Online Security for eGovernment Solutions
NIC’s standards-based eGovernment security program uses a multilayered approach to ensure that sensitive information is protected.
NIC’s corporate commitment to security management is unparalleled in the eGovernment industry. Led by Chief Security Officer Jayne Friedland Holland,
NIC’s security program includes a comprehensive suite of information security solutions to support the eGovernment operations of every partner we serve. Our proven approach integrates
security assessment, monitoring, and management to deliver a best-in-class security solution.
Our security solutions focus on the people, processes, and technology requirements to ensure a forward-leaning information security posture. We maintain a layered security approach with
audits, testing, and governance controls that are approved by each government partner we serve. In addition, we provide rigorous security training protocols for all NIC employees – not
just those with access to sensitive information.
Standards-Based Security Program
NIC’s governance, risk management, and compliance programs are based on the following laws, standards, and industry best practices:
- IT Governance Institute’s COBIT 4.1
- ISO 27001 & 27002
- Sarbanes-Oxley Act
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry’s Data Security Standards (PCI DSS) and Payment Application Data Security Standard (PA DSS)
- Driver Privacy and Protection Act (DPPA)
Certified Security Professionals
NIC’s security experts are certified in their appropriate specialty areas and many possess Certified Information Systems Security Professional (CISSP) and Certified Information Systems
Auditor (CISA) credentials.
Third Party Validation
NIC works with an industry-leading provider to validate our security practices for each government installation. Every NIC office undergoes a Security Management Program assessment on
a regular basis to validate compliance.
Security Assessment, Monitoring, and Management
We provide the following elements of our comprehensive security management program on an ongoing basis to support the needs of our government partners:
- External network security assessments (penetration testing)
- Internal network security assessment
- General controls reviews
- Policy and procedure reviews
- Application development security reviews
- Information technology risk assessments
- Social engineering reviews
- Web application security monitoring
- System log reviews
- Intrusion detection management
- Firewall management
- Managed intrusion prevention