vulnerability Database (NVD) and installing the Patch or New Release needed to repair the vulnerability prior to being accepted into the production environment.
CTEM can be used to detect New Vulnerabilities that can impact applications in the production environment along with other tools used to interrogate the path from User IP Address to provided application or service for error conditions.
A picture of this desired environment is envisioned below.
Example of a Vulnerability-Free Environment
Utilizing ProCap360 as a Vulnerability Management foundation tool
DCAG's President, Thomas Bronack, has a relationship wth Internet Infrastructure Services Corporation (www.iis-corp.com) where he has been working as a Director assisting in the development and marketing of the ProCap360 product. Mr. Bronack believes this product is an advanced tool based on a Neo4J Knowledge Graph that is presently able to provide SBOMs (along with priprietary RBOMs and AIBOMs) to identify known vulnerabilities and assist in their mitigation through patches and new release updates.
ProCap 360 is a program product created by Internet Infrastructure Services Corporation (http://www.iis-corp.com/) that provides the following services:
1. Create SBOMs (identify known vulnerabilities in programs),
2. RBOMs (Programs and Components associated with a new internal program release, and
3. AIBOMs (Artificial Intelligence and Machine Learning information)
4. Program Factory – provide gateways between application development / maintenance stages based on security score until a vulnerability-free application is achieved (all Patches or New Product Releases have been applied)
5. Continuous Threat Exploitation Management (CTEM) to identify new vulnerabilities after a product is in the production environment (periodic automatic scanning of your most critical applications to uncover new vulnerabilities associated with production applications after acceptance)
6. Compliance to domestic and international laws, like:
Executive Order 14028 – Improving Nation’s Software Security Supply Chain and mandating SBOMs
OMB M-22-18 and M-23-16 – Improving the Defense and Resilience of Government Networks
SEC Rule 2023-139 – Disclosure of Material Cybersecurity breaches to protect investors and shareholders
FDA – Control over medical device supply chain and cybersecurity problems
CRA – European Cyber Resilience Act – Hardware and Software Components cyber requirements
DORA – Digital Operational Resilience Act – Strengthen the financial sectors resilience
GDPR – EU Digital Rights of their Citizens, and others
6. Knowledge Graph - A knowledge graph is an organized representation of real-world entities and their relationships. It is typically
stored in a graph database, which natively stores the relationships between data entities. Entities in a knowledge graph can
represent objects, events, situations, or concepts. The relationships between these entities capture the context and meaning of how
they are connected.
ProCap 360 from Internet Infrastructure Services Corporation (www.proCap360.com) as a Vulnerability Management tool
Provided services include: Enterprise Resilience, Vulnerability Management, and Corporate Certification.
- Enterprise Resilience, Vulnerability Management, and Business Continuity Management
- Enterprise Resiliencent
- Vulnerability Management
- Corporate Certification
- Recovery Services (Business / DIsaster)
- Risk Assessment and Business Impact Analysis
- Selecting best recovery strategies and tools
- Assembling and Training the recovery team
- Obtaining Management Awareness and Support
- Implementing Best Practices
Our Business Sectors
Enterprise Resilience
- Understanding the business and its most important customers
- Governance, Risk Management, and Compliance (GRC) both domestically and internationally - Risk Management Foundation
- Confidentiality, Integrity, and Availability (CIA) of data with Vital Records Management - Cyber Security Framework
- Vulnerability Management to eliminate known vulnerabilities and produce vulnerability-free application prior to entry to the production environment
- Continuous Threat Exploitation Management (CTEM) to idetify new vulnerabilities in the production environment for mitigation and addition to National Vulnerability Database (NVD) by CISA
Shared Understanding
- Impact of actions on the continuity of services to clients, stakeholders, supply chains, and the safety of the staff.
- A rapid response to Technology Problems, Cyber Crimes, and Recovery Events.
- Ability to adapt to changing times and needs in a coordinated manner.
Compliance
- Laws, Regulations, Policy, Process, Guidelines.
- Domestic (NIST, FFIEC, HIPAA, etc.).
- Vulnerability Management laws like: EO 14028, OMB M-22-18/OMB M-23-16, FDA, SEC Rule 2023-139, CRA, DORA, and GDPR that require SBOMs to hel eliminate known vulnerabilities (CVEs)
- International (ISO Standards, GDPR, etc.).
- Industry Specific, and Country Specific.
Organization Structure
- Structure based on major functional areas.
- Job Titles and areas of control.
- Job descriptions and skill requirements.
- Training and awareness to foster culture.
Why choose us?
Trust
An excelelnt product at a reasonable price with a positive attitude to achieve excellence in everything we do.
Integrity
Respect for the individual and an openness to learn new techniques that achieve specific goals and objectives.
Expertise
Over 40 years of experience in hardare, software, operations, applications, workflow, optimization and protecting the environment. The ability to provide a safe, compliant, resilient, and optimized environment, with awareness programs and personnel training
We would love to have the opportunity to assist you achieve an efficient, safeguarded, and optimized environment, with a supportive and well informed staff.
Write to us
Please let us know if you are interested in our services, or would like a copy of one of our documents.
Address:
Phone:
Email: