Cyber Security & Information Assurance Engineering

YarCom^® Inc. is an expert in total cyber security and information assurance solutions. We work closely with infrastructure designers, application developers, e-commerce providers, and web services implementors to provide complete and secure computing, networking, and internetworking solutions.

We address all the Cyber SECs: In 2001, YarCom was the first organization to define a comprehensive Cyber-IO applied programming interface with a unified XML information exchange process.

We are the only ones who will address all the SECs, both actively and passively. The only way to provide true Defense-in-Depth is to build-in cyber security at all seven layers of the OSI stack, plus the difficult layer 8 (people) and layer 9 (policy), and layer 10 (budget).

COMSEC - Communications Security

• Cryptosecurity: Provision of technically sound cryptosystems and their proper use.

• Emission Security: All measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from crypto-equipment, information systems, and telecommunications systems.

• Physical Security: All physical measures necessary to safeguard classified, proprietary, sensitive equipment, material, and documents from access, observation, or theft by unauthorized persons.

• Transmission Security: Application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis.

EMSEC - Emanations Security

• All measures designed to deny unauthorized persons information of value that might be derived from intercept and analysis of compromising emanations from other than crypto-equipment and telecommunications systems.

COMPUSEC - Computer Security

• Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer. Synonym for automated information systems security.

• Application of hardware, firmware and software security features to a computer system in order to protect against, or prevent, the unauthorized disclosure, manipulation, deletion of information, or denial of service.

NETSEC - Network Security

• Measures designed to provide a secure interconnecting infrastructure supporting data communications.

E2SEC - End-To-End Security - the YarCom^® Inc. Advantage

• Measures taken to ensure availability, confidentiality, integrity, identity, and non-repudiation of information systems from source to recipient.

Process-Driven Engineering

YarCom^® Inc. has experience engineering all aspects of ISO/IEC 17799/27001, NIST 800-53, CNSSI 1253, DODI 8500.01, and ICD-503. We engineer solutions that can be validated within the National Information Assurance Partnership (NIAP) and the Common Criteria Evaulation and Validation Scheme (CCEVS), including supporting documents and process engineering.

Turn to YarCom^® Inc. when you need the latest designs, products, services and information on Information Assurance issues including:

• Personnel policies & employment contracts

• User training & threat advisories

• Cryptographic implementations, IPSec VPN, TLS VPN, SSL-enabled web servers, including US Government high assurance

• Clandestine channel detection, including steganography

• Virus and other malicious code protection

• Public Key Infrastructures (PKI) and Public-Key Enabled (PKE) applications

• Firewalls and enclave boundary protection

• Intrusion detection sensors and monitoring

• Disaster recovery and off-site secure storage

• Vulnerability audits

• Emergency power systems

• EMP and lightning protection

• Work practices & secure applications

YarCom^® Inc.: The source for your cyber security and information assurance expertise.