Data Center Assistance Group, LLC
DCAG is a Professional Services organization that provides Consulting, Sales Agent, and Personnel Placement services. We specialize in Enterprise Resilience, Risk Management, Vulnerability Management, Business Continuity Management, and Corporate Certification services.
We support the "Whole of Nation" and "Secure by Design" guidelines provided by DHS/CISA to produce vulnerability-free applications prior to production aceptance, and Continuous Threat Exploitation Management (CTEM) to identify and mitigate new vulnerabilities to applications already in production Operations.
Our goal is to assist client companies achieve optimal services, at reduced costs, while adhering to all laws and regulations within the countries where they conduct business.
Background information
Whole of Nation
As the costs of combating cybercrimes and the rise in Ransomware attacks increased, the Nations of the world met to discuss how best to combat cybercrimes and ransomware attacks. It was agreed that a combied approach of Government, Business, Infrastructure, and Utility companies must be taken to define requirements and perform a needs analysis to find ways to improve protection against technical problems and cybersecurity incidents.
Whole of World
From a "Whole of World" approach, each country decided to abopt their own direction in accordance to their needs. In America a "Whole of Nation" approach was developed and new laws, regulations, and guidelines established to encourage and guide organizations in adopting technologies and procedures to improve their cybersecurity and technology postures.
Secure by Design
The Depatment of Homeland Security (DHS) was assigned the responsibility to develop and implement the response to how best to protect the United States. DHS mandated that the Cybersecurity Infrastructure Internet Agency (CISA) provide a direction plan and gudelines to achieve the goal of best protecting the United States. CISA developed and published a "Secure by Design" approach to reducing, or eliminating, vulnerabilities.
SBOMs (Software Bill of Materials) to eliminate known vulnerabilities and a Pledge to adhere to Secure by Design
CISA published guiding principles and created a "Pledge" agreement for companies to commit to as a seal of approval. The end goal of this approach is to provide vulnerability-free applications that have removed all known vulnerabilities, via patches or new releases, prior to entering the production environment,
Continuous Threat Exploitation Management (CTEM) to identify and mitigate new vulnerabilities
Once applications are in the production environment, Continuous Threat Exploitation Management (CTEM) products and approaches will be utilized to identify and mitigate any new vulnerabilities occuring after the application was accepted into the production environment. This process is depicted below.
From Whole of World to Whole of Nation to Secure by Design
New Laws and Regulations designed to protect enterprises from vulnerabilities
The US Government, Business, Infrastructure, and Utility companies established a structred response to fighting cybercrimes and technology threats. The USA issued laws an regulations, as did industries and sectors. These various enterprise departments developed cyber and technology defenses, created a supportive organization, and provided their services and advice to world and domestic American enterprise.
USA is a Leader and we are helping others
The United States has been helping the world respond to technical problems and cybersecurity incidents, while creating a supportive structure described below. This internal structure is ever evolving, to provide constant improvements to an ever changing environment - like the introduction of Quantum Computing and Artificial Intelligence.
America is leading the charge to eliminate Cybercrimes
Poducing a vulnerability-free environment
The final goal is to develop an improved workflow within the enterprise, where Ideas evolve (via Brainstorming, Collaboration, Innovation) to defined Concepts, that engineering teams can fully research to define Requirements (via Components, Security, Achitecture, Scalability, Workflow, and Metrics) to create Solutions to complete a Systems Engineering Life Cycles (SELC) that provides the Development Teams with a System Development Design in the form of Agile (i.e., Epic, Functions, Features, and Stories).
The Development Teams then create the Application, or Service, using JIRA and documeting the product via Confluence and SharePoint (or equivalent products).
Utilizing Vulnerability Management tools like ProCap360, you can produce vulnerability-free production applications by identifying Known Vulnerabilities contained in a National Vulnerability Database (NVD) and installing the Patch or New Release needed to repair the vulnerability prior to being accepted into the production environment. This product also generates a Knowledge Graph of all related components for viewing and usage.
CTEM can be used to detect New Vulnerabilities that can impact applications in the production environment along with other tools used to interrogate the path from User IP Address to provided application or service for error conditions. Again ProCap360 provides the ability to rescan production application on a periodic basis to detect and report on new vulnerabilities.
A picture of this desired environment is envisioned below.
Example of a Vulnerability-Free Environment
Utilizing ProCap360 as a Vulnerability Management foundation tool
DCAG's President, Thomas Bronack, has a relationship wth Internet Infrastructure Services Corporation (www.iis-corp.com) where he has been working as a Director assisting in the development and marketing of the ProCap360 product. Mr. Bronack believes this product is an advanced tool based on a Neo4J Knowledge Graph that is presently able to provide SBOMs (along with priprietary RBOMs and AIBOMs) to identify known vulnerabilities and assist in their mitigation through patches and new release updates.
