Information Systems Security Engineering

Minerva Engineering provides a wide diversity of Cyber-Security services and products drawing on over 13 years of experience performing systems, software and security engineering on Department of Defense (DoD) and Intelligence Community systems:

Network And Information Security Services

The key to building a strong security plan is to ensure that each individual component on your infrastructure is as strong as the next. It only takes one weak link in your infrastructure to provide a hacker an opening wide enough to bypass even the best security plan.

We provide the expertise to help our clients secure their infrastructure from the ground up. Our team of engineers can help you evaluate and harden an individual software package or an entire network system. Big or small, from the smallest embedded system to satellite control systems, we have experience with it all.

Encryption System Development & Analysis

Minerva Engineering’s Encryption Team has been performing engineering design, integration and test on a wide diversity of encryption systems that includes Type I, Type II and Suite B applications. We can help in the tasks that are required to ensure your cryptographic system satisfies either government or commercial standards.

We have an extensive history of software development, integration and testing of complex cryptographic systems and provide hardware and software implementation of encryption technologies:

• Encryption Algorithm Development (Elliptic Curve Cryptography, DES, 3DES, Blowfish, AES, etc.)
• Implementation of Suite B Encryption Technologies
• Key Management
• Standards Application (FIPS 140-1, FIPS 140-2, etc.)
• Functional Verification Testing, Security Verification Testing

Hardware & Software Vulnerability Assessment

Minerva Engineering’s vulnerability assessment capabilities include support for both evaluation and hardening of software, hardware, and network environments. Whether your system is a complex, distributed enterprise network, a piece of software, a hardware component intended for use in a larger system or a system of systems, Minerva Engineering has the experience and knowledge to help you assess vulnerabilities as they exist and what to do about it.

Our evaluation activities will assess how vulnerable your system is by determining if it meets mandatory standards and policies including National Security Telecommunications and Information Systems Security Policy (NSTISSP) No. 11, the Information Assurance Software Requirements Directive (IASRD) and DoD Directive 8500.1 requiring use of Common Criteria evaluation. We will provide an evaluation of your system by scoring it in the context of the Common Weakness Enumeration (CWE) and the Common Vulnerability Scoring System (CVSS). When we’re through, you’ll have a report detailing our findings and identifying what can be done to harden your systems that will help you protect your investments.

Penetration Testing

Aggressively evaluating your network, software and the personnel using it can be an effective test of how well your infrastructure team has prepared your network and the people that use it against intruders.

As part of our arrangement with customers, our Red Team can work surreptitiously to test just how vulnerable your network and staff are or we can work overtly in a war-gaming scenario to see how well your infrastructure team responds to an attack or effort to compromise your data. We employ modern techniques to infiltrate your networks that are commensurate with trends in modern cyber-crime and cyber-warfare. Our goal is investigation and reporting and when we’re done, you’ll be provided with a confidential report detailing exactly how vulnerable your network or system is to intrusion.

Information Assurance Services

Minerva Engineering provides a variety of information assurance services including information protection needs analysis, system requirements engineering, development of detailed security architectures, information assurance analysis, support for NSA certification and accreditation (C&A), software IA/IS policy assurance and new technology assessment.