Information Security

Let us help protect your systems with cost-effective solutions that integrate protection controls, protect confidentiality, and assure integrity within and across all security domains

  • Effectively manage risk and stay ahead of ever-evolving security threats.

    Business and government agencies face unprecedented, multidimensional cybersecurity challenges. Meanwhile, requirements to collect, analyze, and share massive amounts of information generate increasingly complex processes that need to be seamlessly integrated without causing further security gaps.

    Alqimi can help protect your systems with cost-effective solutions that integrate protection controls, protect confidentiality, and assure integrity within and across all security domains.

    We have more than fifteen years of experience protecting sensitive HIPAA data (PHI and PII).


  • Safeguarding mission-critical business data, infrastructures, and systems—now and in the future.

    Alqimi combines forward thinking security risk management with a thorough understanding of business processes and requirements. Our Information Security Service (ISS) team has spearheaded the creation, certification, and accreditation of security products and systems for commercial and government clients in the United States and overseas.

    Under Alqimi management, there have been no security breaches in more than 9 years for our group of customers, including our military healthcare clients.

    We leverage industry best practices that use NIST and ITIL guidelines. We are experienced in complying with IC/NIST/OMB/FISMA rules and regulations. We are also experts in balancing security needs with budget constraints and evolving departmental compliance requirements. Alqimi can take care of your information security needs, so that you can focus on achieving your business objectives.

    We provide support for the entire information security lifecycle including:

    • Security Certification and Accreditation (C&A)
    • Secure system architecture, design, and implementation
    • COOP and disaster recovery
    • CISSP training
    • Identity and access management
    • Threat, vulnerability, impact, and risk assessment
    • Product evaluations
    • Verification and validation

    Our clients also have access to a wealth of specialized partners and providers who can support us in the design and implementation of end-to-end secure solutions.

  • Certified, reliable subject matter experts.

    From initial assessment to implementation, Alqimi's security specialists have solid experience delivering the full spectrum of security solutions. We adhere to industry best practices and use NIST and ITIL guidelines. Our staff is CISSP or government certified through our own training facility.

    We ensure the security of your business data and mission, keep you abreast of emerging technologies, and provide you with the information you need to formulate policies, designs, and implementation processes.


  • Providing network monitoring, event detection, and incident management services.

    Our clients have access to the industry's leading network monitoring and analysis tools, including NetWitness NextGen™ and InSight™.

    NetWitness NextGen™ enables you to record and analyze all data across the network to uncover critical issues such as potential insider threats, data leakage, covert activities/channels, compromised hosts, and malware activities. It also gives you the ability to generate in-depth policy and regulatory compliance reports.

    NetWitness InSight™ simplifies information risk management by combining data discovery, configuration, and vulnerability assessment in a single, easy-to-use solution. It helps users obtain reliable risk metrics that contain the locations of sensitive, regulated, and proprietary information—and the level of exposure of that data.

    We also have extensive experience with intrusion prevention systems (IPSs) and intrusion detection systems (IDSs).

  • A more affordable and productive way to manage and measuring C&A activities.

    Alqimi helps clients standardize and automate the C&A process. This results in substantial time savings, reduced costs, and streamlined reporting. We provide complete and reliable assessments regarding vulnerabilities and the risk of operating your data systems. Our clients rely on us for detailed documentation and result reports, prepared in accordance with applicable standards and best practices,  to make informed decisions.

    Proven processes ensure compliance with government and industry standards, such as DIACAP, DCID 6/3, ICD 503, CNSS 1253, NIST, FDCC/SCAP, FISMA reporting, HIPAA, Sarbanes-Oxley, GLBA, COBIT, and ISO 27002 (formerly ISO 17799). Our C&A deliverables include:

    • System Security Plan (SSP)
    • Security Requirements Traceability Matrix (SRTM)
    • Security Concept of Operations (CONOPS)
    • Plan of Action and Milestones (POA&M)
    • Configuration Management Plan
    • Optional Contingency/Disaster Recovery Plan
    • User and Privileged User Guides
    • Trusted Facilities Manual (TFM)
    • Interconnection Security Agreement
    • Certification Test Procedures (CTP)
  • A 'quick look' risk assessment of your networking and operating environments.

    Our low-cost, high-impact Health Check assesses your company's "people, process, and technologies" paradigm. The resulting report identifies security gaps and provides you with a detailed roadmap to correct and mitigate risks, including priority recommendations and a process to track resolution and measure ROI in security measures. To help you plan future efforts, we also include a high-level security plan along with cost and resource estimates for implementing improvements.

    The Health Check service offering consists of the following three phases:

    • Phase I: Baseline Network Security Assessment
    • Phase II: Operational Security Assessment
    • Phase III: Security Planning
  • Evaluating your system's managerial, operational, and technical security safeguards.

    Alqimi is experienced in performing penetration testing as an objective third party, whether as a requirement of a Security Test and Evaluation (ST&E) or as a result of other business and security concerns. Following best practices and NIST SP 800-42 guidelines, we have helped government and commercial clients identify security risks through controlled network and system attack simulations.

    Using their deep knowledge and a wide range of specialized tools (some of which may not be known to your system administrator), our security experts probe your systems externally and internally. At the conclusion of testing, our clients receive a comprehensive report of processes used and weaknesses found including a list of recommendations to counteract vulnerabilities.