ProCap 360 is a program product created by Internet Infrastructure Services Corporation (http://www.iis-corp.com/) that provides the following services:
1. Create SBOMs (identify known vulnerabilities in programs),
2. RBOMs (Programs and Components associated with a new internal program release, and
3. AIBOMs (Artificial Intelligence and Machine Learning information)
4. Program Factory – provide gateways between application development / maintenance stages based on security score until a vulnerability-free application is achieved (all Patches or New Product Releases have been applied)
5. Continuous Threat Exploitation Management (CTEM) to identify new vulnerabilities after a product is in the production environment (periodic automatic scanning of your most critical applications to uncover new vulnerabilities associated with production applications after acceptance)
6. Compliance to domestic and international laws, like:
Executive Order 14028 – Improving Nation’s Software Security Supply Chain and mandating SBOMs
OMB M-22-18 and M-23-16 – Improving the Defense and Resilience of Government Networks
SEC Rule 2023-139 – Disclosure of Material Cybersecurity breaches to protect investors and shareholders
FDA – Control over medical device supply chain and cybersecurity problems
CRA – European Cyber Resilience Act – Hardware and Software Components cyber requirements
DORA – Digital Operational Resilience Act – Strengthen the financial sectors resilience
GDPR – EU Digital Rights of their Citizens, and others
6. Knowledge Graph - A knowledge graph is an organized representation of real-world entities and their relationships. It is typically
stored in a graph database, which natively stores the relationships between data entities. Entities in a knowledge graph can
represent objects, events, situations, or concepts. The relationships between these entities capture the context and meaning of how
they are connected.
Supply Chain Management - to identify where components are originated, and the sub-components within an assembly, can be used to detect component owner and origin. If origin is a banned country, like China or Russis, the component can be rejected because it violates a law.
ProCap 360 from Internet Infrastructure Services Corporation (www.proCap360.com) is a Vulnerability Management tool based on Knowledge Graph technology producing SBOMs, RBOMs, AIBOMs, an Application Factory provides Gateways to help ensure known vulnerability-free applications prior to production acceptance, and the use of Continuous Threat Exploitation Management (CTEM) to identify new vulnerabilities impacting current production applications when they are discovered and entered into the National Vulnerability Database or other NIST supported vulnerability management services (KVE, EPSS, VEX, etc.).
Provided services include: Enterprise Resilience, Vulnerability Management, and Corporate Certification.
- Enterprise Resilience, Vulnerability Management, and Business Continuity Management
- Enterprise Resilience
- Overview of creating a Risk Management Plan
- Risk Management
- Vulnerability Management
- Corporate Certification
- Recovery Services (Business / Disaster)
- Business Continuity Presentation v1.0 - Short
- Business Continuity Presentation v2.0 - Longer
- COOP Project Plan Overview
- Risk Assessment - Overview and Introduction
- Risk Assessment and Business Impact Analysis
- Selecting best recovery strategies and tools
- A coordinated approach to controlling cybercrimes
- Safeguarding the enterprise through Security Analytics
- Assembling and Training the recovery team
- Obtaining Management Awareness and Support
- Implementing Best Practices
Our Business Sectors
Enterprise Resilience
- Understanding the business and its most important customers
- Governance, Risk Management, and Compliance (GRC) both domestically and internationally - Risk Management Foundation
- Confidentiality, Integrity, and Availability (CIA) of data with Vital Records Management - Cyber Security Framework
- Vulnerability Management to eliminate known vulnerabilities and produce vulnerability-free applications prior to entry to the production environment
- Continuous Threat Exploitation Management (CTEM) to identify new vulnerabilities in the production environment for mitigation and addition to National Vulnerability Database (NVD) by CISA
- Use of the Vulnerability Disclosure Policy (VDP) Platform to report identified new vulnerabilities to obtain help in resolving them
Shared Understanding
- Impact of actions on the continuity of services to clients, stakeholders, supply chains, and the safety of the staff.
- A rapid response to Technology Problems, Cyber Crimes, and Recovery Events.
- Ability to adapt to changing times and needs in a coordinated manner.
Compliance
- Laws, Regulations, Policy, Process, Guidelines.
- Domestic (NIST, FFIEC, HIPAA, etc.).
- Vulnerability Management laws like: EO 14028, OMB M-22-18/OMB M-23-16, FDA, SEC Rule 2023-139, CRA, DORA, and GDPR that require SBOMs to hel eliminate known vulnerabilities (CVEs)
- International (ISO Standards, GDPR, etc.).
- Industry Specific, and Country Specific.
Organization Structure
- Structure based on major functional areas.
- Job Titles and areas of control.
- Job descriptions and skill requirements.
- Training and awareness to foster culture.
Business Continuity Management
DCAG has provided Business Continuity Management services to major Banking, Financial, Manufacturing, Pharmaceutical, Vendor and other firms. Our over 30 years of experienced include certification from the Disaster Recovery Institute Internation as a CBCP (Certified Business Continuity Professional from 2015), a Course Developer (IT/DR Course), and Certified Instructor.
Functions:
We cover all type of services but typically:
- IT Disaster Recovery
- COOP - Continuity Of Operations
- Site Recovery Management
- Emergency Management
- Personnel Safety and Violence Prevention
- Crisis Management
Why choose us?
I am a happy individual who truly loves his career and the ability to help clients achieve their goals.
My many years of experience has allowed me to gain a unique perspective of business needs and how to best implement Information Technology services to support those needs.
I work well as a team leader or team member, who is capable of mentoring less experieced people, or learning from those people whose knowledge within specialities is greater than mine.
I bring unique skills and a perspective in visualizing goals and objectives that provide a clear understanding of our direction and how individuals contribute to our success by the services they are assigned.
Trust
An excelelnt product at a reasonable price with a positive attitude to achieve excellence in everything we do.
Integrity
Respect for the individual and an openness to learn new techniques that achieve specific goals and objectives.
Expertise
Over 40 years of experience in hardare, software, operations, applications, workflow, optimization and protecting the environment. The ability to provide a safe, compliant, resilient, and optimized environment, with awareness programs and personnel training
We would love to have the opportunity to assist you achieve an efficient, safeguarded, and optimized environment, with a supportive and well informed staff.
Write to us
Please let us know if you are interested in our services, or would like a copy of one of our documents.
Address:
Phone:
Email: